openSUSE Security Announce
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
December 2023
- 3 participants
- 79 discussions
openSUSE-SU-2023:0424-1: moderate: Security update for deepin-compressor
by opensuse-security@opensuse.org 30 Dec '23
by opensuse-security@opensuse.org 30 Dec '23
30 Dec '23
openSUSE Security Update: Security update for deepin-compressor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0424-1
Rating: moderate
References: #1218428
Cross-References: CVE-2023-50255
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for deepin-compressor fixes the following issues:
- CVE-2023-50255: Fix Zip Path Traversal (boo#1218428)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-424=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
deepin-compressor-5.12.2-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
deepin-compressor-lang-5.12.2-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-50255.html
https://bugzilla.suse.com/1218428
1
0
openSUSE-SU-2023:0421-1: important: Security update for proftpd
by opensuse-security@opensuse.org 30 Dec '23
by opensuse-security@opensuse.org 30 Dec '23
30 Dec '23
openSUSE Security Update: Security update for proftpd
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0421-1
Rating: important
References:
Cross-References: CVE-2023-48795
CVSS scores:
CVE-2023-48795 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for proftpd fixes the following issues:
Update to version 1.3.8a
* Implemented mitigations for "Terrapin" SSH attack (CVE-2023-48795).
* http://proftpd.org/docs/NEWS-1.3.8b
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-421=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-421=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
proftpd-1.3.8b-bp155.2.3.1
proftpd-debuginfo-1.3.8b-bp155.2.3.1
proftpd-debugsource-1.3.8b-bp155.2.3.1
proftpd-devel-1.3.8b-bp155.2.3.1
proftpd-doc-1.3.8b-bp155.2.3.1
proftpd-ldap-1.3.8b-bp155.2.3.1
proftpd-ldap-debuginfo-1.3.8b-bp155.2.3.1
proftpd-mysql-1.3.8b-bp155.2.3.1
proftpd-mysql-debuginfo-1.3.8b-bp155.2.3.1
proftpd-pgsql-1.3.8b-bp155.2.3.1
proftpd-pgsql-debuginfo-1.3.8b-bp155.2.3.1
proftpd-radius-1.3.8b-bp155.2.3.1
proftpd-radius-debuginfo-1.3.8b-bp155.2.3.1
proftpd-sqlite-1.3.8b-bp155.2.3.1
proftpd-sqlite-debuginfo-1.3.8b-bp155.2.3.1
- openSUSE Backports SLE-15-SP5 (noarch):
proftpd-lang-1.3.8b-bp155.2.3.1
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
proftpd-1.3.8b-bp154.3.12.1
proftpd-devel-1.3.8b-bp154.3.12.1
proftpd-doc-1.3.8b-bp154.3.12.1
proftpd-ldap-1.3.8b-bp154.3.12.1
proftpd-mysql-1.3.8b-bp154.3.12.1
proftpd-pgsql-1.3.8b-bp154.3.12.1
proftpd-radius-1.3.8b-bp154.3.12.1
proftpd-sqlite-1.3.8b-bp154.3.12.1
- openSUSE Backports SLE-15-SP4 (noarch):
proftpd-lang-1.3.8b-bp154.3.12.1
References:
https://www.suse.com/security/cve/CVE-2023-48795.html
1
0
openSUSE-SU-2023:0423-1: moderate: Security update for deepin-compressor
by opensuse-security@opensuse.org 30 Dec '23
by opensuse-security@opensuse.org 30 Dec '23
30 Dec '23
openSUSE Security Update: Security update for deepin-compressor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0423-1
Rating: moderate
References: #1218428
Cross-References: CVE-2023-50255
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for deepin-compressor fixes the following issues:
- CVE-2023-50255: Fix Zip Path Traversal (boo#1218428)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-423=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):
deepin-compressor-5.12.13-bp155.2.3.1
- openSUSE Backports SLE-15-SP5 (noarch):
deepin-compressor-lang-5.12.13-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-50255.html
https://bugzilla.suse.com/1218428
1
0
28 Dec '23
# Security update for gnutls
Announcement ID: SUSE-SU-2023:4983-1
Rating: moderate
References:
* bsc#1217277
Cross-References:
* CVE-2023-5981
CVSS scores:
* CVE-2023-5981 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-5981 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for gnutls fixes the following issues:
* CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange
(bsc#1217277).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4983=1 SUSE-2023-4983=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4983=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4983=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4983=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4983=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4983=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4983=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4983=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgnutlsxx-devel-3.7.3-150400.4.38.1
* libgnutlsxx28-3.7.3-150400.4.38.1
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* gnutls-guile-debuginfo-3.7.3-150400.4.38.1
* gnutls-guile-3.7.3-150400.4.38.1
* libgnutls-devel-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* openSUSE Leap 15.4 (x86_64)
* libgnutls-devel-32bit-3.7.3-150400.4.38.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-32bit-3.7.3-150400.4.38.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.38.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgnutls30-64bit-3.7.3-150400.4.38.1
* libgnutls30-hmac-64bit-3.7.3-150400.4.38.1
* libgnutls-devel-64bit-3.7.3-150400.4.38.1
* libgnutls30-64bit-debuginfo-3.7.3-150400.4.38.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libgnutlsxx-devel-3.7.3-150400.4.38.1
* libgnutlsxx28-3.7.3-150400.4.38.1
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* gnutls-guile-debuginfo-3.7.3-150400.4.38.1
* gnutls-guile-3.7.3-150400.4.38.1
* libgnutls-devel-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* openSUSE Leap 15.5 (x86_64)
* libgnutls-devel-32bit-3.7.3-150400.4.38.1
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-32bit-3.7.3-150400.4.38.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.38.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgnutlsxx-devel-3.7.3-150400.4.38.1
* libgnutlsxx28-3.7.3-150400.4.38.1
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* libgnutls-devel-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* Basesystem Module 15-SP4 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-32bit-3.7.3-150400.4.38.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.38.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libgnutlsxx-devel-3.7.3-150400.4.38.1
* libgnutlsxx28-3.7.3-150400.4.38.1
* gnutls-debugsource-3.7.3-150400.4.38.1
* libgnutls30-hmac-3.7.3-150400.4.38.1
* libgnutlsxx28-debuginfo-3.7.3-150400.4.38.1
* gnutls-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-3.7.3-150400.4.38.1
* libgnutls-devel-3.7.3-150400.4.38.1
* gnutls-3.7.3-150400.4.38.1
* libgnutls30-debuginfo-3.7.3-150400.4.38.1
* Basesystem Module 15-SP5 (x86_64)
* libgnutls30-32bit-debuginfo-3.7.3-150400.4.38.1
* libgnutls30-32bit-3.7.3-150400.4.38.1
* libgnutls30-hmac-32bit-3.7.3-150400.4.38.1
## References:
* https://www.suse.com/security/cve/CVE-2023-5981.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217277
1
0
28 Dec '23
# Security update for python-pip
Announcement ID: SUSE-SU-2023:4988-1
Rating: low
References:
* bsc#1217353
Cross-References:
* CVE-2023-5752
CVSS scores:
* CVE-2023-5752 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-5752 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Python 3 Module 15-SP4
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python-pip fixes the following issues:
* CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial
parameter (bsc#1217353).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4988=1 openSUSE-SLE-15.4-2023-4988=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4988=1
* Python 3 Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4988=1
* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4988=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* python311-pip-22.3.1-150400.17.12.1
* openSUSE Leap 15.5 (noarch)
* python311-pip-22.3.1-150400.17.12.1
* Python 3 Module 15-SP4 (noarch)
* python311-pip-22.3.1-150400.17.12.1
* Python 3 Module 15-SP5 (noarch)
* python311-pip-22.3.1-150400.17.12.1
## References:
* https://www.suse.com/security/cve/CVE-2023-5752.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217353
1
0
28 Dec '23
# Security update for postfix
Announcement ID: SUSE-SU-2023:4981-1
Rating: important
References:
* bsc#1218304
* bsc#1218314
Cross-References:
* CVE-2023-51764
CVSS scores:
* CVE-2023-51764 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for postfix fixes the following issues:
* CVE-2023-51764: Fixed new SMTP smuggling attack (bsc#1218304).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4981=1 openSUSE-SLE-15.5-2023-4981=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4981=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4981=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4981=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* postfix-bdb-debugsource-3.7.3-150500.3.11.1
* postfix-debugsource-3.7.3-150500.3.11.1
* postfix-3.7.3-150500.3.11.1
* postfix-debuginfo-3.7.3-150500.3.11.1
* postfix-ldap-debuginfo-3.7.3-150500.3.11.1
* postfix-postgresql-3.7.3-150500.3.11.1
* postfix-bdb-debuginfo-3.7.3-150500.3.11.1
* postfix-ldap-3.7.3-150500.3.11.1
* postfix-postgresql-debuginfo-3.7.3-150500.3.11.1
* postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.11.1
* postfix-bdb-3.7.3-150500.3.11.1
* postfix-bdb-lmdb-3.7.3-150500.3.11.1
* postfix-devel-3.7.3-150500.3.11.1
* postfix-mysql-3.7.3-150500.3.11.1
* postfix-mysql-debuginfo-3.7.3-150500.3.11.1
* openSUSE Leap 15.5 (noarch)
* postfix-doc-3.7.3-150500.3.11.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* postfix-debugsource-3.7.3-150500.3.11.1
* postfix-3.7.3-150500.3.11.1
* postfix-debuginfo-3.7.3-150500.3.11.1
* postfix-ldap-debuginfo-3.7.3-150500.3.11.1
* postfix-ldap-3.7.3-150500.3.11.1
* postfix-devel-3.7.3-150500.3.11.1
* Basesystem Module 15-SP5 (noarch)
* postfix-doc-3.7.3-150500.3.11.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* postfix-bdb-debugsource-3.7.3-150500.3.11.1
* postfix-bdb-debuginfo-3.7.3-150500.3.11.1
* postfix-bdb-lmdb-debuginfo-3.7.3-150500.3.11.1
* postfix-bdb-3.7.3-150500.3.11.1
* postfix-bdb-lmdb-3.7.3-150500.3.11.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* postfix-debuginfo-3.7.3-150500.3.11.1
* postfix-debugsource-3.7.3-150500.3.11.1
* postfix-mysql-3.7.3-150500.3.11.1
* postfix-mysql-debuginfo-3.7.3-150500.3.11.1
## References:
* https://www.suse.com/security/cve/CVE-2023-51764.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218304
* https://bugzilla.suse.com/show_bug.cgi?id=1218314
1
0
openSUSE-SU-2023:0418-1: important: Security update for zabbix
by opensuse-security@opensuse.org 28 Dec '23
by opensuse-security@opensuse.org 28 Dec '23
28 Dec '23
openSUSE Security Update: Security update for zabbix
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0418-1
Rating: important
References: #1218199
Cross-References: CVE-2023-32727
CVSS scores:
CVE-2023-32727 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32727 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for zabbix fixes the following issues:
Updated to latest release 4.0.50:
- CVE-2023-32727: Fixed potential arbitrary code execution in icmpping
(boo#1218199)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-418=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
zabbix-agent-4.0.50-bp155.3.9.1
zabbix-java-gateway-4.0.50-bp155.3.9.1
zabbix-phpfrontend-4.0.50-bp155.3.9.1
zabbix-proxy-4.0.50-bp155.3.9.1
zabbix-proxy-mysql-4.0.50-bp155.3.9.1
zabbix-proxy-postgresql-4.0.50-bp155.3.9.1
zabbix-proxy-sqlite-4.0.50-bp155.3.9.1
zabbix-server-4.0.50-bp155.3.9.1
zabbix-server-mysql-4.0.50-bp155.3.9.1
zabbix-server-postgresql-4.0.50-bp155.3.9.1
References:
https://www.suse.com/security/cve/CVE-2023-32727.html
https://bugzilla.suse.com/1218199
1
0
openSUSE-SU-2023:0419-1: important: Security update for zabbix
by opensuse-security@opensuse.org 28 Dec '23
by opensuse-security@opensuse.org 28 Dec '23
28 Dec '23
openSUSE Security Update: Security update for zabbix
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0419-1
Rating: important
References: #1218199
Cross-References: CVE-2023-32727
CVSS scores:
CVE-2023-32727 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-32727 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for zabbix fixes the following issues:
Updated to latest release 4.0.50:
- CVE-2023-32727: Fixed potential arbitrary code execution in icmpping
(boo#1218199)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-419=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
zabbix-agent-4.0.50-bp154.2.9.1
zabbix-java-gateway-4.0.50-bp154.2.9.1
zabbix-phpfrontend-4.0.50-bp154.2.9.1
zabbix-proxy-4.0.50-bp154.2.9.1
zabbix-proxy-mysql-4.0.50-bp154.2.9.1
zabbix-proxy-postgresql-4.0.50-bp154.2.9.1
zabbix-proxy-sqlite-4.0.50-bp154.2.9.1
zabbix-server-4.0.50-bp154.2.9.1
zabbix-server-mysql-4.0.50-bp154.2.9.1
zabbix-server-postgresql-4.0.50-bp154.2.9.1
References:
https://www.suse.com/security/cve/CVE-2023-32727.html
https://bugzilla.suse.com/1218199
1
0
SUSE-SU-2023:4974-1: moderate: Security update for distribution
by OPENSUSE-SECURITY-UPDATES 26 Dec '23
by OPENSUSE-SECURITY-UPDATES 26 Dec '23
26 Dec '23
# Security update for distribution
Announcement ID: SUSE-SU-2023:4974-1
Rating: moderate
References:
* bsc#1216491
Affected Products:
* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that has one security fix can now be installed.
## Description:
This update for distribution fixes the following issues:
distribution was updated to 2.8.3 (bsc#1216491):
* Pass `BUILDTAGS` argument to `go build`
* Enable Go build tags
* `reference`: replace deprecated function `SplitHostname`
* Dont parse errors as JSON unless Content-Type is set to JSON
* update to go 1.20.8
* Set `Content-Type` header in registry client `ReadFrom`
* deprecate reference package, migrate to github.com/distribution/reference
* `digestset`: deprecate package in favor of `go-digest/digestset`
* Do not close HTTP request body in HTTP handler
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4974=1 SUSE-2023-4974=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4974=1
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4974=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4974=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* distribution-registry-2.8.3-150400.9.24.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.24.1
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.24.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* distribution-registry-2.8.3-150400.9.24.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1216491
1
0
openSUSE-SU-2023:0413-1: moderate: Security update for cppcheck
by opensuse-security@opensuse.org 24 Dec '23
by opensuse-security@opensuse.org 24 Dec '23
24 Dec '23
openSUSE Security Update: Security update for cppcheck
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0413-1
Rating: moderate
References: #1215233
Cross-References: CVE-2023-39070
CVSS scores:
CVE-2023-39070 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cppcheck fixes the following issues:
- CVE-2023-39070: Fixed heap use-after-free in removeContradiction()
(boo#1215233)
- update to 2.12.1:
* Support importing projects with project-name
- update to 2.12.0:
* uselessOverride finds overriding functions that either duplicate code
from or delegate back to the base class implementation
* knownPointerToBool finds pointer to bool conversions that are always
true or false
* truncLongCastAssignment and truncLongCastReturn check additional
types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling library
functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report in a
file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be removed in a
future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions in the
loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even when
conditionals are used
* ValueFlow will now forward the container sizes being returned from a
function
* ValueFlow can infer possible values from possible symbolic values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls how much
checking is made by Cppcheck. The default checking level is "normal".
If you feel that you can wait longer on results you can use
--check-level=exhaustive.
* It is no longer necessary to run "--check-config" to get detailed
"missingInclude" and "missingIncludeSystem" messages. They will always
be issued in the regular analysis if "missingInclude" is enabled.
* "missingInclude" and "missingIncludeSystem" are reported with "-j" is
> 1 and processes are used in the backend (default in non-Windows
binaries)
* "missingInclude" and "missingIncludeSystem" will now cause the
"--error-exitcode" to be applied
* "--enable=information" will no longer implicitly enable
"missingInclude" starting with 2.16. Please enable it explicitly if
you require it.
* The `constParameter` and `constVariable` checks have been split into 3
different IDs based on if the variable is a pointer, a reference, or
local. The different IDs will allow users to suppress different const
warning based on variable type.
* `constParameter`
* `constParameterReference`
* `constParameterPointer`
* `constVariable`
* `constVariableReference`
* `constVariablePointer`
* More command-line parameters will now check if the given integer
argument is actually valid. Several other internal string-to-integer
conversions will now be error checked.
* scanning projects (with -j1) will now defer the analysis of markup
files until the whole code was processed
- update to 2.10.3:
* SymbolDatabase: Fix handling of function pointer arguments
- update to 2.10.2:
* GUI: Set proper title for compliance report dialog
* GUI: Generate compliance report
* Tokenizer: tweaked simplification of function pointers
* fix whole program analysis
* Import Project: Fix problem with define value with space
* Fix execution of executable addons from GUI
* fix for windows installer, no other changes
* Fixes when importing AST from clang
* comments can be added at end of suppression in suppressions file is
similar to GCC. If you want to get warnings in the old
* Added Cppcheck annotations cppcheck_low(VALUE) and
* Added API01-C: Avoid laying out strings in memory directly
* Duplicate expression for condition and assignment: if (x==3) x=3;
* Patch was submitted (https://github.com/danmar/cppcheck/pull/1554) and
accepted so this change should be reverted and replaced with a CMake
compile definition
- Multifile checking for buffer overruns and uninitialized
- A bunch of additions to several Libraries, especially
* Additionally, lots of false positives and bugs have been fixed and
several existing checks have been improved.
- Library files have now a 'format' attribute. Format version
- Cppcheck does no longer abort checking if unhandled
- Detect shift by too many bits, signed integer overflow and
- Dead pointer usage when pointer alias local variable that
- Improved AST creation (support placement new, C++-style
- Support GCC extension __attriute__((used)) and MSVC
- Better support for static member variables, inherited
- Improved typedef support where multiple variables are
- Avoid checking code multiple times by calculating a checksum.
- HTML report: display 'verbose' message using clickable
* Additionally, lots of false positives and bugs have been fixed
- Returning references to literals or references to calculation
- Enhanced support for commutative operators in duplicate
- Definition of minsize for buffer arguments in .cfg files
- Fixed handling of #error: Do not report them if -f and -D
- Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList
- Cppcheck requires a C++11 compiler supporting the common subset of
features supported by GCC 4.4, Visual Studio 2010
- Much improved support of complex combinations of function
- More robust error detection in several checks due to usage
- Allocation/Deallocation functions can be extend across
- Better handling of some C++11 language features like enum
- Check for unhandled exceptions when exception specifiers
* Additionally, a large number of false positives and crashs has been
fixed.
- New option to enable warnings but not style messages:
- Cppcheck used to skip includes where the header filename is enclosed
in <>. You can now include these headers also by using -I.
- New POSIX checks: pipe() buffer size, redundant calls of set/get user
id, too big value passed to usleep(), buffer
- Storing getc() return value in char variable and comparing
- Portability check that warns when using NULL as argument to variadic
function. It has undefined behaviour on some
- Improved checking for uninitialized struct members,
- Added --include to the cppcheck command line client. This forces
inclusion of the given file. This can for instance be used
- The threads handling has been improved. Using -jN now works in
- NULL pointers: Improved checking of default function argument values.
- full change log http://raw.github.com/danmar/cppcheck/master/Changelog
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-413=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):
cppcheck-2.12.1-bp155.2.3.1
cppcheck-gui-2.12.1-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-39070.html
https://bugzilla.suse.com/1215233
1
0
22 Dec '23
# Security update for ppp
Announcement ID: SUSE-SU-2023:4965-1
Rating: moderate
References:
* bsc#1218251
Cross-References:
* CVE-2022-4603
CVSS scores:
* CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for ppp fixes the following issues:
* CVE-2022-4603: Fixed improper validation of array index of the component
pppdump (bsc#1218251).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4965=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4965=1
* SUSE Linux Enterprise Real Time 15 SP4
zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4965=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4965=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4965=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4965=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4965=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1
## Package List:
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* ppp-devel-2.4.7-150000.5.13.1
* SUSE Linux Enterprise Real Time 15 SP4 (x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* ppp-devel-2.4.7-150000.5.13.1
* openSUSE Leap Micro 5.3 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* ppp-devel-2.4.7-150000.5.13.1
* openSUSE Leap 15.4 (noarch)
* ppp-modem-2.4.7-150000.5.13.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* ppp-devel-2.4.7-150000.5.13.1
* openSUSE Leap 15.5 (noarch)
* ppp-modem-2.4.7-150000.5.13.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* ppp-debuginfo-2.4.7-150000.5.13.1
* ppp-debugsource-2.4.7-150000.5.13.1
* ppp-2.4.7-150000.5.13.1
## References:
* https://www.suse.com/security/cve/CVE-2022-4603.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218251
1
0
22 Dec '23
# Security update for tinyxml
Announcement ID: SUSE-SU-2023:4958-1
Rating: moderate
References:
* bsc#1218040
Cross-References:
* CVE-2023-34194
CVSS scores:
* CVE-2023-34194 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-34194 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for tinyxml fixes the following issues:
* CVE-2023-34194: Fixed reachable assertion may lead to denial of service
(bsc#1218040).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4958=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4958=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4958=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libtinyxml0-2.6.2-150000.3.6.1
* libtinyxml0-debuginfo-2.6.2-150000.3.6.1
* tinyxml-devel-2.6.2-150000.3.6.1
* tinyxml-debugsource-2.6.2-150000.3.6.1
* tinyxml-docs-2.6.2-150000.3.6.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* libtinyxml0-2.6.2-150000.3.6.1
* libtinyxml0-debuginfo-2.6.2-150000.3.6.1
* tinyxml-devel-2.6.2-150000.3.6.1
* tinyxml-debugsource-2.6.2-150000.3.6.1
* tinyxml-docs-2.6.2-150000.3.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libtinyxml0-2.6.2-150000.3.6.1
* libtinyxml0-debuginfo-2.6.2-150000.3.6.1
* tinyxml-devel-2.6.2-150000.3.6.1
* tinyxml-debugsource-2.6.2-150000.3.6.1
* tinyxml-docs-2.6.2-150000.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-34194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218040
1
0
SUSE-SU-2023:4949-1: important: Security update for xorg-x11-server
by OPENSUSE-SECURITY-UPDATES 22 Dec '23
by OPENSUSE-SECURITY-UPDATES 22 Dec '23
22 Dec '23
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2023:4949-1
Rating: important
References:
* bsc#1217765
Cross-References:
* CVE-2023-6377
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6377 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues:
* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4949=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4949=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4949=1 openSUSE-SLE-15.4-2023-4949=1
## Package List:
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-1.20.3-150400.38.35.1
* xorg-x11-server-extra-1.20.3-150400.38.35.1
* xorg-x11-server-debugsource-1.20.3-150400.38.35.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.35.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.35.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-sdk-1.20.3-150400.38.35.1
* xorg-x11-server-debugsource-1.20.3-150400.38.35.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.35.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-1.20.3-150400.38.35.1
* xorg-x11-server-extra-1.20.3-150400.38.35.1
* xorg-x11-server-debugsource-1.20.3-150400.38.35.1
* xorg-x11-server-sdk-1.20.3-150400.38.35.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.35.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.35.1
* xorg-x11-server-source-1.20.3-150400.38.35.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
1
0
SUSE-SU-2023:4957-1: moderate: Security update for libcryptopp
by OPENSUSE-SECURITY-UPDATES 21 Dec '23
by OPENSUSE-SECURITY-UPDATES 21 Dec '23
21 Dec '23
# Security update for libcryptopp
Announcement ID: SUSE-SU-2023:4957-1
Rating: moderate
References:
* bsc#1218219
Cross-References:
* CVE-2023-50980
CVSS scores:
* CVE-2023-50980 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
An update that solves one vulnerability can now be installed.
## Description:
This update for libcryptopp fixes the following issues:
* CVE-2023-50980: Fixed DoS via malformed DER public key file (bsc#1218219).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4957=1
## Package List:
* openSUSE Leap 15.4 (x86_64)
* libcryptopp5_6_5-32bit-debuginfo-5.6.5-150000.1.9.1
* libcryptopp5_6_5-32bit-5.6.5-150000.1.9.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libcryptopp5_6_5-debuginfo-5.6.5-150000.1.9.1
* libcryptopp5_6_5-5.6.5-150000.1.9.1
## References:
* https://www.suse.com/security/cve/CVE-2023-50980.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218219
1
0
SUSE-SU-2023:4951-1: moderate: Security update for libqt5-qtbase
by OPENSUSE-SECURITY-UPDATES 21 Dec '23
by OPENSUSE-SECURITY-UPDATES 21 Dec '23
21 Dec '23
# Security update for libqt5-qtbase
Announcement ID: SUSE-SU-2023:4951-1
Rating: moderate
References:
* bsc#1214327
* jsc#PED-6193
Cross-References:
* CVE-2023-37369
CVSS scores:
* CVE-2023-37369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-37369 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability and contains one feature can now be
installed.
## Description:
This update for libqt5-qtbase fixes the following issues:
* CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327).
* libq5-qtbase was rebuild against icu 73. jsc#PED-6193
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4951=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4951=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4951=1 openSUSE-SLE-15.5-2023-4951=1
## Package List:
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libQt5Widgets5-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent-devel-5.15.8+kde185-150500.4.13.1
* libQt5Network-devel-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.13.1
* libQt5PlatformSupport-devel-static-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5PlatformHeaders-devel-5.15.8+kde185-150500.4.13.1
* libQt5Core5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Gui-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Xml-devel-5.15.8+kde185-150500.4.13.1
* libQt5Test5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Core-devel-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-common-devel-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-5.15.8+kde185-150500.4.13.1
* libQt5Sql-devel-5.15.8+kde185-150500.4.13.1
* libQt5KmsSupport-devel-static-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Network5-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-5.15.8+kde185-150500.4.13.1
* libQt5Network5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-5.15.8+kde185-150500.4.13.1
* libQt5Widgets5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Widgets-devel-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-5.15.8+kde185-150500.4.13.1
* libQt5Test5-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport-devel-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-5.15.8+kde185-150500.4.13.1
* libQt5Test-devel-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-devel-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL-devel-5.15.8+kde185-150500.4.13.1
* libQt5Core5-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-common-devel-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-debuginfo-5.15.8+kde185-150500.4.13.1
* Basesystem Module 15-SP5 (noarch)
* libQt5Test-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5KmsSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Widgets-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5PlatformSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Core-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Gui-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Network-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5DBus-private-headers-devel-5.15.8+kde185-150500.4.13.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libQt5Sql5-unixODBC-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-platformtheme-gtk3-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.13.1
* openSUSE Leap 15.5 (x86_64)
* libQt5OpenGL5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Widgets5-32bit-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-examples-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Xml-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Test5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Core5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Network-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Core5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Widgets-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Core-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-examples-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Widgets5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-32bit-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Network5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Bootstrap-devel-static-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Test-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Gui-devel-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Test5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-32bit-5.15.8+kde185-150500.4.13.1
* libQt5OpenGLExtensions-devel-static-32bit-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-32bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Network5-32bit-5.15.8+kde185-150500.4.13.1
* libQt5PlatformSupport-devel-static-32bit-5.15.8+kde185-150500.4.13.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libQt5Widgets5-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-5.15.8+kde185-150500.4.13.1
* libQt5Network-devel-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-debugsource-5.15.8+kde185-150500.4.13.1
* libQt5PlatformSupport-devel-static-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5PlatformHeaders-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-5.15.8+kde185-150500.4.13.1
* libQt5Core5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-5.15.8+kde185-150500.4.13.1
* libQt5Bootstrap-devel-static-5.15.8+kde185-150500.4.13.1
* libQt5Gui-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Xml-devel-5.15.8+kde185-150500.4.13.1
* libQt5Test5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.4.13.1
* libQt5Core-devel-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-common-devel-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-5.15.8+kde185-150500.4.13.1
* libQt5Sql-devel-5.15.8+kde185-150500.4.13.1
* libQt5KmsSupport-devel-static-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Network5-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-5.15.8+kde185-150500.4.13.1
* libQt5Network5-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-platformtheme-gtk3-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-5.15.8+kde185-150500.4.13.1
* libQt5Widgets5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Widgets-devel-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-examples-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Test5-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-platformtheme-xdgdesktopportal-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport-devel-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-5.15.8+kde185-150500.4.13.1
* libQt5Test-devel-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-devel-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL-devel-5.15.8+kde185-150500.4.13.1
* libQt5Core5-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-common-devel-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-platformtheme-gtk3-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-examples-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-debuginfo-5.15.8+kde185-150500.4.13.1
* openSUSE Leap 15.5 (noarch)
* libQt5Test-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5KmsSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Widgets-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Sql-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5PlatformSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Core-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Gui-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5Network-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL-private-headers-devel-5.15.8+kde185-150500.4.13.1
* libQt5DBus-private-headers-devel-5.15.8+kde185-150500.4.13.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libQt5Xml-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5DBus-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Bootstrap-devel-static-64bit-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Widgets5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-mysql-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-sqlite-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Gui-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5PlatformSupport-devel-static-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Xml5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Network5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-unixODBC-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Core5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5OpenGLExtensions-devel-static-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Test5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Widgets5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5DBus5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5PrintSupport5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Sql-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Gui5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Concurrent5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Core-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Test5-64bit-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-examples-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libqt5-qtbase-examples-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Widgets-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Test-devel-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Network5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5OpenGL5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Sql5-postgresql-64bit-debuginfo-5.15.8+kde185-150500.4.13.1
* libQt5Core5-64bit-5.15.8+kde185-150500.4.13.1
* libQt5Network-devel-64bit-5.15.8+kde185-150500.4.13.1
## References:
* https://www.suse.com/security/cve/CVE-2023-37369.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214327
* https://jira.suse.com/browse/PED-6193
1
0
SUSE-SU-2023:4943-1: important: Security update for gstreamer-plugins-bad
by OPENSUSE-SECURITY-UPDATES 21 Dec '23
by OPENSUSE-SECURITY-UPDATES 21 Dec '23
21 Dec '23
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2023:4943-1
Rating: important
References:
* bsc#1215792
* bsc#1217213
Cross-References:
* CVE-2023-40475
* CVE-2023-44446
CVSS scores:
* CVE-2023-40475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-44446 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues:
* CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow
(bsc#1215792).
* CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free
(bsc#1217213).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4943=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4943=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4943=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4943=1
## Package List:
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libgstwayland-1_0-0-1.22.0-150500.3.17.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-1.22.0-150500.3.17.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstva-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-1.22.0-150500.3.17.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-1.22.0-150500.3.17.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.17.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.17.1
* Desktop Applications Module 15-SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.17.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.17.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.17.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libgstwayland-1_0-0-1.22.0-150500.3.17.1
* typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.17.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-1.22.0-150500.3.17.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.17.1
* gstreamer-transcoder-devel-1.22.0-150500.3.17.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.17.1
* typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstva-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.17.1
* gstreamer-transcoder-1.22.0-150500.3.17.1
* gstreamer-transcoder-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.17.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.17.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.17.1
* libgstplay-1_0-0-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-1.22.0-150500.3.17.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-1.22.0-150500.3.17.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.17.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.17.1
* openSUSE Leap 15.5 (x86_64)
* libgstcodecs-1_0-0-32bit-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstwayland-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstva-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-32bit-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstplay-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-32bit-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-32bit-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-32bit-1.22.0-150500.3.17.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.17.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstplay-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstwayland-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstva-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-64bit-1.22.0-150500.3.17.1
* libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.17.1
* libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstmpegts-1_0-0-64bit-1.22.0-150500.3.17.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.17.1
* libgstsctp-1_0-0-64bit-1.22.0-150500.3.17.1
* libgstisoff-1_0-0-64bit-1.22.0-150500.3.17.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstplay-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.17.1
* libgstphotography-1_0-0-1.22.0-150500.3.17.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-1.22.0-150500.3.17.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.17.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40475.html
* https://www.suse.com/security/cve/CVE-2023-44446.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215792
* https://bugzilla.suse.com/show_bug.cgi?id=1217213
1
0
SUSE-SU-2023:4933-1: important: Security update for xwayland
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for xwayland
Announcement ID: SUSE-SU-2023:4933-1
Rating: important
References:
* bsc#1217765
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that has one security fix can now be installed.
## Description:
This update for xwayland fixes the following issues:
* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4933=1 openSUSE-SLE-15.5-2023-4933=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4933=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debugsource-22.1.5-150500.7.11.1
* xwayland-devel-22.1.5-150500.7.11.1
* xwayland-debuginfo-22.1.5-150500.7.11.1
* xwayland-22.1.5-150500.7.11.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* xwayland-debugsource-22.1.5-150500.7.11.1
* xwayland-debuginfo-22.1.5-150500.7.11.1
* xwayland-22.1.5-150500.7.11.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
1
0
SUSE-SU-2023:4934-1: important: Security update for xorg-x11-server
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2023:4934-1
Rating: important
References:
* bsc#1217765
Cross-References:
* CVE-2023-6377
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues:
* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4934=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4934=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4934=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4934=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4934=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4934=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4934=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4934=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4934=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4934=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4934=1
## Package List:
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-wayland-1.20.3-150200.22.5.85.1
* xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-wayland-1.20.3-150200.22.5.85.1
* xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.85.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-wayland-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-extra-1.20.3-150200.22.5.85.1
* xorg-x11-server-1.20.3-150200.22.5.85.1
* xorg-x11-server-debugsource-1.20.3-150200.22.5.85.1
* xorg-x11-server-debuginfo-1.20.3-150200.22.5.85.1
* xorg-x11-server-sdk-1.20.3-150200.22.5.85.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
1
0
SUSE-SU-2023:4938-1: moderate: Security update for wireshark
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for wireshark
Announcement ID: SUSE-SU-2023:4938-1
Rating: moderate
References:
* bsc#1217272
Cross-References:
* CVE-2023-6175
CVSS scores:
* CVE-2023-6175 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP4
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for wireshark fixes the following issues:
Update to 3.6.19:
* CVE-2023-6175: NetScreen file parser crash (bsc#1217272).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4938=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4938=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4938=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4938=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4938=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4938=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* wireshark-debugsource-3.6.19-150000.3.106.1
* libwsutil13-debuginfo-3.6.19-150000.3.106.1
* libwsutil13-3.6.19-150000.3.106.1
* libwiretap12-3.6.19-150000.3.106.1
* libwiretap12-debuginfo-3.6.19-150000.3.106.1
* libwireshark15-3.6.19-150000.3.106.1
* wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1
* wireshark-3.6.19-150000.3.106.1
* wireshark-debuginfo-3.6.19-150000.3.106.1
* wireshark-devel-3.6.19-150000.3.106.1
* libwireshark15-debuginfo-3.6.19-150000.3.106.1
* wireshark-ui-qt-3.6.19-150000.3.106.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* wireshark-debugsource-3.6.19-150000.3.106.1
* libwsutil13-debuginfo-3.6.19-150000.3.106.1
* libwsutil13-3.6.19-150000.3.106.1
* libwiretap12-3.6.19-150000.3.106.1
* libwiretap12-debuginfo-3.6.19-150000.3.106.1
* libwireshark15-3.6.19-150000.3.106.1
* wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1
* wireshark-3.6.19-150000.3.106.1
* wireshark-debuginfo-3.6.19-150000.3.106.1
* wireshark-devel-3.6.19-150000.3.106.1
* libwireshark15-debuginfo-3.6.19-150000.3.106.1
* wireshark-ui-qt-3.6.19-150000.3.106.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* wireshark-debugsource-3.6.19-150000.3.106.1
* libwsutil13-debuginfo-3.6.19-150000.3.106.1
* libwsutil13-3.6.19-150000.3.106.1
* libwiretap12-3.6.19-150000.3.106.1
* libwiretap12-debuginfo-3.6.19-150000.3.106.1
* libwireshark15-3.6.19-150000.3.106.1
* wireshark-3.6.19-150000.3.106.1
* wireshark-debuginfo-3.6.19-150000.3.106.1
* libwireshark15-debuginfo-3.6.19-150000.3.106.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* wireshark-debugsource-3.6.19-150000.3.106.1
* libwsutil13-debuginfo-3.6.19-150000.3.106.1
* libwsutil13-3.6.19-150000.3.106.1
* libwiretap12-3.6.19-150000.3.106.1
* libwiretap12-debuginfo-3.6.19-150000.3.106.1
* libwireshark15-3.6.19-150000.3.106.1
* wireshark-3.6.19-150000.3.106.1
* wireshark-debuginfo-3.6.19-150000.3.106.1
* libwireshark15-debuginfo-3.6.19-150000.3.106.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* wireshark-debugsource-3.6.19-150000.3.106.1
* wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1
* wireshark-debuginfo-3.6.19-150000.3.106.1
* wireshark-devel-3.6.19-150000.3.106.1
* wireshark-ui-qt-3.6.19-150000.3.106.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* wireshark-debugsource-3.6.19-150000.3.106.1
* wireshark-ui-qt-debuginfo-3.6.19-150000.3.106.1
* wireshark-debuginfo-3.6.19-150000.3.106.1
* wireshark-devel-3.6.19-150000.3.106.1
* wireshark-ui-qt-3.6.19-150000.3.106.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6175.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217272
1
0
SUSE-SU-2023:4939-1: moderate: Security update for rabbitmq-server
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for rabbitmq-server
Announcement ID: SUSE-SU-2023:4939-1
Rating: moderate
References:
* bsc#1216582
Cross-References:
* CVE-2023-46118
CVSS scores:
* CVE-2023-46118 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46118 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Server Applications Module 15-SP4
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for rabbitmq-server fixes the following issues:
* CVE-2023-46118: Introduce HTTP request body limit for definition uploads
(bsc#1216582).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4939=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4939=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4939=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4939=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4939=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* rabbitmq-server-3.8.11-150300.3.14.1
* erlang-rabbitmq-client-3.8.11-150300.3.14.1
* rabbitmq-server-plugins-3.8.11-150300.3.14.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server-3.8.11-150300.3.14.1
* erlang-rabbitmq-client-3.8.11-150300.3.14.1
* rabbitmq-server-plugins-3.8.11-150300.3.14.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server-3.8.11-150300.3.14.1
* erlang-rabbitmq-client-3.8.11-150300.3.14.1
* rabbitmq-server-plugins-3.8.11-150300.3.14.1
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server-3.8.11-150300.3.14.1
* erlang-rabbitmq-client-3.8.11-150300.3.14.1
* rabbitmq-server-plugins-3.8.11-150300.3.14.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* rabbitmq-server-3.8.11-150300.3.14.1
* erlang-rabbitmq-client-3.8.11-150300.3.14.1
* rabbitmq-server-plugins-3.8.11-150300.3.14.1
## References:
* https://www.suse.com/security/cve/CVE-2023-46118.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216582
1
0
openSUSE-SU-2023:0411-1: important: Security update for putty
by opensuse-security@opensuse.org 20 Dec '23
by opensuse-security@opensuse.org 20 Dec '23
20 Dec '23
openSUSE Security Update: Security update for putty
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0411-1
Rating: important
References: #1218128
Cross-References: CVE-2023-48795
CVSS scores:
CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for putty fixes the following issues:
putty is updated to release 0.80
* Fix CVE-2023-48795 [boo#1218128]
- Update to release 0.79
* Terminal mouse tracking: support for mouse movements which are not
drags, and support for horizontal scroll events (e.g. generated by
trackpads).
* Fixed: PuTTY could fail an assertion if a resize control sequence was
sent by the server while the window was docked to
one half of the screen in KDE.
* Fixed: PuTTY could fail an assertion if you tried to change the font
size while the window was maximised.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-411=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
putty-0.80-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-48795.html
https://bugzilla.suse.com/1218128
1
0
SUSE-SU-2023:4928-1: important: Security update for MozillaFirefox
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for MozillaFirefox
Announcement ID: SUSE-SU-2023:4928-1
Rating: important
References:
* bsc#1217230
* bsc#1217974
Cross-References:
* CVE-2023-6204
* CVE-2023-6205
* CVE-2023-6206
* CVE-2023-6207
* CVE-2023-6208
* CVE-2023-6209
* CVE-2023-6212
* CVE-2023-6856
* CVE-2023-6857
* CVE-2023-6858
* CVE-2023-6859
* CVE-2023-6860
* CVE-2023-6861
* CVE-2023-6862
* CVE-2023-6863
* CVE-2023-6864
* CVE-2023-6865
* CVE-2023-6867
CVSS scores:
* CVE-2023-6204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-6205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-6206 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2023-6207 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-6208 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-6209 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-6212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Desktop Applications Module 15-SP4
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 18 vulnerabilities can now be installed.
## Description:
This update for MozillaFirefox fixes the following issues:
* Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974).
* CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver (bmo#1843782).
* CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
(bmo#1796023).
* CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).
* CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).
* CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture
validation (bmo#1854669).
* CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode (bmo#1864118).
* CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).
* CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).
* CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
and Thunderbird 115.6.
* CVE-2023-6865: Potential exposure of uninitialized data in
EncryptingOutputStream (bmo#1864123).
* CVE-2023-6867: Clickjacking permission prompts using the popup transition
(bmo#1863863).
* Fixed: Various security fixes and other quality improvements MFSA 2023-50
(bsc#1217230)
* CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2
blitFramebuffer
* CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled
* CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the
fullscreen transition
* CVE-2023-6207 (bmo#1861344) Use-after-free in
ReadableByteStreamQueueEntry::Buffer
* CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11
primary selection.
* CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with
"///"
* CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072,
bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed
in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4928=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4928=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4928=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2023-4928=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4928=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4928=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4928=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4928=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4928=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4928=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4928=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4928=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2023-4928=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2023-4928=1
* SUSE Linux Enterprise Real Time 15 SP4
zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4928=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2023-4928=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4928=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4928=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Enterprise Storage 7.1 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-branding-upstream-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* openSUSE Leap 15.4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-branding-upstream-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* openSUSE Leap 15.5 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* Desktop Applications Module 15-SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* Desktop Applications Module 15-SP5 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Real Time 15 SP4 (x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Real Time 15 SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* MozillaFirefox-translations-common-115.6.0-150200.152.120.1
* MozillaFirefox-debugsource-115.6.0-150200.152.120.1
* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1
* MozillaFirefox-115.6.0-150200.152.120.1
* MozillaFirefox-translations-other-115.6.0-150200.152.120.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* MozillaFirefox-devel-115.6.0-150200.152.120.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6204.html
* https://www.suse.com/security/cve/CVE-2023-6205.html
* https://www.suse.com/security/cve/CVE-2023-6206.html
* https://www.suse.com/security/cve/CVE-2023-6207.html
* https://www.suse.com/security/cve/CVE-2023-6208.html
* https://www.suse.com/security/cve/CVE-2023-6209.html
* https://www.suse.com/security/cve/CVE-2023-6212.html
* https://www.suse.com/security/cve/CVE-2023-6856.html
* https://www.suse.com/security/cve/CVE-2023-6857.html
* https://www.suse.com/security/cve/CVE-2023-6858.html
* https://www.suse.com/security/cve/CVE-2023-6859.html
* https://www.suse.com/security/cve/CVE-2023-6860.html
* https://www.suse.com/security/cve/CVE-2023-6861.html
* https://www.suse.com/security/cve/CVE-2023-6862.html
* https://www.suse.com/security/cve/CVE-2023-6863.html
* https://www.suse.com/security/cve/CVE-2023-6864.html
* https://www.suse.com/security/cve/CVE-2023-6865.html
* https://www.suse.com/security/cve/CVE-2023-6867.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217230
* https://bugzilla.suse.com/show_bug.cgi?id=1217974
1
0
SUSE-SU-2023:4930-1: important: Security update for go1.20-openssl
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for go1.20-openssl
Announcement ID: SUSE-SU-2023:4930-1
Rating: important
References:
* bsc#1206346
* bsc#1216943
* bsc#1217833
* bsc#1217834
Cross-References:
* CVE-2023-39326
* CVE-2023-45284
* CVE-2023-45285
CVSS scores:
* CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves three vulnerabilities and has one security fix can now be
installed.
## Description:
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.12.1:
* CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme
(bsc#1217834).
* CVE-2023-45284: path/filepath: Clean removes ending slash for volume on
Windows in Go 1.21.4 (bsc#1216943).
* CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
* cmd/compile: internal compiler error: panic during prove while compiling:
unexpected induction with too many parents
* cmd/go: TestScript/mod_get_direct fails with "Filename too long" on Windows
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4930=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4930=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4930=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4930=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.20-openssl-race-1.20.12.1-150000.1.17.1
* go1.20-openssl-doc-1.20.12.1-150000.1.17.1
* go1.20-openssl-1.20.12.1-150000.1.17.1
* go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.20-openssl-race-1.20.12.1-150000.1.17.1
* go1.20-openssl-doc-1.20.12.1-150000.1.17.1
* go1.20-openssl-1.20.12.1-150000.1.17.1
* go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.20-openssl-race-1.20.12.1-150000.1.17.1
* go1.20-openssl-doc-1.20.12.1-150000.1.17.1
* go1.20-openssl-1.20.12.1-150000.1.17.1
* go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.20-openssl-race-1.20.12.1-150000.1.17.1
* go1.20-openssl-doc-1.20.12.1-150000.1.17.1
* go1.20-openssl-1.20.12.1-150000.1.17.1
* go1.20-openssl-debuginfo-1.20.12.1-150000.1.17.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39326.html
* https://www.suse.com/security/cve/CVE-2023-45284.html
* https://www.suse.com/security/cve/CVE-2023-45285.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206346
* https://bugzilla.suse.com/show_bug.cgi?id=1216943
* https://bugzilla.suse.com/show_bug.cgi?id=1217833
* https://bugzilla.suse.com/show_bug.cgi?id=1217834
1
0
SUSE-SU-2023:4931-1: important: Security update for go1.21-openssl
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for go1.21-openssl
Announcement ID: SUSE-SU-2023:4931-1
Rating: important
References:
* bsc#1212475
* bsc#1216943
* bsc#1217833
* bsc#1217834
Cross-References:
* CVE-2023-39326
* CVE-2023-45284
* CVE-2023-45285
CVSS scores:
* CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves three vulnerabilities and has one security fix can now be
installed.
## Description:
This update for go1.21-openssl fixes the following issues:
Update to version 1.21.5.1:
* CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme
(bsc#1217834).
* CVE-2023-45284: path/filepath: Clean removes ending slash for volume on
Windows in Go 1.21.4 (bsc#1216943).
* CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
* cmd/go: go mod download needs to support toolchain upgrades
* cmd/compile: invalid pointer found on stack when compiled with -race
* os: NTFS deduped file changed from regular to irregular
* net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux
kernel < 5.1
* cmd/compile: internal compiler error: panic during prove while compiling:
unexpected induction with too many parents
* syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
* runtime: self-deadlock on mheap_.lock
* crypto/rand: Legacy RtlGenRandom use on Windows
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4931=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4931=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4931=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4931=1
## Package List:
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-race-1.21.5.1-150000.1.8.1
* go1.21-openssl-1.21.5.1-150000.1.8.1
* go1.21-openssl-doc-1.21.5.1-150000.1.8.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-race-1.21.5.1-150000.1.8.1
* go1.21-openssl-1.21.5.1-150000.1.8.1
* go1.21-openssl-doc-1.21.5.1-150000.1.8.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-race-1.21.5.1-150000.1.8.1
* go1.21-openssl-1.21.5.1-150000.1.8.1
* go1.21-openssl-doc-1.21.5.1-150000.1.8.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-race-1.21.5.1-150000.1.8.1
* go1.21-openssl-1.21.5.1-150000.1.8.1
* go1.21-openssl-doc-1.21.5.1-150000.1.8.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39326.html
* https://www.suse.com/security/cve/CVE-2023-45284.html
* https://www.suse.com/security/cve/CVE-2023-45285.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212475
* https://bugzilla.suse.com/show_bug.cgi?id=1216943
* https://bugzilla.suse.com/show_bug.cgi?id=1217833
* https://bugzilla.suse.com/show_bug.cgi?id=1217834
1
0
SUSE-SU-2023:4932-1: important: Security update for libreoffice
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for libreoffice
Announcement ID: SUSE-SU-2023:4932-1
Rating: important
References:
* bsc#1217577
* bsc#1217578
Cross-References:
* CVE-2023-6185
* CVE-2023-6186
CVSS scores:
* CVE-2023-6185 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
* CVE-2023-6185 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6186 ( SUSE ): 8.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
* CVE-2023-6186 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for libreoffice fixes the following issues:
* CVE-2023-6186: Fixed link targets allow arbitrary script execution
(bsc#1217578).
* CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer
pipeline injection (bsc#1217577).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4932=1 openSUSE-SLE-15.4-2023-4932=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4932=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4932=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4932=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4932=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4932=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libreoffice-filters-optional-7.6.2.1-150400.17.20.1
* libreoffice-writer-extensions-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-7.6.2.1-150400.17.20.1
* libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-7.6.2.1-150400.17.20.1
* libreoffice-base-7.6.2.1-150400.17.20.1
* libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-mailmerge-7.6.2.1-150400.17.20.1
* libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-impress-7.6.2.1-150400.17.20.1
* libreoffice-sdk-doc-7.6.2.1-150400.17.20.1
* libreoffice-7.6.2.1-150400.17.20.1
* libreoffice-math-7.6.2.1-150400.17.20.1
* libreoffice-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-officebean-7.6.2.1-150400.17.20.1
* libreoffice-qt5-7.6.2.1-150400.17.20.1
* libreoffice-calc-7.6.2.1-150400.17.20.1
* libreofficekit-devel-7.6.2.1-150400.17.20.1
* libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-librelogo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-7.6.2.1-150400.17.20.1
* libreoffice-calc-extensions-7.6.2.1-150400.17.20.1
* libreoffice-debugsource-7.6.2.1-150400.17.20.1
* libreoffice-gnome-7.6.2.1-150400.17.20.1
* libreofficekit-7.6.2.1-150400.17.20.1
* libreoffice-draw-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-sdk-7.6.2.1-150400.17.20.1
* openSUSE Leap 15.4 (noarch)
* libreoffice-l10n-ar-7.6.2.1-150400.17.20.1
* libreoffice-branding-upstream-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-si-7.6.2.1-150400.17.20.1
* libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-am-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-km-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-rw-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sid-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1
* libreoffice-l10n-st-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-brx-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-af-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ml-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sq-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-id-7.6.2.1-150400.17.20.1
* libreoffice-l10n-oc-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ja-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ro-7.6.2.1-150400.17.20.1
* libreoffice-l10n-es-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ts-7.6.2.1-150400.17.20.1
* libreoffice-glade-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vec-7.6.2.1-150400.17.20.1
* libreoffice-icon-themes-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-th-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kok-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ta-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ka-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca-7.6.2.1-150400.17.20.1
* libreoffice-l10n-te-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ve-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-br-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-et-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sat-7.6.2.1-150400.17.20.1
* libreoffice-l10n-de-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ru-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-el-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-it-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ks-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-da-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fur-7.6.2.1-150400.17.20.1
* libreoffice-l10n-my-7.6.2.1-150400.17.20.1
* libreoffice-l10n-szl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-is-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-be-7.6.2.1-150400.17.20.1
* libreoffice-l10n-om-7.6.2.1-150400.17.20.1
* libreoffice-l10n-or-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mni-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nso-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mai-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ko-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ne-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-he-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kab-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ga-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ast-7.6.2.1-150400.17.20.1
* libreoffice-l10n-as-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ss-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-xh-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en-7.6.2.1-150400.17.20.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* libreoffice-filters-optional-7.6.2.1-150400.17.20.1
* libreoffice-writer-extensions-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-7.6.2.1-150400.17.20.1
* libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-7.6.2.1-150400.17.20.1
* libreoffice-base-7.6.2.1-150400.17.20.1
* libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-mailmerge-7.6.2.1-150400.17.20.1
* libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-impress-7.6.2.1-150400.17.20.1
* libreoffice-sdk-doc-7.6.2.1-150400.17.20.1
* libreoffice-7.6.2.1-150400.17.20.1
* libreoffice-math-7.6.2.1-150400.17.20.1
* libreoffice-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-officebean-7.6.2.1-150400.17.20.1
* libreoffice-qt5-7.6.2.1-150400.17.20.1
* libreoffice-calc-7.6.2.1-150400.17.20.1
* libreofficekit-devel-7.6.2.1-150400.17.20.1
* libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-librelogo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-7.6.2.1-150400.17.20.1
* libreoffice-calc-extensions-7.6.2.1-150400.17.20.1
* libreoffice-debugsource-7.6.2.1-150400.17.20.1
* libreoffice-gnome-7.6.2.1-150400.17.20.1
* libreofficekit-7.6.2.1-150400.17.20.1
* libreoffice-draw-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-sdk-7.6.2.1-150400.17.20.1
* openSUSE Leap 15.5 (noarch)
* libreoffice-l10n-ar-7.6.2.1-150400.17.20.1
* libreoffice-branding-upstream-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-si-7.6.2.1-150400.17.20.1
* libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-am-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-km-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-rw-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sid-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1
* libreoffice-l10n-st-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-brx-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-af-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ml-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sq-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-id-7.6.2.1-150400.17.20.1
* libreoffice-l10n-oc-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ja-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ro-7.6.2.1-150400.17.20.1
* libreoffice-l10n-es-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ts-7.6.2.1-150400.17.20.1
* libreoffice-glade-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vec-7.6.2.1-150400.17.20.1
* libreoffice-icon-themes-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-th-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kok-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ta-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ka-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca-7.6.2.1-150400.17.20.1
* libreoffice-l10n-te-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ve-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-br-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-et-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sat-7.6.2.1-150400.17.20.1
* libreoffice-l10n-de-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ru-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-el-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-it-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ks-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-da-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fur-7.6.2.1-150400.17.20.1
* libreoffice-l10n-my-7.6.2.1-150400.17.20.1
* libreoffice-l10n-szl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-is-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-be-7.6.2.1-150400.17.20.1
* libreoffice-l10n-om-7.6.2.1-150400.17.20.1
* libreoffice-l10n-or-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mni-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nso-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mai-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ko-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ne-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-he-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kab-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ga-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ast-7.6.2.1-150400.17.20.1
* libreoffice-l10n-as-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ss-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-xh-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en-7.6.2.1-150400.17.20.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le)
* libreoffice-filters-optional-7.6.2.1-150400.17.20.1
* libreoffice-writer-extensions-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-7.6.2.1-150400.17.20.1
* libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-7.6.2.1-150400.17.20.1
* libreoffice-base-7.6.2.1-150400.17.20.1
* libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-mailmerge-7.6.2.1-150400.17.20.1
* libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-impress-7.6.2.1-150400.17.20.1
* libreoffice-sdk-doc-7.6.2.1-150400.17.20.1
* libreoffice-7.6.2.1-150400.17.20.1
* libreoffice-math-7.6.2.1-150400.17.20.1
* libreoffice-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-officebean-7.6.2.1-150400.17.20.1
* libreoffice-qt5-7.6.2.1-150400.17.20.1
* libreoffice-calc-7.6.2.1-150400.17.20.1
* libreofficekit-devel-7.6.2.1-150400.17.20.1
* libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-librelogo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-7.6.2.1-150400.17.20.1
* libreoffice-calc-extensions-7.6.2.1-150400.17.20.1
* libreoffice-debugsource-7.6.2.1-150400.17.20.1
* libreoffice-gnome-7.6.2.1-150400.17.20.1
* libreofficekit-7.6.2.1-150400.17.20.1
* libreoffice-draw-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-sdk-7.6.2.1-150400.17.20.1
* SUSE Package Hub 15 15-SP4 (noarch)
* libreoffice-l10n-ar-7.6.2.1-150400.17.20.1
* libreoffice-branding-upstream-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-si-7.6.2.1-150400.17.20.1
* libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-am-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-km-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-rw-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sid-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1
* libreoffice-l10n-st-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-brx-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-af-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ml-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sq-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-id-7.6.2.1-150400.17.20.1
* libreoffice-l10n-oc-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ja-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ro-7.6.2.1-150400.17.20.1
* libreoffice-l10n-es-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ts-7.6.2.1-150400.17.20.1
* libreoffice-glade-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vec-7.6.2.1-150400.17.20.1
* libreoffice-icon-themes-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-th-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kok-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ta-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ka-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca-7.6.2.1-150400.17.20.1
* libreoffice-l10n-te-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ve-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-br-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-et-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sat-7.6.2.1-150400.17.20.1
* libreoffice-l10n-de-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ru-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-el-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-it-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ks-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-da-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fur-7.6.2.1-150400.17.20.1
* libreoffice-l10n-my-7.6.2.1-150400.17.20.1
* libreoffice-l10n-szl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-is-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-be-7.6.2.1-150400.17.20.1
* libreoffice-l10n-om-7.6.2.1-150400.17.20.1
* libreoffice-l10n-or-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mni-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nso-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mai-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ko-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ne-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-he-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kab-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ga-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ast-7.6.2.1-150400.17.20.1
* libreoffice-l10n-as-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ss-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-xh-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en-7.6.2.1-150400.17.20.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le)
* libreoffice-filters-optional-7.6.2.1-150400.17.20.1
* libreoffice-writer-extensions-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-7.6.2.1-150400.17.20.1
* libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-7.6.2.1-150400.17.20.1
* libreoffice-base-7.6.2.1-150400.17.20.1
* libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-mailmerge-7.6.2.1-150400.17.20.1
* libreoffice-sdk-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-impress-7.6.2.1-150400.17.20.1
* libreoffice-sdk-doc-7.6.2.1-150400.17.20.1
* libreoffice-7.6.2.1-150400.17.20.1
* libreoffice-math-7.6.2.1-150400.17.20.1
* libreoffice-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-officebean-7.6.2.1-150400.17.20.1
* libreoffice-qt5-7.6.2.1-150400.17.20.1
* libreoffice-calc-7.6.2.1-150400.17.20.1
* libreofficekit-devel-7.6.2.1-150400.17.20.1
* libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-qt5-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-librelogo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-7.6.2.1-150400.17.20.1
* libreoffice-calc-extensions-7.6.2.1-150400.17.20.1
* libreoffice-debugsource-7.6.2.1-150400.17.20.1
* libreoffice-gnome-7.6.2.1-150400.17.20.1
* libreofficekit-7.6.2.1-150400.17.20.1
* libreoffice-draw-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-sdk-7.6.2.1-150400.17.20.1
* SUSE Package Hub 15 15-SP5 (noarch)
* libreoffice-l10n-ar-7.6.2.1-150400.17.20.1
* libreoffice-branding-upstream-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-si-7.6.2.1-150400.17.20.1
* libreoffice-gdb-pretty-printers-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kmr_Latn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-am-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-km-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-rw-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sid-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_ZA-7.6.2.1-150400.17.20.1
* libreoffice-l10n-st-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-brx-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-af-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ml-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sa_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sq-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-id-7.6.2.1-150400.17.20.1
* libreoffice-l10n-oc-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ja-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ro-7.6.2.1-150400.17.20.1
* libreoffice-l10n-es-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ts-7.6.2.1-150400.17.20.1
* libreoffice-glade-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vec-7.6.2.1-150400.17.20.1
* libreoffice-icon-themes-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-th-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kok-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ta-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ka-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca-7.6.2.1-150400.17.20.1
* libreoffice-l10n-te-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ve-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-br-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sd-7.6.2.1-150400.17.20.1
* libreoffice-l10n-et-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sat-7.6.2.1-150400.17.20.1
* libreoffice-l10n-de-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en_GB-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ru-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-el-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ug-7.6.2.1-150400.17.20.1
* libreoffice-l10n-it-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dgo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sw_TZ-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ks-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-da-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fur-7.6.2.1-150400.17.20.1
* libreoffice-l10n-my-7.6.2.1-150400.17.20.1
* libreoffice-l10n-szl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-is-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn_IN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-be-7.6.2.1-150400.17.20.1
* libreoffice-l10n-om-7.6.2.1-150400.17.20.1
* libreoffice-l10n-or-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mni-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nso-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hsb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mai-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ko-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ne-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-he-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kab-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ga-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ast-7.6.2.1-150400.17.20.1
* libreoffice-l10n-as-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca_valencia-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ss-7.6.2.1-150400.17.20.1
* libreoffice-l10n-vi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-xh-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en-7.6.2.1-150400.17.20.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* libreoffice-filters-optional-7.6.2.1-150400.17.20.1
* libreoffice-writer-extensions-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-7.6.2.1-150400.17.20.1
* libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-7.6.2.1-150400.17.20.1
* libreoffice-base-7.6.2.1-150400.17.20.1
* libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-mailmerge-7.6.2.1-150400.17.20.1
* libreoffice-impress-7.6.2.1-150400.17.20.1
* libreoffice-7.6.2.1-150400.17.20.1
* libreoffice-math-7.6.2.1-150400.17.20.1
* libreoffice-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-officebean-7.6.2.1-150400.17.20.1
* libreoffice-calc-7.6.2.1-150400.17.20.1
* libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-7.6.2.1-150400.17.20.1
* libreoffice-calc-extensions-7.6.2.1-150400.17.20.1
* libreoffice-debugsource-7.6.2.1-150400.17.20.1
* libreoffice-gnome-7.6.2.1-150400.17.20.1
* libreofficekit-7.6.2.1-150400.17.20.1
* libreoffice-draw-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch)
* libreoffice-l10n-cy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-or-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ar-7.6.2.1-150400.17.20.1
* libreoffice-l10n-et-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1
* libreoffice-branding-upstream-7.6.2.1-150400.17.20.1
* libreoffice-l10n-de-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ja-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mai-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nso-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ro-7.6.2.1-150400.17.20.1
* libreoffice-l10n-si-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ko-7.6.2.1-150400.17.20.1
* libreoffice-l10n-xh-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-es-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ts-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-he-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ru-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hr-7.6.2.1-150400.17.20.1
* libreoffice-icon-themes-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-el-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1
* libreoffice-l10n-th-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-st-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ta-7.6.2.1-150400.17.20.1
* libreoffice-l10n-it-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ga-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca-7.6.2.1-150400.17.20.1
* libreoffice-l10n-af-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ml-7.6.2.1-150400.17.20.1
* libreoffice-l10n-te-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-as-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ve-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ss-7.6.2.1-150400.17.20.1
* libreoffice-l10n-da-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fur-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-br-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en-7.6.2.1-150400.17.20.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* libreoffice-filters-optional-7.6.2.1-150400.17.20.1
* libreoffice-writer-extensions-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-7.6.2.1-150400.17.20.1
* libreoffice-officebean-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-7.6.2.1-150400.17.20.1
* libreoffice-base-7.6.2.1-150400.17.20.1
* libreoffice-impress-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-math-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-mailmerge-7.6.2.1-150400.17.20.1
* libreoffice-impress-7.6.2.1-150400.17.20.1
* libreoffice-7.6.2.1-150400.17.20.1
* libreoffice-math-7.6.2.1-150400.17.20.1
* libreoffice-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-officebean-7.6.2.1-150400.17.20.1
* libreoffice-calc-7.6.2.1-150400.17.20.1
* libreoffice-gnome-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-writer-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-calc-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-draw-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-7.6.2.1-150400.17.20.1
* libreoffice-calc-extensions-7.6.2.1-150400.17.20.1
* libreoffice-debugsource-7.6.2.1-150400.17.20.1
* libreoffice-gnome-7.6.2.1-150400.17.20.1
* libreofficekit-7.6.2.1-150400.17.20.1
* libreoffice-draw-7.6.2.1-150400.17.20.1
* libreoffice-pyuno-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-debuginfo-7.6.2.1-150400.17.20.1
* libreoffice-base-drivers-postgresql-7.6.2.1-150400.17.20.1
* libreoffice-gtk3-debuginfo-7.6.2.1-150400.17.20.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch)
* libreoffice-l10n-cy-7.6.2.1-150400.17.20.1
* libreoffice-l10n-or-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ar-7.6.2.1-150400.17.20.1
* libreoffice-l10n-et-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ckb-7.6.2.1-150400.17.20.1
* libreoffice-branding-upstream-7.6.2.1-150400.17.20.1
* libreoffice-l10n-de-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eo-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ja-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mai-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nso-7.6.2.1-150400.17.20.1
* libreoffice-l10n-mr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ro-7.6.2.1-150400.17.20.1
* libreoffice-l10n-si-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ko-7.6.2.1-150400.17.20.1
* libreoffice-l10n-xh-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_CN-7.6.2.1-150400.17.20.1
* libreoffice-l10n-es-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ts-7.6.2.1-150400.17.20.1
* libreoffice-l10n-eu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-he-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ru-7.6.2.1-150400.17.20.1
* libreoffice-l10n-tn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-bg-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zh_TW-7.6.2.1-150400.17.20.1
* libreoffice-l10n-zu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hr-7.6.2.1-150400.17.20.1
* libreoffice-icon-themes-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-cs-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nn-7.6.2.1-150400.17.20.1
* libreoffice-l10n-uk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-el-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_BR-7.6.2.1-150400.17.20.1
* libreoffice-l10n-th-7.6.2.1-150400.17.20.1
* libreoffice-l10n-dz-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-st-7.6.2.1-150400.17.20.1
* libreoffice-l10n-kk-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fi-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ta-7.6.2.1-150400.17.20.1
* libreoffice-l10n-it-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ga-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pa-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ca-7.6.2.1-150400.17.20.1
* libreoffice-l10n-af-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ml-7.6.2.1-150400.17.20.1
* libreoffice-l10n-te-7.6.2.1-150400.17.20.1
* libreoffice-l10n-gl-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nb-7.6.2.1-150400.17.20.1
* libreoffice-l10n-as-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ve-7.6.2.1-150400.17.20.1
* libreoffice-l10n-lt-7.6.2.1-150400.17.20.1
* libreoffice-l10n-pt_PT-7.6.2.1-150400.17.20.1
* libreoffice-l10n-nr-7.6.2.1-150400.17.20.1
* libreoffice-l10n-ss-7.6.2.1-150400.17.20.1
* libreoffice-l10n-da-7.6.2.1-150400.17.20.1
* libreoffice-l10n-fur-7.6.2.1-150400.17.20.1
* libreoffice-l10n-sv-7.6.2.1-150400.17.20.1
* libreoffice-l10n-br-7.6.2.1-150400.17.20.1
* libreoffice-l10n-hu-7.6.2.1-150400.17.20.1
* libreoffice-l10n-en-7.6.2.1-150400.17.20.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6185.html
* https://www.suse.com/security/cve/CVE-2023-6186.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217577
* https://bugzilla.suse.com/show_bug.cgi?id=1217578
1
0
SUSE-SU-2023:4920-1: important: Security update for ghostscript
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for ghostscript
Announcement ID: SUSE-SU-2023:4920-1
Rating: important
References:
* bsc#1217871
Cross-References:
* CVE-2023-46751
CVSS scores:
* CVE-2023-46751 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46751 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for ghostscript fixes the following issues:
* CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable()
(bsc#1217871).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4920=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4920=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4920=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4920=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4920=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4920=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4920=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4920=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4920=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4920=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4920=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4920=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4920=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4920=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4920=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
* SUSE CaaS Platform 4.0 (x86_64)
* ghostscript-x11-9.52-150000.177.1
* ghostscript-debugsource-9.52-150000.177.1
* ghostscript-9.52-150000.177.1
* ghostscript-x11-debuginfo-9.52-150000.177.1
* ghostscript-debuginfo-9.52-150000.177.1
* ghostscript-devel-9.52-150000.177.1
## References:
* https://www.suse.com/security/cve/CVE-2023-46751.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217871
1
0
SUSE-SU-2023:4925-1: important: Security update for xorg-x11-server
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2023:4925-1
Rating: important
References:
* bsc#1217765
Cross-References:
* CVE-2023-6377
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues:
* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4925=1 openSUSE-SLE-15.5-2023-4925=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4925=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4925=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-sdk-21.1.4-150500.7.13.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-extra-21.1.4-150500.7.13.1
* xorg-x11-server-21.1.4-150500.7.13.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-debugsource-21.1.4-150500.7.13.1
* xorg-x11-server-source-21.1.4-150500.7.13.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.13.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-extra-21.1.4-150500.7.13.1
* xorg-x11-server-21.1.4-150500.7.13.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-debugsource-21.1.4-150500.7.13.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.13.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debuginfo-21.1.4-150500.7.13.1
* xorg-x11-server-debugsource-21.1.4-150500.7.13.1
* xorg-x11-server-sdk-21.1.4-150500.7.13.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
1
0
SUSE-SU-2023:4926-1: important: Security update for xwayland
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
by OPENSUSE-SECURITY-UPDATES 20 Dec '23
20 Dec '23
# Security update for xwayland
Announcement ID: SUSE-SU-2023:4926-1
Rating: important
References:
* bsc#1217765
Cross-References:
* CVE-2023-6377
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for xwayland fixes the following issues:
* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4926=1 openSUSE-SLE-15.4-2023-4926=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4926=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debugsource-21.1.4-150400.3.26.1
* xwayland-devel-21.1.4-150400.3.26.1
* xwayland-debuginfo-21.1.4-150400.3.26.1
* xwayland-21.1.4-150400.3.26.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* xwayland-debugsource-21.1.4-150400.3.26.1
* xwayland-debuginfo-21.1.4-150400.3.26.1
* xwayland-21.1.4-150400.3.26.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
1
0
20 Dec '23
# Security update for openssh
Announcement ID: SUSE-SU-2023:4902-1
Rating: important
References:
* bsc#1214788
* bsc#1217950
Cross-References:
* CVE-2023-48795
CVSS scores:
* CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP4
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for openssh fixes the following issues:
* CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity
(bsc#1217950).
the following non-security bug was fixed:
* Fix the 'no route to host' error when connecting via ProxyJump
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4902=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4902=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4902=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4902=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4902=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4902=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4902=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4902=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4902=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4902=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4902=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4902=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4902=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4902=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4902=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4902=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2023-4902=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2023-4902=1
* SUSE Linux Enterprise Real Time 15 SP4
zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4902=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2023-4902=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4902=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4902=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4902=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2023-4902=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4902=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2023-4902=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4902=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4902=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4902=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4902=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4902=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* openssh-cavs-8.4p1-150300.3.27.1
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-cavs-debuginfo-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* openssh-cavs-8.4p1-150300.3.27.1
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-cavs-debuginfo-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* openssh-cavs-8.4p1-150300.3.27.1
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-cavs-debuginfo-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Real Time 15 SP4 (x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Manager Proxy 4.3 (x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-helpers-debuginfo-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-helpers-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-askpass-gnome-debugsource-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* openssh-clients-debuginfo-8.4p1-150300.3.27.1
* openssh-common-8.4p1-150300.3.27.1
* openssh-8.4p1-150300.3.27.1
* openssh-debugsource-8.4p1-150300.3.27.1
* openssh-fips-8.4p1-150300.3.27.1
* openssh-server-8.4p1-150300.3.27.1
* openssh-server-debuginfo-8.4p1-150300.3.27.1
* openssh-common-debuginfo-8.4p1-150300.3.27.1
* openssh-clients-8.4p1-150300.3.27.1
* openssh-debuginfo-8.4p1-150300.3.27.1
## References:
* https://www.suse.com/security/cve/CVE-2023-48795.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214788
* https://bugzilla.suse.com/show_bug.cgi?id=1217950
1
0
20 Dec '23
# Security update for mariadb
Announcement ID: SUSE-SU-2023:4907-1
Rating: moderate
References:
* bsc#1217405
Cross-References:
* CVE-2023-22084
CVSS scores:
* CVE-2023-22084 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-22084 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Galera for Ericsson 15 SP3
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability can now be installed.
## Description:
This update for mariadb fixes the following issues:
* CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high
privileged attacker with network access via multiple protocols to compromise
MySQL Server (bsc#1217405).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4907=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4907=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4907=1
* Galera for Ericsson 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-4907=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4907=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4907=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4907=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* mariadb-test-debuginfo-10.5.23-150300.3.38.1
* mariadb-10.5.23-150300.3.38.1
* mariadb-test-10.5.23-150300.3.38.1
* mariadb-client-10.5.23-150300.3.38.1
* libmariadbd-devel-10.5.23-150300.3.38.1
* mariadb-debuginfo-10.5.23-150300.3.38.1
* mariadb-rpm-macros-10.5.23-150300.3.38.1
* libmariadbd19-10.5.23-150300.3.38.1
* mariadb-tools-debuginfo-10.5.23-150300.3.38.1
* mariadb-bench-debuginfo-10.5.23-150300.3.38.1
* mariadb-bench-10.5.23-150300.3.38.1
* libmariadbd19-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-debuginfo-10.5.23-150300.3.38.1
* mariadb-debugsource-10.5.23-150300.3.38.1
* mariadb-tools-10.5.23-150300.3.38.1
* mariadb-galera-10.5.23-150300.3.38.1
* openSUSE Leap 15.3 (noarch)
* mariadb-errormessages-10.5.23-150300.3.38.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* mariadb-10.5.23-150300.3.38.1
* mariadb-tools-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-10.5.23-150300.3.38.1
* libmariadbd-devel-10.5.23-150300.3.38.1
* mariadb-debuginfo-10.5.23-150300.3.38.1
* libmariadbd19-10.5.23-150300.3.38.1
* libmariadbd19-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-debuginfo-10.5.23-150300.3.38.1
* mariadb-debugsource-10.5.23-150300.3.38.1
* mariadb-tools-10.5.23-150300.3.38.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* mariadb-errormessages-10.5.23-150300.3.38.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* mariadb-10.5.23-150300.3.38.1
* mariadb-tools-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-10.5.23-150300.3.38.1
* libmariadbd-devel-10.5.23-150300.3.38.1
* mariadb-debuginfo-10.5.23-150300.3.38.1
* libmariadbd19-10.5.23-150300.3.38.1
* libmariadbd19-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-debuginfo-10.5.23-150300.3.38.1
* mariadb-debugsource-10.5.23-150300.3.38.1
* mariadb-tools-10.5.23-150300.3.38.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* mariadb-errormessages-10.5.23-150300.3.38.1
* Galera for Ericsson 15 SP3 (x86_64)
* mariadb-galera-10.5.23-150300.3.38.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* mariadb-10.5.23-150300.3.38.1
* mariadb-tools-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-10.5.23-150300.3.38.1
* libmariadbd-devel-10.5.23-150300.3.38.1
* mariadb-debuginfo-10.5.23-150300.3.38.1
* libmariadbd19-10.5.23-150300.3.38.1
* libmariadbd19-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-debuginfo-10.5.23-150300.3.38.1
* mariadb-debugsource-10.5.23-150300.3.38.1
* mariadb-tools-10.5.23-150300.3.38.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* mariadb-errormessages-10.5.23-150300.3.38.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* mariadb-10.5.23-150300.3.38.1
* mariadb-tools-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-10.5.23-150300.3.38.1
* libmariadbd-devel-10.5.23-150300.3.38.1
* mariadb-debuginfo-10.5.23-150300.3.38.1
* libmariadbd19-10.5.23-150300.3.38.1
* libmariadbd19-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-debuginfo-10.5.23-150300.3.38.1
* mariadb-debugsource-10.5.23-150300.3.38.1
* mariadb-tools-10.5.23-150300.3.38.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* mariadb-errormessages-10.5.23-150300.3.38.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* mariadb-10.5.23-150300.3.38.1
* mariadb-tools-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-10.5.23-150300.3.38.1
* libmariadbd-devel-10.5.23-150300.3.38.1
* mariadb-debuginfo-10.5.23-150300.3.38.1
* libmariadbd19-10.5.23-150300.3.38.1
* libmariadbd19-debuginfo-10.5.23-150300.3.38.1
* mariadb-client-debuginfo-10.5.23-150300.3.38.1
* mariadb-debugsource-10.5.23-150300.3.38.1
* mariadb-tools-10.5.23-150300.3.38.1
* SUSE Enterprise Storage 7.1 (noarch)
* mariadb-errormessages-10.5.23-150300.3.38.1
## References:
* https://www.suse.com/security/cve/CVE-2023-22084.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217405
1
0
openSUSE-SU-2023:0409-1: important: Security update for gstreamer-plugins-bad
by opensuse-security@opensuse.org 19 Dec '23
by opensuse-security@opensuse.org 19 Dec '23
19 Dec '23
openSUSE Security Update: Security update for gstreamer-plugins-bad
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0409-1
Rating: important
References: #1215793 #1215796
Cross-References: CVE-2023-40474 CVE-2023-40476
CVSS scores:
CVE-2023-40474 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-40476 (SUSE): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Affected Products:
openSUSE Leap 15.4
openSUSE Leap 15.5
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2023-40474: Fixed integer overflow causing out of bounds writes when
handling invalid uncompressed video (bsc#1215796).
- CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1
(bsc#1215793).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:
zypper in -t patch openSUSE-2023-409=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2023-409=1
Package List:
- openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64):
gstreamer-plugins-bad-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-chromaprint-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-debuginfo-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-debugsource-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-devel-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-fluidsynth-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-fluidsynth-debuginfo-1.22.0-lp155.3.7.1
gstreamer-transcoder-1.22.0-lp155.3.7.1
gstreamer-transcoder-debuginfo-1.22.0-lp155.3.7.1
gstreamer-transcoder-devel-1.22.0-lp155.3.7.1
libgstadaptivedemux-1_0-0-1.22.0-lp155.3.7.1
libgstadaptivedemux-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstbadaudio-1_0-0-1.22.0-lp155.3.7.1
libgstbadaudio-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstbasecamerabinsrc-1_0-0-1.22.0-lp155.3.7.1
libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstcodecparsers-1_0-0-1.22.0-lp155.3.7.1
libgstcodecparsers-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstcodecs-1_0-0-1.22.0-lp155.3.7.1
libgstcodecs-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstcuda-1_0-0-1.22.0-lp155.3.7.1
libgstcuda-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstinsertbin-1_0-0-1.22.0-lp155.3.7.1
libgstinsertbin-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstisoff-1_0-0-1.22.0-lp155.3.7.1
libgstisoff-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstmpegts-1_0-0-1.22.0-lp155.3.7.1
libgstmpegts-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstphotography-1_0-0-1.22.0-lp155.3.7.1
libgstphotography-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstplay-1_0-0-1.22.0-lp155.3.7.1
libgstplay-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstplayer-1_0-0-1.22.0-lp155.3.7.1
libgstplayer-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstsctp-1_0-0-1.22.0-lp155.3.7.1
libgstsctp-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgsttranscoder-1_0-0-1.22.0-lp155.3.7.1
libgsttranscoder-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgsturidownloader-1_0-0-1.22.0-lp155.3.7.1
libgsturidownloader-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstva-1_0-0-1.22.0-lp155.3.7.1
libgstva-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstvulkan-1_0-0-1.22.0-lp155.3.7.1
libgstvulkan-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstwayland-1_0-0-1.22.0-lp155.3.7.1
libgstwayland-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstwebrtc-1_0-0-1.22.0-lp155.3.7.1
libgstwebrtc-1_0-0-debuginfo-1.22.0-lp155.3.7.1
libgstwebrtcnice-1_0-0-1.22.0-lp155.3.7.1
libgstwebrtcnice-1_0-0-debuginfo-1.22.0-lp155.3.7.1
typelib-1_0-CudaGst-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstBadAudio-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstCodecs-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstCuda-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstInsertBin-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstMpegts-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstPlay-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstPlayer-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstTranscoder-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstVa-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstVulkan-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstVulkanWayland-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstVulkanXCB-1_0-1.22.0-lp155.3.7.1
typelib-1_0-GstWebRTC-1_0-1.22.0-lp155.3.7.1
- openSUSE Leap 15.5 (aarch64_ilp32):
gstreamer-plugins-bad-64bit-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-64bit-debuginfo-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-chromaprint-64bit-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-fluidsynth-64bit-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-fluidsynth-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstadaptivedemux-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstbadaudio-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstcodecparsers-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstcodecs-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstcuda-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstcuda-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstinsertbin-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstisoff-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstisoff-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstmpegts-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstphotography-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstphotography-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstplay-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstplay-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstplayer-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstplayer-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstsctp-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstsctp-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgsturidownloader-1_0-0-64bit-1.22.0-lp155.3.7.1
libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstva-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstva-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstvulkan-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstwayland-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstwayland-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstwebrtc-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
libgstwebrtcnice-1_0-0-64bit-1.22.0-lp155.3.7.1
libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-lp155.3.7.1
- openSUSE Leap 15.5 (x86_64):
gstreamer-plugins-bad-32bit-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-32bit-debuginfo-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-chromaprint-32bit-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-fluidsynth-32bit-1.22.0-lp155.3.7.1
gstreamer-plugins-bad-fluidsynth-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstadaptivedemux-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstbadaudio-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstcodecparsers-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstcodecs-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstcuda-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstcuda-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstinsertbin-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstisoff-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstisoff-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstmpegts-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstphotography-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstphotography-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstplay-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstplay-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstplayer-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstplayer-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstsctp-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstsctp-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgsturidownloader-1_0-0-32bit-1.22.0-lp155.3.7.1
libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstva-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstva-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstvulkan-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstwayland-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstwayland-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstwebrtc-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
libgstwebrtcnice-1_0-0-32bit-1.22.0-lp155.3.7.1
libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-lp155.3.7.1
- openSUSE Leap 15.5 (noarch):
gstreamer-plugins-bad-lang-1.22.0-lp155.3.7.1
- openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):
gstreamer-plugins-bad-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-chromaprint-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-debuginfo-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-debugsource-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-devel-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-fluidsynth-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-fluidsynth-debuginfo-1.20.1-lp154.2.9.1
gstreamer-transcoder-1.20.1-lp154.2.9.1
gstreamer-transcoder-debuginfo-1.20.1-lp154.2.9.1
gstreamer-transcoder-devel-1.20.1-lp154.2.9.1
libgstadaptivedemux-1_0-0-1.20.1-lp154.2.9.1
libgstadaptivedemux-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstbadaudio-1_0-0-1.20.1-lp154.2.9.1
libgstbadaudio-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstbasecamerabinsrc-1_0-0-1.20.1-lp154.2.9.1
libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstcodecparsers-1_0-0-1.20.1-lp154.2.9.1
libgstcodecparsers-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstcodecs-1_0-0-1.20.1-lp154.2.9.1
libgstcodecs-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstinsertbin-1_0-0-1.20.1-lp154.2.9.1
libgstinsertbin-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstisoff-1_0-0-1.20.1-lp154.2.9.1
libgstisoff-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstmpegts-1_0-0-1.20.1-lp154.2.9.1
libgstmpegts-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstphotography-1_0-0-1.20.1-lp154.2.9.1
libgstphotography-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstplay-1_0-0-1.20.1-lp154.2.9.1
libgstplay-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstplayer-1_0-0-1.20.1-lp154.2.9.1
libgstplayer-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstsctp-1_0-0-1.20.1-lp154.2.9.1
libgstsctp-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgsttranscoder-1_0-0-1.20.1-lp154.2.9.1
libgsttranscoder-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgsturidownloader-1_0-0-1.20.1-lp154.2.9.1
libgsturidownloader-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstva-1_0-0-1.20.1-lp154.2.9.1
libgstva-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstvulkan-1_0-0-1.20.1-lp154.2.9.1
libgstvulkan-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstwayland-1_0-0-1.20.1-lp154.2.9.1
libgstwayland-1_0-0-debuginfo-1.20.1-lp154.2.9.1
libgstwebrtc-1_0-0-1.20.1-lp154.2.9.1
libgstwebrtc-1_0-0-debuginfo-1.20.1-lp154.2.9.1
typelib-1_0-GstBadAudio-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstCodecs-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstInsertBin-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstMpegts-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstPlay-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstPlayer-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstTranscoder-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstVulkan-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstVulkanWayland-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstVulkanXCB-1_0-1.20.1-lp154.2.9.1
typelib-1_0-GstWebRTC-1_0-1.20.1-lp154.2.9.1
- openSUSE Leap 15.4 (aarch64_ilp32):
gstreamer-plugins-bad-64bit-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-64bit-debuginfo-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-chromaprint-64bit-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-fluidsynth-64bit-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-fluidsynth-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstadaptivedemux-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstbadaudio-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstcodecparsers-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstcodecs-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstinsertbin-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstisoff-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstisoff-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstmpegts-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstphotography-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstphotography-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstplay-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstplay-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstplayer-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstplayer-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstsctp-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstsctp-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgsturidownloader-1_0-0-64bit-1.20.1-lp154.2.9.1
libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstva-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstva-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstvulkan-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstwayland-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstwayland-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
libgstwebrtc-1_0-0-64bit-1.20.1-lp154.2.9.1
libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-lp154.2.9.1
- openSUSE Leap 15.4 (noarch):
gstreamer-plugins-bad-lang-1.20.1-lp154.2.9.1
- openSUSE Leap 15.4 (x86_64):
gstreamer-plugins-bad-32bit-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-32bit-debuginfo-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-chromaprint-32bit-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-fluidsynth-32bit-1.20.1-lp154.2.9.1
gstreamer-plugins-bad-fluidsynth-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstadaptivedemux-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstbadaudio-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstcodecparsers-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstcodecs-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstinsertbin-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstisoff-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstisoff-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstmpegts-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstphotography-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstphotography-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstplay-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstplay-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstplayer-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstplayer-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstsctp-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstsctp-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgsturidownloader-1_0-0-32bit-1.20.1-lp154.2.9.1
libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstva-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstva-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstvulkan-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstwayland-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstwayland-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
libgstwebrtc-1_0-0-32bit-1.20.1-lp154.2.9.1
libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-lp154.2.9.1
References:
https://www.suse.com/security/cve/CVE-2023-40474.html
https://www.suse.com/security/cve/CVE-2023-40476.html
https://bugzilla.suse.com/1215793
https://bugzilla.suse.com/1215796
1
0
19 Dec '23
# Security update for avahi
Announcement ID: SUSE-SU-2023:4910-1
Rating: moderate
References:
* bsc#1215947
* bsc#1216419
Cross-References:
* CVE-2023-38470
* CVE-2023-38473
CVSS scores:
* CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves two vulnerabilities can now be installed.
## Description:
This update for avahi fixes the following issues:
* CVE-2023-38473: Fixed a reachable assertion when parsing a host name
(bsc#1216419).
* CVE-2023-38470: Fixed that each label is at least one byte long
(bsc#1215947).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4910=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-4910=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libavahi-ui0-0.7-150100.3.29.1
* libavahi-ui0-debuginfo-0.7-150100.3.29.1
* SUSE Manager Proxy 4.2 (x86_64)
* avahi-debuginfo-0.7-150100.3.29.1
* libavahi-client3-debuginfo-0.7-150100.3.29.1
* libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-core7-0.7-150100.3.29.1
* libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1
* avahi-compat-howl-devel-0.7-150100.3.29.1
* libavahi-glib1-debuginfo-0.7-150100.3.29.1
* libhowl0-debuginfo-0.7-150100.3.29.1
* libavahi-gobject0-debuginfo-0.7-150100.3.29.1
* libavahi-gobject0-0.7-150100.3.29.1
* libavahi-common3-0.7-150100.3.29.1
* libavahi-client3-0.7-150100.3.29.1
* typelib-1_0-Avahi-0_6-0.7-150100.3.29.1
* libavahi-ui-gtk3-0-0.7-150100.3.29.1
* avahi-debugsource-0.7-150100.3.29.1
* avahi-utils-debuginfo-0.7-150100.3.29.1
* avahi-glib2-debugsource-0.7-150100.3.29.1
* libavahi-ui0-0.7-150100.3.29.1
* avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1
* libdns_sd-debuginfo-0.7-150100.3.29.1
* avahi-utils-0.7-150100.3.29.1
* libavahi-common3-debuginfo-0.7-150100.3.29.1
* libavahi-ui0-debuginfo-0.7-150100.3.29.1
* libdns_sd-0.7-150100.3.29.1
* libavahi-glib1-0.7-150100.3.29.1
* libavahi-devel-0.7-150100.3.29.1
* libhowl0-0.7-150100.3.29.1
* avahi-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-common3-32bit-0.7-150100.3.29.1
* libavahi-glib-devel-0.7-150100.3.29.1
* libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-core7-debuginfo-0.7-150100.3.29.1
* libavahi-client3-32bit-0.7-150100.3.29.1
* avahi-0.7-150100.3.29.1
* SUSE Manager Proxy 4.2 (noarch)
* avahi-lang-0.7-150100.3.29.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* avahi-debuginfo-0.7-150100.3.29.1
* libavahi-client3-debuginfo-0.7-150100.3.29.1
* libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-core7-0.7-150100.3.29.1
* libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1
* avahi-compat-howl-devel-0.7-150100.3.29.1
* libavahi-glib1-debuginfo-0.7-150100.3.29.1
* libhowl0-debuginfo-0.7-150100.3.29.1
* libavahi-gobject0-debuginfo-0.7-150100.3.29.1
* libavahi-gobject0-0.7-150100.3.29.1
* libavahi-common3-0.7-150100.3.29.1
* libavahi-client3-0.7-150100.3.29.1
* typelib-1_0-Avahi-0_6-0.7-150100.3.29.1
* libavahi-ui-gtk3-0-0.7-150100.3.29.1
* avahi-debugsource-0.7-150100.3.29.1
* avahi-utils-debuginfo-0.7-150100.3.29.1
* avahi-glib2-debugsource-0.7-150100.3.29.1
* libavahi-ui0-0.7-150100.3.29.1
* avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1
* libdns_sd-debuginfo-0.7-150100.3.29.1
* avahi-utils-0.7-150100.3.29.1
* libavahi-common3-debuginfo-0.7-150100.3.29.1
* libavahi-ui0-debuginfo-0.7-150100.3.29.1
* libdns_sd-0.7-150100.3.29.1
* libavahi-glib1-0.7-150100.3.29.1
* libavahi-devel-0.7-150100.3.29.1
* libhowl0-0.7-150100.3.29.1
* avahi-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-common3-32bit-0.7-150100.3.29.1
* libavahi-glib-devel-0.7-150100.3.29.1
* libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-core7-debuginfo-0.7-150100.3.29.1
* libavahi-client3-32bit-0.7-150100.3.29.1
* avahi-0.7-150100.3.29.1
* SUSE Manager Retail Branch Server 4.2 (noarch)
* avahi-lang-0.7-150100.3.29.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* avahi-debuginfo-0.7-150100.3.29.1
* libavahi-client3-debuginfo-0.7-150100.3.29.1
* libavahi-core7-0.7-150100.3.29.1
* libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1
* avahi-compat-howl-devel-0.7-150100.3.29.1
* libavahi-glib1-debuginfo-0.7-150100.3.29.1
* libhowl0-debuginfo-0.7-150100.3.29.1
* libavahi-gobject0-debuginfo-0.7-150100.3.29.1
* libavahi-gobject0-0.7-150100.3.29.1
* libavahi-client3-0.7-150100.3.29.1
* libavahi-common3-0.7-150100.3.29.1
* typelib-1_0-Avahi-0_6-0.7-150100.3.29.1
* libavahi-ui-gtk3-0-0.7-150100.3.29.1
* avahi-debugsource-0.7-150100.3.29.1
* avahi-utils-debuginfo-0.7-150100.3.29.1
* avahi-glib2-debugsource-0.7-150100.3.29.1
* libavahi-ui0-0.7-150100.3.29.1
* avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1
* libdns_sd-debuginfo-0.7-150100.3.29.1
* avahi-utils-0.7-150100.3.29.1
* libavahi-common3-debuginfo-0.7-150100.3.29.1
* libavahi-ui0-debuginfo-0.7-150100.3.29.1
* libdns_sd-0.7-150100.3.29.1
* libavahi-glib1-0.7-150100.3.29.1
* libavahi-devel-0.7-150100.3.29.1
* libhowl0-0.7-150100.3.29.1
* libavahi-glib-devel-0.7-150100.3.29.1
* libavahi-core7-debuginfo-0.7-150100.3.29.1
* avahi-0.7-150100.3.29.1
* SUSE Manager Server 4.2 (noarch)
* avahi-lang-0.7-150100.3.29.1
* SUSE Manager Server 4.2 (x86_64)
* avahi-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-common3-32bit-0.7-150100.3.29.1
* libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1
* libavahi-client3-32bit-0.7-150100.3.29.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* avahi-debuginfo-0.7-150100.3.29.1
* libavahi-client3-debuginfo-0.7-150100.3.29.1
* avahi-debugsource-0.7-150100.3.29.1
* libavahi-core7-0.7-150100.3.29.1
* libavahi-common3-debuginfo-0.7-150100.3.29.1
* libavahi-core7-debuginfo-0.7-150100.3.29.1
* libavahi-client3-0.7-150100.3.29.1
* libavahi-common3-0.7-150100.3.29.1
* avahi-0.7-150100.3.29.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* avahi-debuginfo-0.7-150100.3.29.1
* libavahi-client3-debuginfo-0.7-150100.3.29.1
* avahi-debugsource-0.7-150100.3.29.1
* libavahi-core7-0.7-150100.3.29.1
* libavahi-common3-debuginfo-0.7-150100.3.29.1
* libavahi-core7-debuginfo-0.7-150100.3.29.1
* libavahi-client3-0.7-150100.3.29.1
* libavahi-common3-0.7-150100.3.29.1
* avahi-0.7-150100.3.29.1
## References:
* https://www.suse.com/security/cve/CVE-2023-38470.html
* https://www.suse.com/security/cve/CVE-2023-38473.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215947
* https://bugzilla.suse.com/show_bug.cgi?id=1216419
1
0
19 Dec '23
# Security update for avahi
Announcement ID: SUSE-SU-2023:4901-1
Rating: moderate
References:
* bsc#1216853
Cross-References:
* CVE-2023-38472
CVSS scores:
* CVE-2023-38472 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-38472 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP4
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for avahi fixes the following issues:
* CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse
(bsc#1216853).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4901=1 SUSE-2023-4901=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4901=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4901=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4901=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4901=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4901=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4901=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4901=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4901=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4901=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4901=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4901=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4901=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4901=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4901=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* avahi-compat-howl-devel-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* libavahi-libevent1-debuginfo-0.8-150400.7.13.1
* avahi-utils-gtk-0.8-150400.7.13.1
* libavahi-libevent1-0.8-150400.7.13.1
* avahi-glib2-debugsource-0.8-150400.7.13.1
* libavahi-qt5-devel-0.8-150400.7.13.1
* libavahi-glib1-debuginfo-0.8-150400.7.13.1
* avahi-qt5-debugsource-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* avahi-autoipd-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-0.8-150400.7.13.1
* avahi-autoipd-debuginfo-0.8-150400.7.13.1
* libdns_sd-0.8-150400.7.13.1
* libavahi-devel-0.8-150400.7.13.1
* libavahi-core7-0.8-150400.7.13.1
* libavahi-qt5-1-debuginfo-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1
* libavahi-glib-devel-0.8-150400.7.13.1
* avahi-utils-0.8-150400.7.13.1
* libavahi-gobject-devel-0.8-150400.7.13.1
* libhowl0-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* libhowl0-debuginfo-0.8-150400.7.13.1
* python3-avahi-gtk-0.8-150400.7.13.1
* avahi-utils-debuginfo-0.8-150400.7.13.1
* python3-avahi-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-0.8-150400.7.13.1
* libavahi-qt5-1-0.8-150400.7.13.1
* libavahi-glib1-0.8-150400.7.13.1
* avahi-utils-gtk-debuginfo-0.8-150400.7.13.1
* typelib-1_0-Avahi-0_6-0.8-150400.7.13.1
* libdns_sd-debuginfo-0.8-150400.7.13.1
* openSUSE Leap 15.4 (x86_64)
* libavahi-common3-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-0.8-150400.7.13.1
* libavahi-glib1-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1
* libdns_sd-32bit-debuginfo-0.8-150400.7.13.1
* avahi-32bit-debuginfo-0.8-150400.7.13.1
* libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1
* libavahi-glib1-32bit-debuginfo-0.8-150400.7.13.1
* libdns_sd-32bit-0.8-150400.7.13.1
* openSUSE Leap 15.4 (noarch)
* avahi-lang-0.8-150400.7.13.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libdns_sd-64bit-0.8-150400.7.13.1
* libavahi-common3-64bit-debuginfo-0.8-150400.7.13.1
* libavahi-client3-64bit-debuginfo-0.8-150400.7.13.1
* avahi-64bit-debuginfo-0.8-150400.7.13.1
* libavahi-glib1-64bit-debuginfo-0.8-150400.7.13.1
* libavahi-client3-64bit-0.8-150400.7.13.1
* libdns_sd-64bit-debuginfo-0.8-150400.7.13.1
* libavahi-glib1-64bit-0.8-150400.7.13.1
* libavahi-common3-64bit-0.8-150400.7.13.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* avahi-compat-howl-devel-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* libavahi-libevent1-debuginfo-0.8-150400.7.13.1
* avahi-utils-gtk-0.8-150400.7.13.1
* libavahi-libevent1-0.8-150400.7.13.1
* avahi-glib2-debugsource-0.8-150400.7.13.1
* libavahi-qt5-devel-0.8-150400.7.13.1
* libavahi-glib1-debuginfo-0.8-150400.7.13.1
* avahi-qt5-debugsource-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* avahi-autoipd-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-0.8-150400.7.13.1
* avahi-autoipd-debuginfo-0.8-150400.7.13.1
* libdns_sd-0.8-150400.7.13.1
* libavahi-devel-0.8-150400.7.13.1
* libavahi-core7-0.8-150400.7.13.1
* libavahi-qt5-1-debuginfo-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1
* libavahi-glib-devel-0.8-150400.7.13.1
* avahi-utils-0.8-150400.7.13.1
* libavahi-gobject-devel-0.8-150400.7.13.1
* libhowl0-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* libhowl0-debuginfo-0.8-150400.7.13.1
* python3-avahi-gtk-0.8-150400.7.13.1
* avahi-utils-debuginfo-0.8-150400.7.13.1
* libavahi-qt5-1-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-0.8-150400.7.13.1
* python3-avahi-0.8-150400.7.13.1
* libavahi-glib1-0.8-150400.7.13.1
* avahi-utils-gtk-debuginfo-0.8-150400.7.13.1
* typelib-1_0-Avahi-0_6-0.8-150400.7.13.1
* libdns_sd-debuginfo-0.8-150400.7.13.1
* openSUSE Leap 15.5 (x86_64)
* libavahi-common3-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-0.8-150400.7.13.1
* libavahi-glib1-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1
* libdns_sd-32bit-debuginfo-0.8-150400.7.13.1
* avahi-32bit-debuginfo-0.8-150400.7.13.1
* libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1
* libavahi-glib1-32bit-debuginfo-0.8-150400.7.13.1
* libdns_sd-32bit-0.8-150400.7.13.1
* openSUSE Leap 15.5 (noarch)
* avahi-lang-0.8-150400.7.13.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libavahi-core7-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* avahi-compat-howl-devel-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* libavahi-libevent1-debuginfo-0.8-150400.7.13.1
* libavahi-libevent1-0.8-150400.7.13.1
* avahi-glib2-debugsource-0.8-150400.7.13.1
* libavahi-glib1-debuginfo-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-0.8-150400.7.13.1
* libdns_sd-0.8-150400.7.13.1
* libavahi-devel-0.8-150400.7.13.1
* libavahi-core7-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1
* libavahi-glib-devel-0.8-150400.7.13.1
* avahi-utils-0.8-150400.7.13.1
* libhowl0-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* libhowl0-debuginfo-0.8-150400.7.13.1
* avahi-utils-debuginfo-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-0.8-150400.7.13.1
* libavahi-glib1-0.8-150400.7.13.1
* typelib-1_0-Avahi-0_6-0.8-150400.7.13.1
* libdns_sd-debuginfo-0.8-150400.7.13.1
* Basesystem Module 15-SP4 (noarch)
* avahi-lang-0.8-150400.7.13.1
* Basesystem Module 15-SP4 (x86_64)
* libavahi-common3-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1
* avahi-32bit-debuginfo-0.8-150400.7.13.1
* libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* avahi-compat-howl-devel-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* libavahi-client3-debuginfo-0.8-150400.7.13.1
* libavahi-libevent1-debuginfo-0.8-150400.7.13.1
* libavahi-libevent1-0.8-150400.7.13.1
* avahi-glib2-debugsource-0.8-150400.7.13.1
* libavahi-glib1-debuginfo-0.8-150400.7.13.1
* libavahi-core7-debuginfo-0.8-150400.7.13.1
* libavahi-common3-0.8-150400.7.13.1
* libavahi-common3-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-debuginfo-0.8-150400.7.13.1
* libavahi-gobject0-0.8-150400.7.13.1
* libdns_sd-0.8-150400.7.13.1
* libavahi-devel-0.8-150400.7.13.1
* libavahi-core7-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.13.1
* libavahi-glib-devel-0.8-150400.7.13.1
* avahi-utils-0.8-150400.7.13.1
* libhowl0-0.8-150400.7.13.1
* libavahi-client3-0.8-150400.7.13.1
* avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1
* avahi-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* libhowl0-debuginfo-0.8-150400.7.13.1
* avahi-utils-debuginfo-0.8-150400.7.13.1
* libavahi-ui-gtk3-0-0.8-150400.7.13.1
* libavahi-glib1-0.8-150400.7.13.1
* typelib-1_0-Avahi-0_6-0.8-150400.7.13.1
* libdns_sd-debuginfo-0.8-150400.7.13.1
* Basesystem Module 15-SP5 (noarch)
* avahi-lang-0.8-150400.7.13.1
* Basesystem Module 15-SP5 (x86_64)
* libavahi-common3-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-0.8-150400.7.13.1
* libavahi-client3-32bit-debuginfo-0.8-150400.7.13.1
* avahi-32bit-debuginfo-0.8-150400.7.13.1
* libavahi-common3-32bit-debuginfo-0.8-150400.7.13.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* avahi-debugsource-0.8-150400.7.13.1
* avahi-utils-gtk-debuginfo-0.8-150400.7.13.1
* avahi-utils-gtk-0.8-150400.7.13.1
* avahi-autoipd-0.8-150400.7.13.1
* libavahi-gobject-devel-0.8-150400.7.13.1
* avahi-glib2-debugsource-0.8-150400.7.13.1
* avahi-autoipd-debuginfo-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* avahi-debugsource-0.8-150400.7.13.1
* avahi-utils-gtk-debuginfo-0.8-150400.7.13.1
* avahi-utils-gtk-0.8-150400.7.13.1
* avahi-autoipd-0.8-150400.7.13.1
* libavahi-gobject-devel-0.8-150400.7.13.1
* avahi-glib2-debugsource-0.8-150400.7.13.1
* avahi-autoipd-debuginfo-0.8-150400.7.13.1
* avahi-debuginfo-0.8-150400.7.13.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* avahi-debuginfo-0.8-150400.7.13.1
* python3-avahi-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* avahi-debuginfo-0.8-150400.7.13.1
* python3-avahi-0.8-150400.7.13.1
* avahi-debugsource-0.8-150400.7.13.1
## References:
* https://www.suse.com/security/cve/CVE-2023-38472.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216853
1
0
18 Dec '23
# Security update for ncurses
Announcement ID: SUSE-SU-2023:4891-1
Rating: moderate
References:
* bsc#1201384
* bsc#1218014
Cross-References:
* CVE-2023-50495
CVSS scores:
* CVE-2023-50495 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-50495 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* Legacy Module 15-SP4
* Legacy Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for ncurses fixes the following issues:
* CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry()
(bsc#1218014)
* Modify reset command to avoid altering clocal if the terminal uses a modem
(bsc#1201384)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4891=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4891=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4891=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4891=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4891=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4891=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4891=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4891=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4891=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4891=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4891=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4891=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4891=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4891=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4891=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4891=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4891=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4891=1
## Package List:
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* openSUSE Leap 15.4 (x86_64)
* libncurses6-32bit-6.1-150000.5.20.1
* libncurses5-32bit-debuginfo-6.1-150000.5.20.1
* ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1
* ncurses5-devel-32bit-6.1-150000.5.20.1
* libncurses5-32bit-6.1-150000.5.20.1
* ncurses-devel-32bit-6.1-150000.5.20.1
* libncurses6-32bit-debuginfo-6.1-150000.5.20.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libncurses5-6.1-150000.5.20.1
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses5-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* tack-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* terminfo-screen-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* ncurses-devel-6.1-150000.5.20.1
* ncurses5-devel-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* ncurses-devel-debuginfo-6.1-150000.5.20.1
* terminfo-iterm-6.1-150000.5.20.1
* tack-debuginfo-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* openSUSE Leap 15.5 (x86_64)
* libncurses6-32bit-6.1-150000.5.20.1
* libncurses5-32bit-debuginfo-6.1-150000.5.20.1
* ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1
* ncurses5-devel-32bit-6.1-150000.5.20.1
* libncurses5-32bit-6.1-150000.5.20.1
* ncurses-devel-32bit-6.1-150000.5.20.1
* libncurses6-32bit-debuginfo-6.1-150000.5.20.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libncurses5-6.1-150000.5.20.1
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses5-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* tack-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* terminfo-screen-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* ncurses-devel-6.1-150000.5.20.1
* ncurses5-devel-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* ncurses-devel-debuginfo-6.1-150000.5.20.1
* terminfo-iterm-6.1-150000.5.20.1
* tack-debuginfo-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* tack-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* terminfo-screen-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* ncurses-devel-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* ncurses-devel-debuginfo-6.1-150000.5.20.1
* terminfo-iterm-6.1-150000.5.20.1
* tack-debuginfo-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* Basesystem Module 15-SP4 (x86_64)
* libncurses6-32bit-6.1-150000.5.20.1
* libncurses6-32bit-debuginfo-6.1-150000.5.20.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* tack-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* terminfo-screen-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* ncurses-devel-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* ncurses-devel-debuginfo-6.1-150000.5.20.1
* terminfo-iterm-6.1-150000.5.20.1
* tack-debuginfo-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* Basesystem Module 15-SP5 (x86_64)
* libncurses6-32bit-6.1-150000.5.20.1
* libncurses6-32bit-debuginfo-6.1-150000.5.20.1
* Development Tools Module 15-SP4 (x86_64)
* ncurses-devel-32bit-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1
* Development Tools Module 15-SP5 (x86_64)
* ncurses-devel-32bit-6.1-150000.5.20.1
* ncurses-devel-32bit-debuginfo-6.1-150000.5.20.1
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* ncurses5-devel-6.1-150000.5.20.1
* libncurses5-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* libncurses5-debuginfo-6.1-150000.5.20.1
* Legacy Module 15-SP4 (x86_64)
* libncurses5-32bit-6.1-150000.5.20.1
* libncurses5-32bit-debuginfo-6.1-150000.5.20.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ncurses5-devel-6.1-150000.5.20.1
* libncurses5-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* libncurses5-debuginfo-6.1-150000.5.20.1
* Legacy Module 15-SP5 (x86_64)
* libncurses5-32bit-6.1-150000.5.20.1
* libncurses5-32bit-debuginfo-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* ncurses-utils-debuginfo-6.1-150000.5.20.1
* libncurses6-debuginfo-6.1-150000.5.20.1
* terminfo-6.1-150000.5.20.1
* ncurses-debugsource-6.1-150000.5.20.1
* ncurses-utils-6.1-150000.5.20.1
* terminfo-base-6.1-150000.5.20.1
* libncurses6-6.1-150000.5.20.1
## References:
* https://www.suse.com/security/cve/CVE-2023-50495.html
* https://bugzilla.suse.com/show_bug.cgi?id=1201384
* https://bugzilla.suse.com/show_bug.cgi?id=1218014
1
0
18 Dec '23
# Security update for freerdp
Announcement ID: SUSE-SU-2023:4893-1
Rating: moderate
References:
* bsc#1214856
* bsc#1214857
* bsc#1214858
* bsc#1214859
* bsc#1214860
* bsc#1214862
* bsc#1214863
* bsc#1214864
* bsc#1214866
* bsc#1214867
* bsc#1214868
* bsc#1214869
* bsc#1214870
* bsc#1214871
* bsc#1214872
Cross-References:
* CVE-2023-39350
* CVE-2023-39351
* CVE-2023-39352
* CVE-2023-39353
* CVE-2023-39354
* CVE-2023-39356
* CVE-2023-40181
* CVE-2023-40186
* CVE-2023-40188
* CVE-2023-40567
* CVE-2023-40569
* CVE-2023-40574
* CVE-2023-40575
* CVE-2023-40576
* CVE-2023-40589
CVSS scores:
* CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39352 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39352 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39353 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39353 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39354 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39354 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39356 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40186 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40188 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40188 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40567 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40569 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40575 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40576 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40589 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-40589 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves 15 vulnerabilities can now be installed.
## Description:
This update for freerdp fixes the following issues:
* CVE-2023-39350: Fixed incorrect offset calculation leading to DoS
(bsc#1214856).
* CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX
(bsc#1214857).
* CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound
Write (bsc#1214858).
* CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read
(bsc#1214859).
* CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data
(bsc#1214860).
* CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds
Read in gdi_multi_opaque_rect (bsc#1214862).
* CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in
zgfx_decompress_segment (bsc#1214863).
* CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write
Vulnerability in gdi_CreateSurface (bsc#1214864).
* CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444
(bsc#1214866).
* CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data
(bsc#1214867).
* CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress
(bsc#1214868).
* CVE-2023-40574: Fixed Out-Of-Bounds Write in
general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869).
* CVE-2023-40575: Fixed Out-Of-Bounds Read in
general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870).
* CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871).
* CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress
(bsc#1214872).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4893=1 SUSE-2023-4893=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4893=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4893=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4893=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4893=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4893=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libwinpr2-2.4.0-150400.3.23.1
* freerdp-server-debuginfo-2.4.0-150400.3.23.1
* libwinpr2-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-2.4.0-150400.3.23.1
* freerdp-devel-2.4.0-150400.3.23.1
* freerdp-debugsource-2.4.0-150400.3.23.1
* libuwac0-0-2.4.0-150400.3.23.1
* freerdp-debuginfo-2.4.0-150400.3.23.1
* uwac0-0-devel-2.4.0-150400.3.23.1
* libuwac0-0-debuginfo-2.4.0-150400.3.23.1
* freerdp-wayland-2.4.0-150400.3.23.1
* freerdp-proxy-2.4.0-150400.3.23.1
* freerdp-server-2.4.0-150400.3.23.1
* freerdp-2.4.0-150400.3.23.1
* winpr2-devel-2.4.0-150400.3.23.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libwinpr2-2.4.0-150400.3.23.1
* freerdp-server-debuginfo-2.4.0-150400.3.23.1
* libwinpr2-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-2.4.0-150400.3.23.1
* freerdp-devel-2.4.0-150400.3.23.1
* freerdp-debugsource-2.4.0-150400.3.23.1
* libuwac0-0-2.4.0-150400.3.23.1
* freerdp-debuginfo-2.4.0-150400.3.23.1
* uwac0-0-devel-2.4.0-150400.3.23.1
* libuwac0-0-debuginfo-2.4.0-150400.3.23.1
* freerdp-wayland-2.4.0-150400.3.23.1
* freerdp-proxy-2.4.0-150400.3.23.1
* freerdp-server-2.4.0-150400.3.23.1
* freerdp-2.4.0-150400.3.23.1
* winpr2-devel-2.4.0-150400.3.23.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x)
* libwinpr2-2.4.0-150400.3.23.1
* libwinpr2-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-2.4.0-150400.3.23.1
* freerdp-devel-2.4.0-150400.3.23.1
* freerdp-debugsource-2.4.0-150400.3.23.1
* freerdp-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-2.4.0-150400.3.23.1
* freerdp-2.4.0-150400.3.23.1
* winpr2-devel-2.4.0-150400.3.23.1
* libfreerdp2-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
* libwinpr2-2.4.0-150400.3.23.1
* freerdp-server-debuginfo-2.4.0-150400.3.23.1
* libwinpr2-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-2.4.0-150400.3.23.1
* freerdp-devel-2.4.0-150400.3.23.1
* freerdp-debugsource-2.4.0-150400.3.23.1
* libuwac0-0-2.4.0-150400.3.23.1
* freerdp-debuginfo-2.4.0-150400.3.23.1
* uwac0-0-devel-2.4.0-150400.3.23.1
* libuwac0-0-debuginfo-2.4.0-150400.3.23.1
* freerdp-wayland-2.4.0-150400.3.23.1
* freerdp-proxy-2.4.0-150400.3.23.1
* freerdp-server-2.4.0-150400.3.23.1
* freerdp-2.4.0-150400.3.23.1
* winpr2-devel-2.4.0-150400.3.23.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* libwinpr2-2.4.0-150400.3.23.1
* libwinpr2-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-2.4.0-150400.3.23.1
* freerdp-devel-2.4.0-150400.3.23.1
* freerdp-debugsource-2.4.0-150400.3.23.1
* freerdp-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-2.4.0-150400.3.23.1
* freerdp-2.4.0-150400.3.23.1
* winpr2-devel-2.4.0-150400.3.23.1
* libfreerdp2-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* libwinpr2-2.4.0-150400.3.23.1
* libwinpr2-debuginfo-2.4.0-150400.3.23.1
* libfreerdp2-2.4.0-150400.3.23.1
* freerdp-devel-2.4.0-150400.3.23.1
* freerdp-debugsource-2.4.0-150400.3.23.1
* freerdp-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-2.4.0-150400.3.23.1
* freerdp-2.4.0-150400.3.23.1
* winpr2-devel-2.4.0-150400.3.23.1
* libfreerdp2-debuginfo-2.4.0-150400.3.23.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39350.html
* https://www.suse.com/security/cve/CVE-2023-39351.html
* https://www.suse.com/security/cve/CVE-2023-39352.html
* https://www.suse.com/security/cve/CVE-2023-39353.html
* https://www.suse.com/security/cve/CVE-2023-39354.html
* https://www.suse.com/security/cve/CVE-2023-39356.html
* https://www.suse.com/security/cve/CVE-2023-40181.html
* https://www.suse.com/security/cve/CVE-2023-40186.html
* https://www.suse.com/security/cve/CVE-2023-40188.html
* https://www.suse.com/security/cve/CVE-2023-40567.html
* https://www.suse.com/security/cve/CVE-2023-40569.html
* https://www.suse.com/security/cve/CVE-2023-40574.html
* https://www.suse.com/security/cve/CVE-2023-40575.html
* https://www.suse.com/security/cve/CVE-2023-40576.html
* https://www.suse.com/security/cve/CVE-2023-40589.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214856
* https://bugzilla.suse.com/show_bug.cgi?id=1214857
* https://bugzilla.suse.com/show_bug.cgi?id=1214858
* https://bugzilla.suse.com/show_bug.cgi?id=1214859
* https://bugzilla.suse.com/show_bug.cgi?id=1214860
* https://bugzilla.suse.com/show_bug.cgi?id=1214862
* https://bugzilla.suse.com/show_bug.cgi?id=1214863
* https://bugzilla.suse.com/show_bug.cgi?id=1214864
* https://bugzilla.suse.com/show_bug.cgi?id=1214866
* https://bugzilla.suse.com/show_bug.cgi?id=1214867
* https://bugzilla.suse.com/show_bug.cgi?id=1214868
* https://bugzilla.suse.com/show_bug.cgi?id=1214869
* https://bugzilla.suse.com/show_bug.cgi?id=1214870
* https://bugzilla.suse.com/show_bug.cgi?id=1214871
* https://bugzilla.suse.com/show_bug.cgi?id=1214872
1
0
openSUSE-SU-2023:0404-1: moderate: Security update for fish
by opensuse-security@opensuse.org 16 Dec '23
by opensuse-security@opensuse.org 16 Dec '23
16 Dec '23
openSUSE Security Update: Security update for fish
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0404-1
Rating: moderate
References: #1217808
Cross-References: CVE-2023-49284
CVSS scores:
CVE-2023-49284 (NVD) : 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
CVE-2023-49284 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for fish fixes the following issues:
- CVE-2023-49284: Fixed shell expansion triggered by command substitution
output (boo#1217808).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-404=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
fish-3.3.1-bp154.3.3.1
fish-devel-3.3.1-bp154.3.3.1
References:
https://www.suse.com/security/cve/CVE-2023-49284.html
https://bugzilla.suse.com/1217808
1
0
openSUSE-SU-2023:0405-1: moderate: Security update for fish
by opensuse-security@opensuse.org 16 Dec '23
by opensuse-security@opensuse.org 16 Dec '23
16 Dec '23
openSUSE Security Update: Security update for fish
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0405-1
Rating: moderate
References: #1217808
Cross-References: CVE-2023-49284
CVSS scores:
CVE-2023-49284 (NVD) : 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
CVE-2023-49284 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for fish fixes the following issues:
- CVE-2023-49284: Fixed shell expansion triggered by command substitution
output (boo#1217808).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-405=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
fish-3.3.1-bp155.4.3.1
fish-devel-3.3.1-bp155.4.3.1
References:
https://www.suse.com/security/cve/CVE-2023-49284.html
https://bugzilla.suse.com/1217808
1
0
15 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4882-1
Rating: important
References:
* bsc#1084909
* bsc#1208787
* bsc#1210780
* bsc#1216058
* bsc#1216259
* bsc#1216584
* bsc#1216965
* bsc#1216976
* jsc#PED-3184
* jsc#PED-5021
Cross-References:
* CVE-2023-0461
* CVE-2023-31083
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-5717
CVSS scores:
* CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE CaaS Platform 4.0
* SUSE Linux Enterprise High Availability Extension 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Live Patching 15-SP1
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Manager Proxy 4.0
* SUSE Manager Retail Branch Server 4.0
* SUSE Manager Server 4.0
An update that solves seven vulnerabilities, contains two features and has one
security fix can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4882=1
* SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4882=1
* SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4882=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4882=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4882=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4882=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (nosrc)
* kernel-default-4.12.14-150100.197.165.1
* kernel-kvmsmall-4.12.14-150100.197.165.1
* kernel-debug-4.12.14-150100.197.165.1
* kernel-zfcpdump-4.12.14-150100.197.165.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-base-4.12.14-150100.197.165.1
* kernel-debug-base-debuginfo-4.12.14-150100.197.165.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-base-debuginfo-4.12.14-150100.197.165.1
* openSUSE Leap 15.4 (x86_64)
* kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.165.1
* kernel-kvmsmall-base-4.12.14-150100.197.165.1
* openSUSE Leap 15.4 (s390x)
* kernel-default-man-4.12.14-150100.197.165.1
* kernel-zfcpdump-man-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
* kernel-default-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
* kernel-livepatch-4_12_14-150100_197_165-default-1-150100.3.5.1
* kernel-default-debugsource-4.12.14-150100.197.165.1
* kernel-default-livepatch-4.12.14-150100.197.165.1
* kernel-default-debuginfo-4.12.14-150100.197.165.1
* kernel-default-livepatch-devel-4.12.14-150100.197.165.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-4.12.14-150100.197.165.1
* ocfs2-kmp-default-4.12.14-150100.197.165.1
* dlm-kmp-default-4.12.14-150100.197.165.1
* kernel-default-debuginfo-4.12.14-150100.197.165.1
* ocfs2-kmp-default-debuginfo-4.12.14-150100.197.165.1
* gfs2-kmp-default-debuginfo-4.12.14-150100.197.165.1
* cluster-md-kmp-default-4.12.14-150100.197.165.1
* cluster-md-kmp-default-debuginfo-4.12.14-150100.197.165.1
* dlm-kmp-default-debuginfo-4.12.14-150100.197.165.1
* gfs2-kmp-default-4.12.14-150100.197.165.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
* kernel-default-4.12.14-150100.197.165.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
nosrc x86_64)
* kernel-default-4.12.14-150100.197.165.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* kernel-default-base-debuginfo-4.12.14-150100.197.165.1
* kernel-default-devel-4.12.14-150100.197.165.1
* kernel-default-debugsource-4.12.14-150100.197.165.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.165.1
* kernel-default-debuginfo-4.12.14-150100.197.165.1
* kernel-obs-build-4.12.14-150100.197.165.1
* kernel-obs-build-debugsource-4.12.14-150100.197.165.1
* kernel-syms-4.12.14-150100.197.165.1
* kernel-default-base-4.12.14-150100.197.165.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* kernel-devel-4.12.14-150100.197.165.1
* kernel-source-4.12.14-150100.197.165.1
* kernel-macros-4.12.14-150100.197.165.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch
nosrc)
* kernel-docs-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* kernel-default-base-debuginfo-4.12.14-150100.197.165.1
* kernel-default-devel-4.12.14-150100.197.165.1
* kernel-default-debugsource-4.12.14-150100.197.165.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.165.1
* reiserfs-kmp-default-4.12.14-150100.197.165.1
* kernel-default-debuginfo-4.12.14-150100.197.165.1
* kernel-obs-build-4.12.14-150100.197.165.1
* kernel-obs-build-debugsource-4.12.14-150100.197.165.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.165.1
* kernel-syms-4.12.14-150100.197.165.1
* kernel-default-base-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* kernel-devel-4.12.14-150100.197.165.1
* kernel-source-4.12.14-150100.197.165.1
* kernel-macros-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
* kernel-zfcpdump-debugsource-4.12.14-150100.197.165.1
* kernel-zfcpdump-debuginfo-4.12.14-150100.197.165.1
* kernel-default-man-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
* kernel-zfcpdump-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le
x86_64)
* kernel-default-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* kernel-default-base-debuginfo-4.12.14-150100.197.165.1
* kernel-default-devel-4.12.14-150100.197.165.1
* kernel-default-debugsource-4.12.14-150100.197.165.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.165.1
* reiserfs-kmp-default-4.12.14-150100.197.165.1
* kernel-default-debuginfo-4.12.14-150100.197.165.1
* kernel-obs-build-4.12.14-150100.197.165.1
* kernel-obs-build-debugsource-4.12.14-150100.197.165.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.165.1
* kernel-syms-4.12.14-150100.197.165.1
* kernel-default-base-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* kernel-devel-4.12.14-150100.197.165.1
* kernel-source-4.12.14-150100.197.165.1
* kernel-macros-4.12.14-150100.197.165.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.165.1
* SUSE CaaS Platform 4.0 (nosrc x86_64)
* kernel-default-4.12.14-150100.197.165.1
* SUSE CaaS Platform 4.0 (x86_64)
* kernel-default-base-debuginfo-4.12.14-150100.197.165.1
* kernel-default-devel-4.12.14-150100.197.165.1
* kernel-default-debugsource-4.12.14-150100.197.165.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.165.1
* reiserfs-kmp-default-4.12.14-150100.197.165.1
* kernel-default-debuginfo-4.12.14-150100.197.165.1
* kernel-obs-build-4.12.14-150100.197.165.1
* kernel-obs-build-debugsource-4.12.14-150100.197.165.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.165.1
* kernel-syms-4.12.14-150100.197.165.1
* kernel-default-base-4.12.14-150100.197.165.1
* SUSE CaaS Platform 4.0 (noarch)
* kernel-devel-4.12.14-150100.197.165.1
* kernel-source-4.12.14-150100.197.165.1
* kernel-macros-4.12.14-150100.197.165.1
* SUSE CaaS Platform 4.0 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.165.1
## References:
* https://www.suse.com/security/cve/CVE-2023-0461.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1208787
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
1
0
SUSE-SU-2023:4875-1: important: Security update for gstreamer-plugins-bad
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2023:4875-1
Rating: important
References:
* bsc#1217211
Cross-References:
* CVE-2023-44429
CVSS scores:
* CVE-2023-44429 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Desktop Applications Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues:
* CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow
(bsc#1217211).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4875=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4875=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4875=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4875=1
## Package List:
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgsttranscoder-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgstplayer-1_0-0-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-transcoder-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.12.1
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.12.1
* gstreamer-transcoder-devel-1.20.1-150400.3.12.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-transcoder-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.12.1
* libgstplay-1_0-0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.12.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-1.20.1-150400.3.12.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.12.1
* libgsttranscoder-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstva-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (x86_64)
* libgstva-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-32bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-32bit-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstplay-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-32bit-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-32bit-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.12.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.12.1
* libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-64bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-64bit-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstplay-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-64bit-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstva-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.12.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgstplayer-1_0-0-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* libgstplay-1_0-0-1.20.1-150400.3.12.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstphotography-1_0-0-1.20.1-150400.3.12.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.12.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-1.20.1-150400.3.12.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.12.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-1.20.1-150400.3.12.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.12.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.12.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.12.1
* libgstisoff-1_0-0-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.12.1
* gstreamer-plugins-bad-1.20.1-150400.3.12.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.12.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.12.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.12.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.12.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.12.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.12.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.12.1
* libgstva-1_0-0-1.20.1-150400.3.12.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.12.1
* Desktop Applications Module 15-SP4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2023-44429.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217211
1
0
SUSE-SU-2023:4871-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3)
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP3)
Announcement ID: SUSE-SU-2023:4871-1
Rating: important
References:
* bsc#1215097
* bsc#1215442
* bsc#1215519
Cross-References:
* CVE-2023-2163
* CVE-2023-3777
* CVE-2023-4622
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_106 fixes several issues.
The following security issues were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4871=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4871=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_27-debugsource-11-150300.2.2
* kernel-livepatch-5_3_18-150300_59_106-default-11-150300.2.2
* kernel-livepatch-5_3_18-150300_59_106-default-debuginfo-11-150300.2.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_106-preempt-debuginfo-11-150300.2.2
* kernel-livepatch-5_3_18-150300_59_106-preempt-11-150300.2.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_106-default-11-150300.2.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
1
0
SUSE-SU-2023:4872-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4)
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP4)
Announcement ID: SUSE-SU-2023:4872-1
Rating: important
References:
* bsc#1213584
* bsc#1215097
* bsc#1215442
* bsc#1215519
* bsc#1215971
Cross-References:
* CVE-2023-2163
* CVE-2023-3610
* CVE-2023-3777
* CVE-2023-4622
* CVE-2023-5345
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150400_24_81 fixes several issues.
The following security issues were fixed:
* CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be
exploited to achieve local privilege escalation (bsc#1213584).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215971)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4872=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4872=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_81-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_81-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-4-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3610.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213584
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
* https://bugzilla.suse.com/show_bug.cgi?id=1215971
1
0
SUSE-SU-2023:4848-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP5)
Announcement ID: SUSE-SU-2023:4848-1
Rating: important
References:
* bsc#1213584
* bsc#1215097
* bsc#1215442
* bsc#1215519
* bsc#1215971
Cross-References:
* CVE-2023-2163
* CVE-2023-3610
* CVE-2023-3777
* CVE-2023-4622
* CVE-2023-5345
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves five vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_19 fixes several issues.
The following security issues were fixed:
* CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be
exploited to achieve local privilege escalation (bsc#1213584).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215971)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4857=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4857=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4848=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2023-4851=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2023-4858=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-4859=1
SUSE-SLE-Module-Live-Patching-15-SP4-2023-4865=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2023-4856=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4851=1 SUSE-2023-4858=1 SUSE-2023-4859=1
SUSE-2023-4865=1 SUSE-2023-4856=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-4-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-12-150400.2.2
* kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-12-150400.2.2
* kernel-livepatch-5_14_21-150400_15_5-rt-12-150400.2.2
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_14-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_13-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_6-debugsource-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_10-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_69-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_66-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_38-default-12-150400.2.2
* kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_8-debugsource-10-150400.2.2
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_14-debugsource-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_13-debugsource-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_6-debugsource-12-150400.2.2
* kernel-livepatch-SLE15-SP4_Update_10-debugsource-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_69-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-10-150400.2.2
* kernel-livepatch-5_14_21-150400_24_66-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_55-default-9-150400.2.1
* kernel-livepatch-5_14_21-150400_24_38-default-12-150400.2.2
* kernel-livepatch-5_14_21-150400_24_69-default-debuginfo-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_8-debugsource-10-150400.2.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3610.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213584
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
* https://bugzilla.suse.com/show_bug.cgi?id=1215971
1
0
SUSE-SU-2023:4867-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)
Announcement ID: SUSE-SU-2023:4867-1
Rating: important
References:
* bsc#1215097
* bsc#1215519
Cross-References:
* CVE-2023-2163
* CVE-2023-3777
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_55_31 fixes several issues.
The following security issues were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4867=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4867=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4864=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4864=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-2-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_92-default-debuginfo-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_19-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_92-default-2-150400.2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_6-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_6-debugsource-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-2-150500.2.1
* kernel-livepatch-5_14_21-150500_55_31-default-debuginfo-2-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
1
0
# Security update for openssl-3
Announcement ID: SUSE-SU-2023:4649-1
Rating: important
References:
* bsc#1194187
* bsc#1207472
* bsc#1216922
Cross-References:
* CVE-2023-5678
CVSS scores:
* CVE-2023-5678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5678 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability and has two security fixes can now be
installed.
## Description:
This update for openssl-3 fixes the following issues:
* CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH
keys that resulted in a possible Denial of Service (bsc#1216922).
Bug fixes:
* The default /etc/ssl/openssl3.cnf file will include any configuration files
that other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/.
* Create the two new necessary directores for the above. [bsc#1194187,
bsc#1207472]
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4649=1 SUSE-2023-4649=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4649=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4649=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4649=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4649=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4649=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4649=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4649=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-debugsource-3.0.8-150400.4.42.1
* libopenssl-3-devel-3.0.8-150400.4.42.1
* libopenssl3-3.0.8-150400.4.42.1
* openssl-3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl-3-devel-32bit-3.0.8-150400.4.42.1
* libopenssl3-32bit-debuginfo-3.0.8-150400.4.42.1
* libopenssl3-32bit-3.0.8-150400.4.42.1
* openSUSE Leap 15.4 (noarch)
* openssl-3-doc-3.0.8-150400.4.42.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150400.4.42.1
* libopenssl-3-devel-64bit-3.0.8-150400.4.42.1
* libopenssl3-64bit-debuginfo-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.42.1
* libopenssl-3-devel-3.0.8-150400.4.42.1
* libopenssl3-3.0.8-150400.4.42.1
* openssl-3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* libopenssl3-3.0.8-150400.4.42.1
* libopenssl3-debuginfo-3.0.8-150400.4.42.1
* openssl-3-debugsource-3.0.8-150400.4.42.1
## References:
* https://www.suse.com/security/cve/CVE-2023-5678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194187
* https://bugzilla.suse.com/show_bug.cgi?id=1207472
* https://bugzilla.suse.com/show_bug.cgi?id=1216922
1
0
# Security update for curl
Announcement ID: SUSE-SU-2023:4659-1
Rating: moderate
References:
* bsc#1217573
* bsc#1217574
Cross-References:
* CVE-2023-46218
* CVE-2023-46219
CVSS scores:
* CVE-2023-46218 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2023-46218 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-46219 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves two vulnerabilities can now be installed.
## Description:
This update for curl fixes the following issues:
* CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
* CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4659=1 openSUSE-SLE-15.4-2023-4659=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4659=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4659=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4659=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4659=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4659=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4659=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4659=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4659=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* openSUSE Leap 15.4 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
* libcurl-devel-32bit-8.0.1-150400.5.36.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libcurl4-64bit-8.0.1-150400.5.36.1
* libcurl4-64bit-debuginfo-8.0.1-150400.5.36.1
* libcurl-devel-64bit-8.0.1-150400.5.36.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* openSUSE Leap 15.5 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
* libcurl-devel-32bit-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* Basesystem Module 15-SP4 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libcurl4-debuginfo-8.0.1-150400.5.36.1
* curl-debuginfo-8.0.1-150400.5.36.1
* curl-debugsource-8.0.1-150400.5.36.1
* curl-8.0.1-150400.5.36.1
* libcurl4-8.0.1-150400.5.36.1
* libcurl-devel-8.0.1-150400.5.36.1
* Basesystem Module 15-SP5 (x86_64)
* libcurl4-32bit-8.0.1-150400.5.36.1
* libcurl4-32bit-debuginfo-8.0.1-150400.5.36.1
## References:
* https://www.suse.com/security/cve/CVE-2023-46218.html
* https://www.suse.com/security/cve/CVE-2023-46219.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217573
* https://bugzilla.suse.com/show_bug.cgi?id=1217574
1
0
# Security update for qemu
Announcement ID: SUSE-SU-2023:4662-1
Rating: important
References:
* bsc#1188609
* bsc#1212850
* bsc#1213210
* bsc#1213925
* bsc#1215311
Cross-References:
* CVE-2021-3638
* CVE-2023-3180
* CVE-2023-3354
CVSS scores:
* CVE-2021-3638 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
* CVE-2021-3638 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3180 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-3180 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3354 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3354 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities and has two security fixes can now
be installed.
## Description:
This update for qemu fixes the following issues:
* CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt
(bsc#1188609)
* CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym
request (bsc#1213925)
* CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake
(bsc#1212850)
* [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41
(bsc#1215311)
* target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
* linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4662=1 openSUSE-SLE-15.5-2023-4662=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4662=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4662=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4662=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* qemu-extra-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2
* qemu-audio-spice-7.1.0-150500.49.9.2
* qemu-tools-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-7.1.0-150500.49.9.2
* qemu-ppc-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-curses-7.1.0-150500.49.9.2
* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-block-nfs-debuginfo-7.1.0-150500.49.9.2
* qemu-7.1.0-150500.49.9.2
* qemu-arm-7.1.0-150500.49.9.2
* qemu-block-dmg-7.1.0-150500.49.9.2
* qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-vhost-user-gpu-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2
* qemu-arm-debuginfo-7.1.0-150500.49.9.2
* qemu-chardev-baum-7.1.0-150500.49.9.2
* qemu-block-dmg-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-qtest-debuginfo-7.1.0-150500.49.9.2
* qemu-chardev-spice-7.1.0-150500.49.9.2
* qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-gtk-7.1.0-150500.49.9.2
* qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2
* qemu-extra-7.1.0-150500.49.9.2
* qemu-linux-user-debugsource-7.1.0-150500.49.9.1
* qemu-headless-7.1.0-150500.49.9.2
* qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2
* qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2
* qemu-s390x-debuginfo-7.1.0-150500.49.9.2
* qemu-linux-user-debuginfo-7.1.0-150500.49.9.1
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2
* qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.9.2
* qemu-ksm-7.1.0-150500.49.9.2
* qemu-guest-agent-7.1.0-150500.49.9.2
* qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-oss-7.1.0-150500.49.9.2
* qemu-audio-dbus-7.1.0-150500.49.9.2
* qemu-block-ssh-7.1.0-150500.49.9.2
* qemu-linux-user-7.1.0-150500.49.9.1
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-pa-7.1.0-150500.49.9.2
* qemu-audio-jack-7.1.0-150500.49.9.2
* qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-spice-core-7.1.0-150500.49.9.2
* qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-host-7.1.0-150500.49.9.2
* qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2
* qemu-block-iscsi-7.1.0-150500.49.9.2
* qemu-ui-spice-app-7.1.0-150500.49.9.2
* qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-smartcard-7.1.0-150500.49.9.2
* qemu-ppc-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-7.1.0-150500.49.9.2
* qemu-block-gluster-debuginfo-7.1.0-150500.49.9.2
* qemu-lang-7.1.0-150500.49.9.2
* qemu-ivshmem-tools-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-7.1.0-150500.49.9.2
* qemu-s390x-7.1.0-150500.49.9.2
* qemu-audio-oss-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-7.1.0-150500.49.9.2
* qemu-audio-alsa-7.1.0-150500.49.9.2
* qemu-tools-7.1.0-150500.49.9.2
* qemu-ui-dbus-7.1.0-150500.49.9.2
* qemu-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-x86-7.1.0-150500.49.9.2
* qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-opengl-7.1.0-150500.49.9.2
* qemu-block-nfs-7.1.0-150500.49.9.2
* qemu-audio-jack-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2
* qemu-accel-qtest-7.1.0-150500.49.9.2
* qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2
* qemu-block-gluster-7.1.0-150500.49.9.2
* openSUSE Leap 15.5 (s390x x86_64 i586)
* qemu-kvm-7.1.0-150500.49.9.2
* openSUSE Leap 15.5 (noarch)
* qemu-microvm-7.1.0-150500.49.9.2
* qemu-sgabios-8-150500.49.9.2
* qemu-ipxe-1.0.0+-150500.49.9.2
* qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-skiboot-7.1.0-150500.49.9.2
* qemu-SLOF-7.1.0-150500.49.9.2
* qemu-seabios-1.16.0_0_gd239552-150500.49.9.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2
* qemu-block-rbd-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-7.1.0-150500.49.9.2
* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2
* qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-guest-agent-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-7.1.0-150500.49.9.2
* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-tools-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-opengl-7.1.0-150500.49.9.2
* qemu-tools-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2
* qemu-ui-spice-core-7.1.0-150500.49.9.2
* qemu-chardev-spice-7.1.0-150500.49.9.2
* qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2
* qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (aarch64)
* qemu-arm-debuginfo-7.1.0-150500.49.9.2
* qemu-arm-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (noarch)
* qemu-seabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-sgabios-8-150500.49.9.2
* qemu-ipxe-1.0.0+-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (s390x)
* qemu-s390x-7.1.0-150500.49.9.2
* qemu-s390x-debuginfo-7.1.0-150500.49.9.2
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-7.1.0-150500.49.9.2
* qemu-x86-7.1.0-150500.49.9.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* qemu-tools-7.1.0-150500.49.9.2
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-tools-debuginfo-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* qemu-ui-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-host-debuginfo-7.1.0-150500.49.9.2
* qemu-block-ssh-debuginfo-7.1.0-150500.49.9.2
* qemu-lang-7.1.0-150500.49.9.2
* qemu-7.1.0-150500.49.9.2
* qemu-block-rbd-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-dbus-debuginfo-7.1.0-150500.49.9.2
* qemu-ksm-7.1.0-150500.49.9.2
* qemu-guest-agent-7.1.0-150500.49.9.2
* qemu-block-rbd-7.1.0-150500.49.9.2
* qemu-debugsource-7.1.0-150500.49.9.2
* qemu-audio-dbus-7.1.0-150500.49.9.2
* qemu-block-ssh-7.1.0-150500.49.9.2
* qemu-chardev-baum-7.1.0-150500.49.9.2
* qemu-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-dbus-7.1.0-150500.49.9.2
* qemu-chardev-baum-debuginfo-7.1.0-150500.49.9.2
* qemu-block-curl-7.1.0-150500.49.9.2
* qemu-hw-usb-host-7.1.0-150500.49.9.2
* qemu-ui-curses-debuginfo-7.1.0-150500.49.9.2
* qemu-block-iscsi-7.1.0-150500.49.9.2
* qemu-block-iscsi-debuginfo-7.1.0-150500.49.9.2
* qemu-guest-agent-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-curses-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (aarch64)
* qemu-arm-debuginfo-7.1.0-150500.49.9.2
* qemu-arm-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (aarch64 ppc64le x86_64)
* qemu-chardev-spice-7.1.0-150500.49.9.2
* qemu-chardev-spice-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-gtk-7.1.0-150500.49.9.2
* qemu-ui-opengl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-7.1.0-150500.49.9.2
* qemu-ui-spice-app-7.1.0-150500.49.9.2
* qemu-ui-spice-app-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-7.1.0-150500.49.9.2
* qemu-ui-spice-core-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-gtk-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.9.2
* qemu-ui-opengl-7.1.0-150500.49.9.2
* qemu-hw-usb-redirect-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2
* qemu-ui-spice-core-7.1.0-150500.49.9.2
* qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-spice-debuginfo-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (noarch)
* qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2
* qemu-ipxe-1.0.0+-150500.49.9.2
* qemu-sgabios-8-150500.49.9.2
* qemu-skiboot-7.1.0-150500.49.9.2
* qemu-SLOF-7.1.0-150500.49.9.2
* qemu-seabios-1.16.0_0_gd239552-150500.49.9.2
* Server Applications Module 15-SP5 (ppc64le)
* qemu-ppc-debuginfo-7.1.0-150500.49.9.2
* qemu-ppc-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (s390x x86_64)
* qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.9.2
* qemu-kvm-7.1.0-150500.49.9.2
* qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (s390x)
* qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.9.2
* qemu-s390x-7.1.0-150500.49.9.2
* qemu-s390x-debuginfo-7.1.0-150500.49.9.2
* qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.9.2
* Server Applications Module 15-SP5 (x86_64)
* qemu-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-pa-7.1.0-150500.49.9.2
* qemu-x86-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.9.2
* qemu-audio-alsa-7.1.0-150500.49.9.2
* qemu-audio-alsa-debuginfo-7.1.0-150500.49.9.2
* qemu-accel-tcg-x86-7.1.0-150500.49.9.2
* qemu-audio-pa-debuginfo-7.1.0-150500.49.9.2
## References:
* https://www.suse.com/security/cve/CVE-2021-3638.html
* https://www.suse.com/security/cve/CVE-2023-3180.html
* https://www.suse.com/security/cve/CVE-2023-3354.html
* https://bugzilla.suse.com/show_bug.cgi?id=1188609
* https://bugzilla.suse.com/show_bug.cgi?id=1212850
* https://bugzilla.suse.com/show_bug.cgi?id=1213210
* https://bugzilla.suse.com/show_bug.cgi?id=1213925
* https://bugzilla.suse.com/show_bug.cgi?id=1215311
1
0
14 Dec '23
# Security update for suse-build-key
Announcement ID: SUSE-SU-2023:4672-1
Rating: important
References:
* bsc#1216410
* bsc#1217215
* jsc#PED-2777
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains one feature and has two security fixes can now be
installed.
## Description:
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced with a systemd
timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). \- suse-build-key-
import.service \- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and
reserve keys. After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4672=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4672=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4672=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4672=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4672=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4672=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4672=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4672=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4672=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4672=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4672=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4672=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4672=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4672=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4672=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4672=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4672=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4672=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4672=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4672=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4672=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4672=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4672=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4672=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4672=1
## Package List:
* openSUSE Leap Micro 5.3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* openSUSE Leap Micro 5.4 (noarch)
* suse-build-key-12.0-150000.8.37.1
* openSUSE Leap 15.4 (noarch)
* suse-build-key-12.0-150000.8.37.1
* openSUSE Leap 15.5 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* suse-build-key-12.0-150000.8.37.1
* Basesystem Module 15-SP4 (noarch)
* suse-build-key-12.0-150000.8.37.1
* Basesystem Module 15-SP5 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Enterprise Storage 7.1 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE CaaS Platform 4.0 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro 5.1 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro 5.2 (noarch)
* suse-build-key-12.0-150000.8.37.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
* suse-build-key-12.0-150000.8.37.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1216410
* https://bugzilla.suse.com/show_bug.cgi?id=1217215
* https://jira.suse.com/browse/PED-2777
1
0
# Security update for poppler
Announcement ID: SUSE-SU-2023:4690-1
Rating: moderate
References:
* bsc#1120956
Cross-References:
* CVE-2018-20662
CVSS scores:
* CVE-2018-20662 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2018-20662 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2018-20662 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
An update that solves one vulnerability can now be installed.
## Description:
This update for poppler fixes the following issues:
* CVE-2018-20662: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS
because of a wrong return value from PDFDoc:setup (bsc#1120956).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4690=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libpoppler73-debuginfo-0.62.0-150000.4.34.1
* libpoppler73-0.62.0-150000.4.34.1
* openSUSE Leap 15.4 (x86_64)
* libpoppler73-32bit-debuginfo-0.62.0-150000.4.34.1
* libpoppler73-32bit-0.62.0-150000.4.34.1
## References:
* https://www.suse.com/security/cve/CVE-2018-20662.html
* https://bugzilla.suse.com/show_bug.cgi?id=1120956
1
0
# Security update for go1.21
Announcement ID: SUSE-SU-2023:4709-1
Rating: important
References:
* bsc#1212475
* bsc#1216943
* bsc#1217833
* bsc#1217834
Cross-References:
* CVE-2023-39326
* CVE-2023-45284
* CVE-2023-45285
CVSS scores:
* CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves three vulnerabilities and has one security fix can now be
installed.
## Description:
This update for go1.21 fixes the following issues:
Update to go1.21.5:
* CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme
(bsc#1217834).
* CVE-2023-45284: path/filepath: Clean removes ending slash for volume on
Windows in Go 1.21.4 (bsc#1216943).
* CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
* cmd/go: go mod download needs to support toolchain upgrades
* cmd/compile: invalid pointer found on stack when compiled with -race
* os: NTFS deduped file changed from regular to irregular
* net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux
kernel < 5.1
* cmd/compile: internal compiler error: panic during prove while compiling:
unexpected induction with too many parents
* syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
* runtime: self-deadlock on mheap_.lock
* crypto/rand: Legacy RtlGenRandom use on Windows
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4709=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4709=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4709=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4709=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
* Development Tools Module 15-SP4 (aarch64 x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-race-1.21.5-150000.1.18.1
* go1.21-1.21.5-150000.1.18.1
* go1.21-doc-1.21.5-150000.1.18.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39326.html
* https://www.suse.com/security/cve/CVE-2023-45284.html
* https://www.suse.com/security/cve/CVE-2023-45285.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212475
* https://bugzilla.suse.com/show_bug.cgi?id=1216943
* https://bugzilla.suse.com/show_bug.cgi?id=1217833
* https://bugzilla.suse.com/show_bug.cgi?id=1217834
1
0
SUSE-SU-2023:4727-1: important: Security update for catatonit, containerd, runc
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for catatonit, containerd, runc
Announcement ID: SUSE-SU-2023:4727-1
Rating: important
References:
* bsc#1200528
Cross-References:
* CVE-2022-1996
CVSS scores:
* CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Products:
* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update of runc and containerd fixes the following issues:
containerd:
* Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
* Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
* Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only process
in a pause container, by passing the -P flag (in this mode no subprocess is
spawned and thus no signal forwarding is done).
* Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such
as passing file descriptors).
runc:
* Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4727=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4727=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4727=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4727=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4727=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4727=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4727=1
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4727=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4727=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4727=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4727=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4727=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4727=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4727=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4727=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4727=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4727=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4727=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4727=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4727=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4727=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4727=1
## Package List:
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* containerd-devel-1.7.8-150000.103.1
* containerd-1.7.8-150000.103.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* containerd-devel-1.7.8-150000.103.1
* containerd-1.7.8-150000.103.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* containerd-devel-1.7.8-150000.103.1
* containerd-1.7.8-150000.103.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE CaaS Platform 4.0 (x86_64)
* containerd-ctr-1.7.8-150000.103.1
* runc-debuginfo-1.1.10-150000.55.1
* runc-1.1.10-150000.55.1
* catatonit-0.2.0-150000.3.6.1
* catatonit-debugsource-0.2.0-150000.3.6.1
* containerd-1.7.8-150000.103.1
* catatonit-debuginfo-0.2.0-150000.3.6.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.10-150000.55.1
* containerd-1.7.8-150000.103.1
* runc-1.1.10-150000.55.1
## References:
* https://www.suse.com/security/cve/CVE-2022-1996.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200528
1
0
14 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4730-1
Rating: important
References:
* bsc#1084909
* bsc#1207948
* bsc#1210447
* bsc#1214286
* bsc#1214700
* bsc#1214840
* bsc#1214976
* bsc#1215123
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1215802
* bsc#1215931
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216527
* bsc#1216584
* bsc#1216687
* bsc#1216693
* bsc#1216759
* bsc#1216788
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217095
* bsc#1217124
* bsc#1217140
* bsc#1217147
* bsc#1217195
* bsc#1217196
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217511
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5633
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves 13 vulnerabilities, contains three features and has 38
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were
handled when they were being used to store a surface (bsc#1216527).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
The following non-security bugs were fixed:
* ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
* ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
* ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes).
* ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
* ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes).
* ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes).
* ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
* ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
* ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git-
fixes).
* ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
* ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
* ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
* ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
* ALSA: info: Fix potential deadlock at disconnection (git-fixes).
* ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices
(git-fixes).
* ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
* ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran
(git-fixes).
* ASoC: ams-delta.c: use component after check (git-fixes).
* ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
* ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
* ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
described (git-fixes).
* ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
* ASoC: rt5650: fix the wrong result of key button (git-fixes).
* ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
* Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
* Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-
fixes).
* Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-
fixes).
* Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
* Documentation: networking: correct possessive "its" (bsc#1215458).
* Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-
fixes).
* Fix termination state for idr_for_each_entry_ul() (git-fixes).
* HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
* HID: hyperv: Replace one-element array with flexible-array member (git-
fixes).
* HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
* HID: hyperv: remove unused struct synthhid_msg (git-fixes).
* HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only
(git-fixes).
* HID: logitech-hidpp: Move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
* HID: logitech-hidpp: Revert "Do not restart communication if not necessary"
(git-fixes).
* Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-
fixes).
* Input: xpad - add VID for Turtle Beach controllers (git-fixes).
* NFS: Fix access to page->mapping (bsc#1216788).
* PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
* PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
* PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
* PCI: Extract ATS disabling to a helper function (bsc#1215458).
* PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-
fixes).
* PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
* PCI: Use FIELD_GET() to extract Link Width (git-fixes).
* PCI: exynos: Do not discard .remove() callback (git-fixes).
* PCI: keystone: Do not discard .probe() callback (git-fixes).
* PCI: keystone: Do not discard .remove() callback (git-fixes).
* PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-
fixes).
* PCI: vmd: Correct PCI Header Type Register's multi-function check (git-
fixes).
* PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
* PM: hibernate: Use __get_safe_page() rather than touching the list (git-
fixes).
* USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
* USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
* USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* USB: serial: option: add Fibocom L7xx modules (git-fixes).
* USB: serial: option: add Luat Air72*U series products (git-fixes).
* USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
* USB: serial: option: fix FM101R-GL defines (git-fixes).
* USB: usbip: fix stub_dev hub disconnect (git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: Add Cortex-A520 CPU part definition (git-fixes)
* arm64: allow kprobes on EL0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass ESR_ELx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out EL1 SSBS emulation hook (git-fixes)
* arm64: report EL1 UNDEFs better (git-fixes)
* arm64: rework BTI exception handling (git-fixes)
* arm64: rework EL0 MRS emulation (git-fixes)
* arm64: rework FPAC exception handling (git-fixes)
* arm64: split EL0/EL1 UNDEF handlers (git-fixes)
* ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
* atl1c: Work around the DMA RX overflow issue (git-fixes).
* atm: iphase: Do PCI error checks on own line (git-fixes).
* blk-mq: Do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: Add device 0bda:887b to device tables (git-fixes).
* bluetooth: Add device 13d3:3571 to device tables (git-fixes).
* btrfs: always log symlinks in full mode (bsc#1214840).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
* can: isotp: set max PDU size to 64 kByte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: Fix comment (git-fixes).
* clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name (git-fixes).
* clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
* clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
* clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: Fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
* clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
* clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clk: ti: change ti_clk_register_omap_hw API (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
(git-fixes).
* clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes).
* crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
* dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
* drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
(git-fixes).
* drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
* drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-
fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
* drm/amd: Move helper for dynamic speed switch check out of smu13 (git-
fixes).
* drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
(git-fixes).
* drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
* drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
(git-fixes).
* drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: Remove unnecessary domain argument (git-fixes).
* drm/amdgpu: Reserve fences for VM update (git-fixes).
* drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
* drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-
fixes).
* drm/amdgpu: do not use ATRM for external devices (git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes).
* drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
* drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: tc358768: Clean up clock period code (git-fixes).
* drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: Fix bit updates (git-fixes).
* drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes).
* drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
* drm/bridge: tc358768: Print logical values, not raw register values (git-
fixes).
* drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes).
* drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes).
* drm/bridge: tc358768: Use struct videomode (git-fixes).
* drm/bridge: tc358768: remove unused variable (git-fixes).
* drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git-
fixes).
* drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes).
* drm/gud: Use size_add() in call to struct_size() (git-fixes).
* drm/i915: Fix potential spectre vulnerability (git-fixes).
* drm/i915: Flush WC GGTT only on required platforms (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
(git-fixes).
* drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: Create devm device attachment (git-fixes).
* drm/mipi-dsi: Create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
* drm/msm/dsi: free TX buffer in unbind (git-fixes).
* drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
* drm/panel: st7703: Pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: fix a possible null pointer dereference (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-
fixes).
* drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
* drm/ttm: Reorder sys manager cleanup step (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527)
* drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527)
* drm: bridge: it66121: Fix invalid connector dereference (git-fixes).
* drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: omapfb: Drop unused remove function (git-fixes).
* fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git-
fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* gpu: host1x: Correct allocated size for contexts (git-fixes).
* hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-
fixes).
* hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
* hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
* i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: Fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-
fixes).
* i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix wrong data return when IBI happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
* idpf: add RX splitq napi poll support (bsc#1215458).
* idpf: add SRIOV support and other ndo_ops (bsc#1215458).
* idpf: add TX splitq napi poll support (bsc#1215458).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and MAC filter support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for RX queues (bsc#1215458).
* idpf: configure resources for TX queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
* leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: Do not use SMBUS calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: Correctly initialise try compose rectangle (git-fixes).
* media: ccs: Fix driver quirk struct documentation (git-fixes).
* media: cedrus: Fix clock/reset sequence (git-fixes).
* media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: Fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: Drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: Add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: Add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-
fixes).
* mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: Fix double put in dln2_probe (git-fixes).
* misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237,
git-fixes).
* mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
* mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
* mmc: block: Retry commands in CQE error recovery (git-fixes).
* mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
* mmc: cqhci: Increase recovery halt timeout (git-fixes).
* mmc: cqhci: Warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
* mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-
fixes).
* mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-
fixes).
* mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
* mtd: rawnand: arasan: Include ECC syndrome along with in-band data while
checking for ECC failure (git-fixes).
* net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
* net: Avoid address overwrite in kernel_connect (bsc#1216861).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: mana: Fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* nvme: update firmware version after commit (bsc#1215292).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86/intel-uncore-freq: Return error on write frequency
(bsc#1217147).
* platform/x86/intel-uncore-freq: Split common and enumeration part
(bsc#1217147).
* platform/x86/intel-uncore-freq: Support for cluster level controls
(bsc#1217147).
* platform/x86/intel-uncore-freq: Uncore frequency control via TPMI
(bsc#1217147).
* platform/x86/intel-uncore-freq: tpmi: Provide cluster level control
(bsc#1217147).
* platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature
drivers (bsc#1217147).
* platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147).
* platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147).
* platform/x86/intel/uncore-freq: Display uncore current frequency
(bsc#1217147).
* platform/x86/intel/uncore-freq: Move to uncore-frequency folder
(bsc#1217147).
* platform/x86/intel/uncore-freq: Use sysfs API to create attributes
(bsc#1217147).
* platform/x86/intel/vsec: Add TPMI ID (bsc#1217147).
* platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux()
(bsc#1217147).
* platform/x86/intel/vsec: Support private data (bsc#1217147).
* platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free()
(bsc#1217147).
* platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147).
* platform/x86/intel: tpmi: Fix double free in tpmi_create_device()
(bsc#1217147).
* platform/x86: intel-uncore-freq: Add client processors (bsc#1217147).
* platform/x86: intel-uncore-freq: Conditionally create attribute for read
frequency (bsc#1217147).
* platform/x86: intel-uncore-freq: Prevent driver loading in guests
(bsc#1217147).
* platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf()
(bsc#1217147).
* platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes
(bsc#1217147).
* platform/x86: intel-uncore-frequency: Move to intel sub-directory
(bsc#1217147).
* platform/x86: intel-uncore-frequency: use default_groups in kobj_type
(bsc#1217147).
* platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-
fixes).
* platform/x86: wmi: Fix opening of char device (git-fixes).
* platform/x86: wmi: Fix probe failure when failing to register WMI devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* powerpc/perf/hv-24x7: Update domain value check (bsc#1215931).
* powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687
ltc#203927).
* powerpc: Do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: Fix double shift bug (git-fixes).
* pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
* pwm: sti: Reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
* regmap: Ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* s390/ap: fix AP bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (LTC#203997
bsc#1217086).
* s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for ERP requests (git-fixes
bsc#1217598).
* s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes
bsc#1217511).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(LTC#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(LTC#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217599).
* sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
* sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
* sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: Correct maximum PCI function value for RAS fw logging
(bsc#1217731).
* scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: Enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: Fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
* scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV
ports (bsc#1217124).
* scsi: lpfc: Remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
* scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: Fix ksft print formats (git-fixes).
* selftests/resctrl: Ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-
fixes).
* selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial
cards" (git-fixes).
* serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
* tty: 8250: Add support for Brainboxes UP cards (git-fixes).
* tty: 8250: Add support for Intashield IS-100 (git-fixes).
* tty: 8250: Add support for Intashield IX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
* tty: 8250: Fix port count of PX-257 (git-fixes).
* tty: 8250: Fix up PX-803/PX-857 (git-fixes).
* tty: 8250: Remove UC-257 and UC-431 (git-fixes).
* tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
* usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
* usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
* usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
* usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc3: Fix default mode initialization (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility (git-fixes).
* usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: Do not touch the CE interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix gtk offload status event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
* wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700).
* x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
* x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-
fixes).
* x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
* x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-
fixes).
* x86/sev: Fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-
fixes).
* x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert AGF log flags to unsigned (git-fixes).
* xfs: convert AGI log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize AG block number formatting in ftrace output (git-fixes).
* xfs: standardize AG number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: Enable RPM on controllers that support low-power states (git-fixes).
* xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4730=1 openSUSE-SLE-15.5-2023-4730=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4730=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4730=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4730=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4730=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4730=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4730=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4730=1
## Package List:
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (noarch)
* kernel-macros-5.14.21-150500.55.39.1
* kernel-source-vanilla-5.14.21-150500.55.39.1
* kernel-devel-5.14.21-150500.55.39.1
* kernel-source-5.14.21-150500.55.39.1
* kernel-docs-html-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150500.55.39.1
* kernel-debug-debuginfo-5.14.21-150500.55.39.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.39.1
* kernel-debug-devel-5.14.21-150500.55.39.1
* kernel-debug-devel-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-5.14.21-150500.55.39.1
* kernel-debug-vdso-5.14.21-150500.55.39.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.39.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.39.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.39.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150500.55.39.1.150500.6.17.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
* kernel-kvmsmall-devel-5.14.21-150500.55.39.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.39.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.39.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.39.1
* kernel-obs-build-5.14.21-150500.55.39.1
* cluster-md-kmp-default-5.14.21-150500.55.39.1
* kernel-default-devel-5.14.21-150500.55.39.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.39.1
* gfs2-kmp-default-5.14.21-150500.55.39.1
* ocfs2-kmp-default-5.14.21-150500.55.39.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-livepatch-devel-5.14.21-150500.55.39.1
* kernel-default-extra-5.14.21-150500.55.39.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.39.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.39.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-optional-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-livepatch-5.14.21-150500.55.39.1
* kernel-obs-build-debugsource-5.14.21-150500.55.39.1
* kselftests-kmp-default-5.14.21-150500.55.39.1
* kernel-obs-qa-5.14.21-150500.55.39.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-syms-5.14.21-150500.55.39.1
* reiserfs-kmp-default-5.14.21-150500.55.39.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.39.1
* dlm-kmp-default-5.14.21-150500.55.39.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_39-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_8-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.39.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64)
* dtb-apple-5.14.21-150500.55.39.1
* dtb-nvidia-5.14.21-150500.55.39.1
* dtb-freescale-5.14.21-150500.55.39.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.39.1
* dtb-marvell-5.14.21-150500.55.39.1
* dtb-altera-5.14.21-150500.55.39.1
* dtb-hisilicon-5.14.21-150500.55.39.1
* dtb-rockchip-5.14.21-150500.55.39.1
* dlm-kmp-64kb-5.14.21-150500.55.39.1
* dtb-sprd-5.14.21-150500.55.39.1
* dtb-apm-5.14.21-150500.55.39.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-debugsource-5.14.21-150500.55.39.1
* gfs2-kmp-64kb-5.14.21-150500.55.39.1
* dtb-socionext-5.14.21-150500.55.39.1
* ocfs2-kmp-64kb-5.14.21-150500.55.39.1
* dtb-renesas-5.14.21-150500.55.39.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* dtb-lg-5.14.21-150500.55.39.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.39.1
* kselftests-kmp-64kb-5.14.21-150500.55.39.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* dtb-amlogic-5.14.21-150500.55.39.1
* dtb-amazon-5.14.21-150500.55.39.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* cluster-md-kmp-64kb-5.14.21-150500.55.39.1
* kernel-64kb-extra-5.14.21-150500.55.39.1
* dtb-mediatek-5.14.21-150500.55.39.1
* dtb-allwinner-5.14.21-150500.55.39.1
* dtb-cavium-5.14.21-150500.55.39.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-optional-5.14.21-150500.55.39.1
* dtb-arm-5.14.21-150500.55.39.1
* dtb-broadcom-5.14.21-150500.55.39.1
* dtb-qcom-5.14.21-150500.55.39.1
* reiserfs-kmp-64kb-5.14.21-150500.55.39.1
* dtb-exynos-5.14.21-150500.55.39.1
* kernel-64kb-devel-5.14.21-150500.55.39.1
* dtb-amd-5.14.21-150500.55.39.1
* dtb-xilinx-5.14.21-150500.55.39.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-debuginfo-5.14.21-150500.55.39.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-debugsource-5.14.21-150500.55.39.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-64kb-devel-5.14.21-150500.55.39.1
* kernel-64kb-debuginfo-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150500.55.39.1
* kernel-default-devel-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.39.1
* kernel-macros-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.39.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.39.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.39.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.39.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-syms-5.14.21-150500.55.39.1
* kernel-obs-build-debugsource-5.14.21-150500.55.39.1
* kernel-obs-build-5.14.21-150500.55.39.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.39.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* reiserfs-kmp-default-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* kernel-default-livepatch-5.14.21-150500.55.39.1
* kernel-livepatch-5_14_21-150500_55_39-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_8-debugsource-1-150500.11.3.1
* kernel-default-livepatch-devel-5.14.21-150500.55.39.1
* kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-1-150500.11.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* cluster-md-kmp-default-5.14.21-150500.55.39.1
* dlm-kmp-default-5.14.21-150500.55.39.1
* ocfs2-kmp-default-5.14.21-150500.55.39.1
* gfs2-kmp-default-5.14.21-150500.55.39.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.39.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.39.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-5.14.21-150500.55.39.1
* kernel-default-debuginfo-5.14.21-150500.55.39.1
* kernel-default-debugsource-5.14.21-150500.55.39.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.39.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5633.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214700
* https://bugzilla.suse.com/show_bug.cgi?id=1214840
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215123
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1215802
* https://bugzilla.suse.com/show_bug.cgi?id=1215931
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216527
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216687
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216788
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217095
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217147
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217196
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217511
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237
1
0
14 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4734-1
Rating: important
References:
* bsc#1084909
* bsc#1207948
* bsc#1210447
* bsc#1214286
* bsc#1214700
* bsc#1214840
* bsc#1214976
* bsc#1215123
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1215802
* bsc#1215931
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216527
* bsc#1216584
* bsc#1216687
* bsc#1216693
* bsc#1216759
* bsc#1216788
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217095
* bsc#1217124
* bsc#1217140
* bsc#1217147
* bsc#1217195
* bsc#1217196
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217511
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5633
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 13 vulnerabilities, contains three features and has 38
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were
handled when they were being used to store a surface (bsc#1216527).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
* acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
* acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
* acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
* alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
* alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
* alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
* alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
* alsa: hda/realtek: add quirks for hp laptops (git-fixes).
* alsa: hda/realtek: add support dual speaker for dell (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
* alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-
fixes).
* alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
* alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
* alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
* alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
* alsa: info: fix potential deadlock at disconnection (git-fixes).
* alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices
(git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: add cortex-a520 cpu part definition (git-fixes)
* arm64: allow kprobes on el0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass esr_elx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out el1 ssbs emulation hook (git-fixes)
* arm64: report el1 undefs better (git-fixes)
* arm64: rework bti exception handling (git-fixes)
* arm64: rework el0 mrs emulation (git-fixes)
* arm64: rework fpac exception handling (git-fixes)
* arm64: split el0/el1 undef handlers (git-fixes)
* arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* asoc: ams-delta.c: use component after check (git-fixes).
* asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
* asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
* asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not
described (git-fixes).
* asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
* asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
* asoc: rt5650: fix the wrong result of key button (git-fixes).
* asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* asoc: sof: core: ensure sof_ops_free() is still called when probe never ran
(git-fixes).
* asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
* ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
* atl1c: work around the dma rx overflow issue (git-fixes).
* atm: iphase: do pci error checks on own line (git-fixes).
* blk-mq: do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: add device 0bda:887b to device tables (git-fixes).
* bluetooth: add device 13d3:3571 to device tables (git-fixes).
* bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
* bluetooth: btusb: add date->evt_skb is null check (git-fixes).
* bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-
fixes).
* bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-
fixes).
* btrfs: always log symlinks in full mode (bsc#1214840).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -einval on incorrect can id formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
* can: isotp: set max pdu size to 64 kbyte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: fix comment (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
* clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
* clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
* clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
* clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
* clk: sanitize possible_parent_show to handle return value of
of_clk_get_parent_name (git-fixes).
* clk: scmi: free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: change ti_clk_register_omap_hw api (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware
(git-fixes).
* clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
* crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
* disable loongson drivers loongson is a mips architecture, it does not make
sense to build loongson drivers on other architectures.
* dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* doc/readme.suse: adjust heading style (jsc#ped-5021) * underscore all
headings as a preparation for markdown conversion. * use title-style
capitalization for the document name and sentence-style capitalization for
section headings, as recommended in the current suse documentation style
guide.
* doc/readme.suse: bring information about compiling up to date (jsc#ped-5021)
* when building the kernel, do not mention to initially change the current
directory to /usr/src/linux because later description discourages it and
specifies to use 'make -c /usr/src/linux'. * avoid writing additional
details in parentheses, incorporate them instead properly in the text. * fix
the obsolete name of /etc/modprobe.d/unsupported-modules ->
/etc/modprobe.d/10-unsupported-modules.conf. * drop a note that a newly
built kernel should be added to the boot manager because that normally
happens automatically when running 'make install'. * update a link to the
kernel module packages manual. * when preparing a build for external
modules, mention use of the upstream recommended 'make modules_prepare'
instead of a pair of 'make prepare' \+ 'make scripts'. * fix some
typos+grammar.
* doc/readme.suse: bring the overview section up to date (jsc#ped-5021) *
update information in the overview section that was no longer accurate. *
improve wording and fix some typos+grammar.
* doc/readme.suse: convert the document to markdown (jsc#ped-5021)
* doc/readme.suse: minor content clean up (jsc#ped-5021) * mark the user's
build directory as a variable, not a command: 'make -c $(your_build_dir)' ->
'make -c $your_build_dir'. * unify how to get the current directory:
'm=$(pwd)' -> 'm=$pwd'. * 'git' / 'git' -> 'git'.
* doc/readme.suse: reflow text to 80-column width (jsc#ped-5021)
* doc/readme.suse: update information about (un)supported modules
(jsc#ped-5021) * update the list of taint flags. convert it to a table that
matches the upstream documentation format and describe specifically flags
that are related to module support status. * fix some typos and wording.
* doc/readme.suse: update information about config files (jsc#ped-5021) * use
version variables to describe a name of the /boot/config-... file instead of
using specific example versions which get outdated quickly. * replace
removed silentoldconfig with oldconfig. * mention that oldconfig can
automatically pick a base config from "/boot/config-$(uname -r)". * avoid
writing additional details in parentheses, incorporate them instead properly
in the text.
* doc/readme.suse: update information about custom patches (jsc#ped-5021) *
replace mention of various patches.* directories with only patches.suse as
the typical location for patches. * replace i386 with x86_64 in the example
how to define a config addon. * fix some typos and wording.
* doc/readme.suse: update information about dud (jsc#ped-5021) remove a dead
link to description of device update disks found previously on novell.com.
replace it with a short section summarizing what dud is and reference the
mkdud + mksusecd tools and their documentation for more information.
* doc/readme.suse: update information about module paths (jsc#ped-5021) * use
version variables to describe names of the
/lib/modules/$version-$release-$flavor/... directories instead of using
specific example versions which get outdated quickly. * note: keep the
/lib/modules/ prefix instead of using the new /usr/lib/modules/ location for
now. the updated readme is expected to be incorporated to various branches
that are not yet usrmerged.
* doc/readme.suse: update the references list (jsc#ped-5021) * remove the
reference to linux documentation project. it has been inactive for years and
mostly contains old manuals that are not relevant for contemporary systems
and hardware. * update the name and link to lwn.net. the original name
"linux weekly news" has been deemphasized over time by its authors. * update
the link to kernel newbies website. * update the reference to the linux
kernel module programming guide. the document has not been updated for over
a decade but it looks its content is still relevant for today. * point
kernel module packages manual to the current version. * add a reference to
suse soliddriver program.
* doc/readme.suse: update title information (jsc#ped-5021) * drop the mention
of kernel versions from the readme title. * remove information about the
original authors of the document. rely as in case of other readmes on git
metadata to get information about all contributions. * strip the table of
contents. the document is short and easy to navigate just by scrolling
through it.
* docs: net: move the probe and open/close sections of driver.rst up
(bsc#1215458).
* docs: net: reformat driver.rst from a list to sections (bsc#1215458).
* docs: net: use c syntax highlight in driver.rst (bsc#1215458).
* documentation: networking: correct possessive "its" (bsc#1215458).
* drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-
fixes).
* drm/amd/display: avoid null dereference of timing generator (git-fixes).
* drm/amd/display: change the dmcub mailbox memory location from fb to inbox
(git-fixes).
* drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
* drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-
fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
* drm/amd: move helper for dynamic speed switch check out of smu13 (git-
fixes).
* drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
* drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
* drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-
fixes).
* drm/amdgpu: do not use atrm for external devices (git-fixes).
* drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null
(git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
* drm/amdgpu: remove unnecessary domain argument (git-fixes).
* drm/amdgpu: reserve fences for vm update (git-fixes).
* drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
* drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: tc358768: clean up clock period code (git-fixes).
* drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: fix bit updates (git-fixes).
* drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
* drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
* drm/bridge: tc358768: print logical values, not raw register values (git-
fixes).
* drm/bridge: tc358768: remove unused variable (git-fixes).
* drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
* drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
* drm/bridge: tc358768: use struct videomode (git-fixes).
* drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-
fixes).
* drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
* drm/gud: use size_add() in call to struct_size() (git-fixes).
* drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
* drm/i915: fix potential spectre vulnerability (git-fixes).
* drm/i915: flush wc ggtt only on required platforms (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: fix iommu fault by swapping fbs after updating plane state
(git-fixes).
* drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: create devm device attachment (git-fixes).
* drm/mipi-dsi: create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
* drm/msm/dsi: free tx buffer in unbind (git-fixes).
* drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
* drm/panel: st7703: pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: fix a possible null pointer dereference (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-
fixes).
* drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
* drm/ttm: reorder sys manager cleanup step (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
* drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
* drm: bridge: it66121: fix invalid connector dereference (git-fixes).
* drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* ensure ia32_emulation is always enabled for kernel-obs-build if
ia32_emulation is disabled by default, ensure it is enabled back for obs
kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the
parameter, no need to grep through the config which may not be very
reliable]
* fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: omapfb: drop unused remove function (git-fixes).
* fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-
fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* fix termination state for idr_for_each_entry_ul() (git-fixes).
* fix x86/mm: print the encryption features in hyperv is disabled
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* gpu: host1x: correct allocated size for contexts (git-fixes).
* hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
* hid: cp2112: fix duplicate workqueue initialization (git-fixes).
* hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
* hid: hyperv: remove unused struct synthhid_msg (git-fixes).
* hid: hyperv: replace one-element array with flexible-array member (git-
fixes).
* hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* hid: logitech-hidpp: do not restart io, instead defer hid_connect() only
(git-fixes).
* hid: logitech-hidpp: move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
* hid: logitech-hidpp: revert "do not restart communication if not necessary"
(git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
* hv_netvsc: fix race of register_netdevice_notifier and vf register (git-
fixes).
* hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
* hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
* i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: disable tx_empty irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
* i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
* i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-
fixes).
* i3c: master: svc: fix wrong data return when ibi happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and mac filter support (bsc#1215458).
* idpf: add rx splitq napi poll support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: add sriov support and other ndo_ops (bsc#1215458).
* idpf: add tx splitq napi poll support (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for rx queues (bsc#1215458).
* idpf: configure resources for tx queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-
fixes).
* iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-
fixes).
* input: xpad - add vid for turtle beach controllers (git-fixes).
* irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
* kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is
built since sle15-sp3 but it is not shipped as part of any sle product, only
in leap (in kernel-*-optional).
* kernel-binary: suse-module-tools is also required when installed
requires(pre) adds dependency for the specific sciptlet. however, suse-
module-tools also ships modprobe.d files which may be needed at posttrans
time or any time the kernel is on the system for generating ramdisk. add
plain requires as well.
* kernel-source: move provides after sources
* leds: pwm: do not disable the pwm when the led should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: do not use smbus calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: correctly initialise try compose rectangle (git-fixes).
* media: ccs: fix driver quirk struct documentation (git-fixes).
* media: cedrus: fix clock/reset sequence (git-fixes).
* media: cobalt: use field_get() to extract link width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-
fixes).
* mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: fix double put in dln2_probe (git-fixes).
* misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
* misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237,
git-fixes).
* mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
* mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
* mmc: block: retry commands in cqe error recovery (git-fixes).
* mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
* mmc: cqhci: increase recovery halt timeout (git-fixes).
* mmc: cqhci: warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
* mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-
fixes).
* mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-
fixes).
* mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee module_device_table built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
* mtd: rawnand: arasan: include ecc syndrome along with in-band data while
checking for ecc failure (git-fixes).
* net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: avoid address overwrite in kernel_connect (bsc#1216861).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: ieee802154: adf7242: fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* nfs: fix access to page->mapping (bsc#1216788).
* nvme: update firmware version after commit (bsc#1215292).
* pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
* pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
* pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
* pci: extract ats disabling to a helper function (bsc#1215458).
* pci: exynos: do not discard .remove() callback (git-fixes).
* pci: keystone: do not discard .probe() callback (git-fixes).
* pci: keystone: do not discard .remove() callback (git-fixes).
* pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-
fixes).
* pci: tegra194: use field_get()/field_prep() with link width fields (git-
fixes).
* pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
* pci: use field_get() to extract link width (git-fixes).
* pci: vmd: correct pci header type register's multi-function check (git-
fixes).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86/intel-uncore-freq: return error on write frequency
(bsc#1217147).
* platform/x86/intel-uncore-freq: split common and enumeration part
(bsc#1217147).
* platform/x86/intel-uncore-freq: support for cluster level controls
(bsc#1217147).
* platform/x86/intel-uncore-freq: tpmi: provide cluster level control
(bsc#1217147).
* platform/x86/intel-uncore-freq: uncore frequency control via tpmi
(bsc#1217147).
* platform/x86/intel/tpmi: add tpmi external interface for tpmi feature
drivers (bsc#1217147).
* platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
* platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
* platform/x86/intel/uncore-freq: display uncore current frequency
(bsc#1217147).
* platform/x86/intel/uncore-freq: move to uncore-frequency folder
(bsc#1217147).
* platform/x86/intel/uncore-freq: use sysfs api to create attributes
(bsc#1217147).
* platform/x86/intel/vsec: add tpmi id (bsc#1217147).
* platform/x86/intel/vsec: enhance and export intel_vsec_add_aux()
(bsc#1217147).
* platform/x86/intel/vsec: support private data (bsc#1217147).
* platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free()
(bsc#1217147).
* platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
* platform/x86/intel: tpmi: fix double free in tpmi_create_device()
(bsc#1217147).
* platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
* platform/x86: intel-uncore-freq: conditionally create attribute for read
frequency (bsc#1217147).
* platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes
(bsc#1217147).
* platform/x86: intel-uncore-freq: prevent driver loading in guests
(bsc#1217147).
* platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf()
(bsc#1217147).
* platform/x86: intel-uncore-frequency: move to intel sub-directory
(bsc#1217147).
* platform/x86: intel-uncore-frequency: use default_groups in kobj_type
(bsc#1217147).
* platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-
fixes).
* platform/x86: wmi: fix opening of char device (git-fixes).
* platform/x86: wmi: fix probe failure when failing to register wmi devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
* pm: hibernate: use __get_safe_page() rather than touching the list (git-
fixes).
* powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
* powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687
ltc#203927).
* powerpc: do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
* pwm: fix double shift bug (git-fixes).
* pwm: sti: reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
* r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
* r8152: release firmware if we have an error in probe (git-fixes).
* r8152: run the unload routine if we have errors during probe (git-fixes).
* regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
* regmap: ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* revert "i2c: pxa: move to generic gpio recovery" (git-fixes).
* revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes).
* revert "tracing: fix warning in trace_buffered_event_disable()"
(bsc#1217036)
* rpm/check-for-config-changes: add as_wruss to ignored_configs_re add
as_wruss as an ignored_configs_re entry in check-for-config-changes to fix
build on x86_32. there was a fix submitted to upstream but it was not
accepted:
https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.loc…
so carry this in ignored_configs_re instead.
* rpm/check-for-config-changes: add have_shadow_call_stack to
ignored_configs_re not supported by our compiler.
* rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
* run scripts/renamepatches for sle15-sp4
* s390/ap: fix ap bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (ltc#203997
bsc#1217086).
* s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for erp requests (git-fixes
bsc#1217598).
* s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes
bsc#1217511).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(ltc#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(ltc#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix ptrace_get_last_break error handling (git-fixes
bsc#1217599).
* sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
* sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
* sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: correct maximum pci function value for ras fw logging
(bsc#1217731).
* scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
* scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: reject received prlis with only initiator fcn role for npiv
ports (bsc#1217124).
* scsi: lpfc: remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
* scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: use field_get() to extract pcie capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: fix ksft print formats (git-fixes).
* selftests/resctrl: ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-
fixes).
* selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial
cards" (git-fixes).
* serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* treewide: spelling fix in comment (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
* tty: 8250: add support for additional brainboxes px cards (git-fixes).
* tty: 8250: add support for additional brainboxes uc cards (git-fixes).
* tty: 8250: add support for brainboxes up cards (git-fixes).
* tty: 8250: add support for intashield is-100 (git-fixes).
* tty: 8250: add support for intashield ix cards (git-fixes).
* tty: 8250: fix port count of px-257 (git-fixes).
* tty: 8250: fix up px-803/px-857 (git-fixes).
* tty: 8250: remove uc-257 and uc-431 (git-fixes).
* tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
* update metadata patches.suse/s390-ipl-add-missing-secure-has_secure-file-to-
ipl-type-unknown (bsc#1214976 git-fixes).
* usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
* usb: chipidea: fix dma overwrite for tegra (git-fixes).
* usb: chipidea: simplify tegra dma alignment code (git-fixes).
* usb: dwc2: fix possible null pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc2: write hcint with intmask applied (bsc#1214286).
* usb: dwc3: fix default mode initialization (git-fixes).
* usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
* usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: serial: option: add fibocom l7xx modules (git-fixes).
* usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
* usb: serial: option: fix fm101r-gl defines (git-fixes).
* usb: storage: set 1.50 as the lower bcddevice for older "super top"
compatibility (git-fixes).
* usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
* usb: usbip: fix stub_dev hub disconnect (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: do not touch the ce interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix gtk offload status event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
* wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
* wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
* x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
* x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-
fixes).
* x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: make hv_get_nmi_reason public (git-fixes).
* x86/sev: do not try to parse for the cc blob on non-amd hardware (git-
fixes).
* x86/sev: fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: use the ghcb protocol when available for snp cpuid requests (git-
fixes).
* x86: move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert agf log flags to unsigned (git-fixes).
* xfs: convert agi log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize ag block number formatting in ftrace output (git-fixes).
* xfs: standardize ag number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
* xhci: enable rpm on controllers that support low-power states (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4734=1 openSUSE-SLE-15.5-2023-4734=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4734=1
## Package List:
* openSUSE Leap 15.5 (aarch64 x86_64)
* kernel-azure-debuginfo-5.14.21-150500.33.26.1
* reiserfs-kmp-azure-5.14.21-150500.33.26.1
* kernel-azure-extra-debuginfo-5.14.21-150500.33.26.1
* ocfs2-kmp-azure-5.14.21-150500.33.26.1
* kernel-azure-devel-debuginfo-5.14.21-150500.33.26.1
* gfs2-kmp-azure-5.14.21-150500.33.26.1
* kselftests-kmp-azure-5.14.21-150500.33.26.1
* kselftests-kmp-azure-debuginfo-5.14.21-150500.33.26.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.26.1
* cluster-md-kmp-azure-5.14.21-150500.33.26.1
* dlm-kmp-azure-debuginfo-5.14.21-150500.33.26.1
* kernel-azure-debugsource-5.14.21-150500.33.26.1
* kernel-azure-optional-5.14.21-150500.33.26.1
* gfs2-kmp-azure-debuginfo-5.14.21-150500.33.26.1
* dlm-kmp-azure-5.14.21-150500.33.26.1
* kernel-azure-devel-5.14.21-150500.33.26.1
* kernel-syms-azure-5.14.21-150500.33.26.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.26.1
* kernel-azure-livepatch-devel-5.14.21-150500.33.26.1
* kernel-azure-optional-debuginfo-5.14.21-150500.33.26.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.26.1
* kernel-azure-extra-5.14.21-150500.33.26.1
* openSUSE Leap 15.5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.26.1
* openSUSE Leap 15.5 (x86_64)
* kernel-azure-vdso-debuginfo-5.14.21-150500.33.26.1
* kernel-azure-vdso-5.14.21-150500.33.26.1
* openSUSE Leap 15.5 (noarch)
* kernel-devel-azure-5.14.21-150500.33.26.1
* kernel-source-azure-5.14.21-150500.33.26.1
* Public Cloud Module 15-SP5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.26.1
* Public Cloud Module 15-SP5 (aarch64 x86_64)
* kernel-syms-azure-5.14.21-150500.33.26.1
* kernel-azure-debuginfo-5.14.21-150500.33.26.1
* kernel-azure-debugsource-5.14.21-150500.33.26.1
* kernel-azure-devel-5.14.21-150500.33.26.1
* kernel-azure-devel-debuginfo-5.14.21-150500.33.26.1
* Public Cloud Module 15-SP5 (noarch)
* kernel-devel-azure-5.14.21-150500.33.26.1
* kernel-source-azure-5.14.21-150500.33.26.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5633.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214700
* https://bugzilla.suse.com/show_bug.cgi?id=1214840
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215123
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1215802
* https://bugzilla.suse.com/show_bug.cgi?id=1215931
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216527
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216687
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216788
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217095
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217147
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217196
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217511
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237
1
0
14 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4731-1
Rating: important
References:
* bsc#1084909
* bsc#1189998
* bsc#1210447
* bsc#1214286
* bsc#1214976
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216584
* bsc#1216693
* bsc#1216759
* bsc#1216761
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217124
* bsc#1217140
* bsc#1217195
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4
An update that solves 12 vulnerabilities, contains three features and has 28
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
The following non-security bugs were fixed:
* ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
* ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
* ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
* ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
* ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
* ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
* ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
* ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
* ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
* ALSA: info: Fix potential deadlock at disconnection (git-fixes).
* ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
* ASoC: ams-delta.c: use component after check (git-fixes).
* ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
* ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
* ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
* ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
described (git-fixes).
* ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
* ASoC: rt5650: fix the wrong result of key button (git-fixes).
* ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
* Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
* Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-
fixes).
* Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-
fixes).
* Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
* Disable Loongson drivers Loongson is a mips architecture, it does not make
sense to build Loongson drivers on other architectures.
* Documentation: networking: correct possessive "its" (bsc#1215458).
* Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-
fixes).
* Ensure ia32_emulation is always enabled for kernel-obs-build If
ia32_emulation is disabled by default, ensure it is enabled back for OBS
kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the
parameter, no need to grep through the config which may not be very
reliable]
* Fix termination state for idr_for_each_entry_ul() (git-fixes).
* HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
* HID: hyperv: Replace one-element array with flexible-array member (git-
fixes).
* HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
* HID: hyperv: remove unused struct synthhid_msg (git-fixes).
* HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only
(git-fixes).
* HID: logitech-hidpp: Move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
* HID: logitech-hidpp: Revert "Do not restart communication if not necessary"
(git-fixes).
* Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-
fixes).
* Input: xpad - add VID for Turtle Beach controllers (git-fixes).
* PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
* PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
* PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
* PCI: Extract ATS disabling to a helper function (bsc#1215458).
* PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-
fixes).
* PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
* PCI: Use FIELD_GET() to extract Link Width (git-fixes).
* PCI: exynos: Do not discard .remove() callback (git-fixes).
* PCI: keystone: Do not discard .probe() callback (git-fixes).
* PCI: keystone: Do not discard .remove() callback (git-fixes).
* PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-
fixes).
* PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
* PM: hibernate: Use __get_safe_page() rather than touching the list (git-
fixes).
* USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
* USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
* USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* USB: serial: option: add Fibocom L7xx modules (git-fixes).
* USB: serial: option: add Luat Air72*U series products (git-fixes).
* USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
* USB: serial: option: fix FM101R-GL defines (git-fixes).
* USB: usbip: fix stub_dev hub disconnect (git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: Add Cortex-A520 CPU part definition (git-fixes)
* arm64: allow kprobes on EL0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass ESR_ELx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out EL1 SSBS emulation hook (git-fixes)
* arm64: report EL1 UNDEFs better (git-fixes)
* arm64: rework BTI exception handling (git-fixes)
* arm64: rework EL0 MRS emulation (git-fixes)
* arm64: rework FPAC exception handling (git-fixes)
* arm64: split EL0/EL1 UNDEF handlers (git-fixes)
* ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
* atl1c: Work around the DMA RX overflow issue (git-fixes).
* atm: iphase: Do PCI error checks on own line (git-fixes).
* blk-mq: Do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: Add device 0bda:887b to device tables (git-fixes).
* bluetooth: Add device 13d3:3571 to device tables (git-fixes).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
* can: isotp: set max PDU size to 64 kByte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: Fix comment (git-fixes).
* clk: Sanitize possible_parent_show to Handle Return Value of
of_clk_get_parent_name (git-fixes).
* clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
* clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
* clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: Fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
* clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
* clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clk: ti: change ti_clk_register_omap_hw API (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
* dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* docs: net: move the probe and open/close sections of driver.rst up
(bsc#1215458).
* docs: net: reformat driver.rst from a list to sections (bsc#1215458).
* docs: net: use C syntax highlight in driver.rst (bsc#1215458).
* drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
* drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
(git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-
fixes).
* drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
* drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
(git-fixes).
* drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: do not use ATRM for external devices (git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-
fixes).
* drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: Fix bit updates (git-fixes).
* drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
* drm/gud: Use size_add() in call to struct_size() (git-fixes).
* drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
* drm/i915: Fix potential spectre vulnerability (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
(git-fixes).
* drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: Create devm device attachment (git-fixes).
* drm/mipi-dsi: Create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
* drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
* drm/panel: st7703: Pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-
fixes).
* drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: omapfb: Drop unused remove function (git-fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-
fixes).
* hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
* hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
* i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
* i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
* i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: Fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-
fixes).
* i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix wrong data return when IBI happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
* idpf: add RX splitq napi poll support (bsc#1215458).
* idpf: add SRIOV support and other ndo_ops (bsc#1215458).
* idpf: add TX splitq napi poll support (bsc#1215458).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and MAC filter support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for RX queues (bsc#1215458).
* idpf: configure resources for TX queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-
fixes).
* iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
* kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is
built since SLE15-SP3 but it is not shipped as part of any SLE product, only
in Leap (in kernel-*-optional).
* kernel-binary: suse-module-tools is also required when installed
Requires(pre) adds dependency for the specific sciptlet. However, suse-
module-tools also ships modprobe.d files which may be needed at posttrans
time or any time the kernel is on the system for generating ramdisk. Add
plain Requires as well.
* kernel-source: Move provides after sources
* kernel/fork: beware of __put_task_struct() calling context (bsc#1189998
(PREEMPT_RT prerequisite backports)).
* kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
* leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: Do not use SMBUS calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: Correctly initialise try compose rectangle (git-fixes).
* media: ccs: Fix driver quirk struct documentation (git-fixes).
* media: cedrus: Fix clock/reset sequence (git-fixes).
* media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: Fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: Drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: Add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: Add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-
fixes).
* mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: Fix double put in dln2_probe (git-fixes).
* misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
* misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237,
git-fixes).
* mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
* mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
* mmc: block: Retry commands in CQE error recovery (git-fixes).
* mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
* mmc: cqhci: Increase recovery halt timeout (git-fixes).
* mmc: cqhci: Warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
* mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-
fixes).
* mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-
fixes).
* mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
* mtd: rawnand: arasan: Include ECC syndrome along with in-band data while
checking for ECC failure (git-fixes).
* net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
* net: Avoid address overwrite in kernel_connect (bsc#1216861).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: Fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* nvme: update firmware version after commit (bsc#1215292).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-
fixes).
* platform/x86: wmi: Fix opening of char device (git-fixes).
* platform/x86: wmi: Fix probe failure when failing to register WMI devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* powerpc: Do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: Fix double shift bug (git-fixes).
* pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
* pwm: sti: Reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
* r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
* r8152: Release firmware if we have an error in probe (git-fixes).
* r8152: Run the unload routine if we have errors during probe (git-fixes).
* regmap: Ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* s390/ap: fix AP bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (LTC#203997
bsc#1217086).
* s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for ERP requests (git-fixes
bsc#1217598).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(LTC#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(LTC#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217599).
* sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: Correct maximum PCI function value for RAS fw logging
(bsc#1217731).
* scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: Enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: Fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
* scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV
ports (bsc#1217124).
* scsi: lpfc: Remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
* scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: Fix ksft print formats (git-fixes).
* selftests/resctrl: Ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-
fixes).
* selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial
cards" (git-fixes).
* serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* treewide: Spelling fix in comment (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
* tty: 8250: Add support for Brainboxes UP cards (git-fixes).
* tty: 8250: Add support for Intashield IS-100 (git-fixes).
* tty: 8250: Add support for Intashield IX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
* tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
* tty: 8250: Fix port count of PX-257 (git-fixes).
* tty: 8250: Fix up PX-803/PX-857 (git-fixes).
* tty: 8250: Remove UC-257 and UC-431 (git-fixes).
* tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
* usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
* usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
* usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
* usb: dwc2: fix possible NULL pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc3: Fix default mode initialization (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
compatibility (git-fixes).
* usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: Do not touch the CE interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
* wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
* x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-
fixes).
* x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
* x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-
fixes).
* x86/sev: Fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-
fixes).
* x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert AGF log flags to unsigned (git-fixes).
* xfs: convert AGI log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize AG block number formatting in ftrace output (git-fixes).
* xfs: standardize AG number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: Enable RPM on controllers that support low-power states (git-fixes).
* xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4731=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4731=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4731=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4731=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4731=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4731=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4731=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4731=1
* SUSE Real Time Module 15-SP4
zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-4731=1
## Package List:
* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.62.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.62.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* openSUSE Leap 15.4 (x86_64)
* cluster-md-kmp-rt-5.14.21-150400.15.62.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* ocfs2-kmp-rt-5.14.21-150400.15.62.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* kernel-syms-rt-5.14.21-150400.15.62.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.62.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* gfs2-kmp-rt-5.14.21-150400.15.62.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.62.1
* kernel-rt-devel-5.14.21-150400.15.62.1
* kernel-rt_debug-devel-5.14.21-150400.15.62.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.62.1
* dlm-kmp-rt-5.14.21-150400.15.62.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* openSUSE Leap 15.4 (noarch)
* kernel-source-rt-5.14.21-150400.15.62.1
* kernel-devel-rt-5.14.21-150400.15.62.1
* openSUSE Leap 15.4 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150400.15.62.1
* kernel-rt-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_62-rt-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_62-rt-debuginfo-1-150400.1.3.1
* kernel-livepatch-SLE15-SP4-RT_Update_16-debugsource-1-150400.1.3.1
* SUSE Real Time Module 15-SP4 (x86_64)
* cluster-md-kmp-rt-5.14.21-150400.15.62.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debuginfo-5.14.21-150400.15.62.1
* ocfs2-kmp-rt-5.14.21-150400.15.62.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-debugsource-5.14.21-150400.15.62.1
* kernel-syms-rt-5.14.21-150400.15.62.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.62.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* gfs2-kmp-rt-5.14.21-150400.15.62.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.62.1
* kernel-rt-devel-5.14.21-150400.15.62.1
* kernel-rt_debug-devel-5.14.21-150400.15.62.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.62.1
* dlm-kmp-rt-5.14.21-150400.15.62.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.62.1
* SUSE Real Time Module 15-SP4 (noarch)
* kernel-source-rt-5.14.21-150400.15.62.1
* kernel-devel-rt-5.14.21-150400.15.62.1
* SUSE Real Time Module 15-SP4 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150400.15.62.1
* kernel-rt-5.14.21-150400.15.62.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1084909
* https://bugzilla.suse.com/show_bug.cgi?id=1189998
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216761
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237
1
0
14 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4732-1
Rating: important
References:
* bsc#1207948
* bsc#1210447
* bsc#1212649
* bsc#1214286
* bsc#1214700
* bsc#1214840
* bsc#1214976
* bsc#1215095
* bsc#1215123
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1215802
* bsc#1215931
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216527
* bsc#1216584
* bsc#1216621
* bsc#1216687
* bsc#1216693
* bsc#1216759
* bsc#1216761
* bsc#1216788
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217095
* bsc#1217124
* bsc#1217140
* bsc#1217147
* bsc#1217195
* bsc#1217196
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217511
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-3777
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46813
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5633
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46813 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5
An update that solves 15 vulnerabilities, contains three features and has 39
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were
handled when they were being used to store a surface (bsc#1216527).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
* acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
* acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
* acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
* alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
* alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
* alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
* alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
* alsa: hda/realtek: add quirks for hp laptops (git-fixes).
* alsa: hda/realtek: add support dual speaker for dell (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
* alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-
fixes).
* alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
* alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
* alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
* alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
* alsa: info: fix potential deadlock at disconnection (git-fixes).
* alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices
(git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: add cortex-a520 cpu part definition (git-fixes)
* arm64: allow kprobes on el0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass esr_elx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out el1 ssbs emulation hook (git-fixes)
* arm64: report el1 undefs better (git-fixes)
* arm64: rework bti exception handling (git-fixes)
* arm64: rework el0 mrs emulation (git-fixes)
* arm64: rework fpac exception handling (git-fixes)
* arm64: split el0/el1 undef handlers (git-fixes)
* arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* asoc: ams-delta.c: use component after check (git-fixes).
* asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
* asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
* asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not
described (git-fixes).
* asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
* asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
* asoc: rt5650: fix the wrong result of key button (git-fixes).
* asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* asoc: sof: core: ensure sof_ops_free() is still called when probe never ran
(git-fixes).
* asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
* ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
* atl1c: work around the dma rx overflow issue (git-fixes).
* atm: iphase: do pci error checks on own line (git-fixes).
* blk-mq: do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: add device 0bda:887b to device tables (git-fixes).
* bluetooth: add device 13d3:3571 to device tables (git-fixes).
* bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
* bluetooth: btusb: add date->evt_skb is null check (git-fixes).
* bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-
fixes).
* bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-
fixes).
* btrfs: always log symlinks in full mode (bsc#1214840).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -einval on incorrect can id formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
* can: isotp: set max pdu size to 64 kbyte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: fix comment (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
* clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
* clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
* clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
* clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
* clk: sanitize possible_parent_show to handle return value of
of_clk_get_parent_name (git-fixes).
* clk: scmi: free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: change ti_clk_register_omap_hw api (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware
(git-fixes).
* clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
* crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
* disable loongson drivers loongson is a mips architecture, it does not make
sense to build loongson drivers on other architectures.
* dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* docs: net: move the probe and open/close sections of driver.rst up
(bsc#1215458).
* docs: net: reformat driver.rst from a list to sections (bsc#1215458).
* docs: net: use c syntax highlight in driver.rst (bsc#1215458).
* documentation: networking: correct possessive "its" (bsc#1215458).
* drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-
fixes).
* drm/amd/display: avoid null dereference of timing generator (git-fixes).
* drm/amd/display: change the dmcub mailbox memory location from fb to inbox
(git-fixes).
* drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
* drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-
fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
* drm/amd: move helper for dynamic speed switch check out of smu13 (git-
fixes).
* drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments
(git-fixes).
* drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
* drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
* drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-
fixes).
* drm/amdgpu: do not use atrm for external devices (git-fixes).
* drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null
(git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
* drm/amdgpu: remove unnecessary domain argument (git-fixes).
* drm/amdgpu: reserve fences for vm update (git-fixes).
* drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
* drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: tc358768: clean up clock period code (git-fixes).
* drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: fix bit updates (git-fixes).
* drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
* drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
* drm/bridge: tc358768: print logical values, not raw register values (git-
fixes).
* drm/bridge: tc358768: remove unused variable (git-fixes).
* drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
* drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
* drm/bridge: tc358768: use struct videomode (git-fixes).
* drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-
fixes).
* drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
* drm/gud: use size_add() in call to struct_size() (git-fixes).
* drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
* drm/i915: fix potential spectre vulnerability (git-fixes).
* drm/i915: flush wc ggtt only on required platforms (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: fix iommu fault by swapping fbs after updating plane state
(git-fixes).
* drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: create devm device attachment (git-fixes).
* drm/mipi-dsi: create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
* drm/msm/dsi: free tx buffer in unbind (git-fixes).
* drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
* drm/panel: st7703: pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: fix a possible null pointer dereference (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-
fixes).
* drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
* drm/ttm: reorder sys manager cleanup step (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
* drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
* drm: bridge: it66121: fix invalid connector dereference (git-fixes).
* drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* ensure ia32_emulation is always enabled for kernel-obs-build if
ia32_emulation is disabled by default, ensure it is enabled back for obs
kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the
parameter, no need to grep through the config which may not be very
reliable]
* fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: omapfb: drop unused remove function (git-fixes).
* fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-
fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* fix termination state for idr_for_each_entry_ul() (git-fixes).
* fix x86/mm: print the encryption features in hyperv is disabled
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* gpu: host1x: correct allocated size for contexts (git-fixes).
* hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
* hid: cp2112: fix duplicate workqueue initialization (git-fixes).
* hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
* hid: hyperv: remove unused struct synthhid_msg (git-fixes).
* hid: hyperv: replace one-element array with flexible-array member (git-
fixes).
* hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* hid: logitech-hidpp: do not restart io, instead defer hid_connect() only
(git-fixes).
* hid: logitech-hidpp: move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
* hid: logitech-hidpp: revert "do not restart communication if not necessary"
(git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
* hv_netvsc: fix race of register_netdevice_notifier and vf register (git-
fixes).
* hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
* hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
* i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: disable tx_empty irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
* i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
* i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-
fixes).
* i3c: master: svc: fix wrong data return when ibi happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and mac filter support (bsc#1215458).
* idpf: add rx splitq napi poll support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: add sriov support and other ndo_ops (bsc#1215458).
* idpf: add tx splitq napi poll support (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for rx queues (bsc#1215458).
* idpf: configure resources for tx queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-
fixes).
* iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-
fixes).
* input: xpad - add vid for turtle beach controllers (git-fixes).
* irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
* kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is
built since sle15-sp3 but it is not shipped as part of any sle product, only
in leap (in kernel-*-optional).
* kernel-binary: suse-module-tools is also required when installed
requires(pre) adds dependency for the specific sciptlet. however, suse-
module-tools also ships modprobe.d files which may be needed at posttrans
time or any time the kernel is on the system for generating ramdisk. add
plain requires as well.
* kernel-source: move provides after sources
* kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
* leds: pwm: do not disable the pwm when the led should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: do not use smbus calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: correctly initialise try compose rectangle (git-fixes).
* media: ccs: fix driver quirk struct documentation (git-fixes).
* media: cedrus: fix clock/reset sequence (git-fixes).
* media: cobalt: use field_get() to extract link width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-
fixes).
* mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: fix double put in dln2_probe (git-fixes).
* misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
* misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237,
git-fixes).
* mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
* mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
* mmc: block: retry commands in cqe error recovery (git-fixes).
* mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
* mmc: cqhci: increase recovery halt timeout (git-fixes).
* mmc: cqhci: warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
* mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-
fixes).
* mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-
fixes).
* mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee module_device_table built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
* mtd: rawnand: arasan: include ecc syndrome along with in-band data while
checking for ecc failure (git-fixes).
* net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: avoid address overwrite in kernel_connect (bsc#1216861).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: ieee802154: adf7242: fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* nfs: fix access to page->mapping (bsc#1216788).
* nvme: update firmware version after commit (bsc#1215292).
* pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
* pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
* pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
* pci: extract ats disabling to a helper function (bsc#1215458).
* pci: exynos: do not discard .remove() callback (git-fixes).
* pci: keystone: do not discard .probe() callback (git-fixes).
* pci: keystone: do not discard .remove() callback (git-fixes).
* pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-
fixes).
* pci: tegra194: use field_get()/field_prep() with link width fields (git-
fixes).
* pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
* pci: use field_get() to extract link width (git-fixes).
* pci: vmd: correct pci header type register's multi-function check (git-
fixes).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86/intel-uncore-freq: return error on write frequency
(bsc#1217147).
* platform/x86/intel-uncore-freq: split common and enumeration part
(bsc#1217147).
* platform/x86/intel-uncore-freq: support for cluster level controls
(bsc#1217147).
* platform/x86/intel-uncore-freq: tpmi: provide cluster level control
(bsc#1217147).
* platform/x86/intel-uncore-freq: uncore frequency control via tpmi
(bsc#1217147).
* platform/x86/intel/tpmi: add tpmi external interface for tpmi feature
drivers (bsc#1217147).
* platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
* platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
* platform/x86/intel/uncore-freq: display uncore current frequency
(bsc#1217147).
* platform/x86/intel/uncore-freq: move to uncore-frequency folder
(bsc#1217147).
* platform/x86/intel/uncore-freq: use sysfs api to create attributes
(bsc#1217147).
* platform/x86/intel/vsec: add tpmi id (bsc#1217147).
* platform/x86/intel/vsec: enhance and export intel_vsec_add_aux()
(bsc#1217147).
* platform/x86/intel/vsec: support private data (bsc#1217147).
* platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free()
(bsc#1217147).
* platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
* platform/x86/intel: tpmi: fix double free in tpmi_create_device()
(bsc#1217147).
* platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
* platform/x86: intel-uncore-freq: conditionally create attribute for read
frequency (bsc#1217147).
* platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes
(bsc#1217147).
* platform/x86: intel-uncore-freq: prevent driver loading in guests
(bsc#1217147).
* platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf()
(bsc#1217147).
* platform/x86: intel-uncore-frequency: move to intel sub-directory
(bsc#1217147).
* platform/x86: intel-uncore-frequency: use default_groups in kobj_type
(bsc#1217147).
* platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-
fixes).
* platform/x86: wmi: fix opening of char device (git-fixes).
* platform/x86: wmi: fix probe failure when failing to register wmi devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
* pm: hibernate: use __get_safe_page() rather than touching the list (git-
fixes).
* powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
* powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687
ltc#203927).
* powerpc: do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
* pwm: fix double shift bug (git-fixes).
* pwm: sti: reduce number of allocations and drop usage of chip_data (git-
fixes).
* quota: fix slow quotaoff (bsc#1216621).
* r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
* r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
* r8152: release firmware if we have an error in probe (git-fixes).
* r8152: run the unload routine if we have errors during probe (git-fixes).
* regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
* regmap: ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* revert "i2c: pxa: move to generic gpio recovery" (git-fixes).
* revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes).
* revert "tracing: fix warning in trace_buffered_event_disable()"
(bsc#1217036)
* revert amdgpu patches that caused a regression (bsc#1215802)
* rpm/check-for-config-changes: add as_wruss to ignored_configs_re add
as_wruss as an ignored_configs_re entry in check-for-config-changes to fix
build on x86_32. there was a fix submitted to upstream but it was not
accepted:
https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.loc…
so carry this in ignored_configs_re instead.
* rpm/check-for-config-changes: add have_shadow_call_stack to
ignored_configs_re not supported by our compiler.
* rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
* run scripts/renamepatches for sle15-sp4
* s390/ap: fix ap bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (ltc#203997
bsc#1217086).
* s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for erp requests (git-fixes
bsc#1217598).
* s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes
bsc#1217511).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(ltc#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(ltc#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix ptrace_get_last_break error handling (git-fixes
bsc#1217599).
* sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
* sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
* sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: correct maximum pci function value for ras fw logging
(bsc#1217731).
* scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
* scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: reject received prlis with only initiator fcn role for npiv
ports (bsc#1217124).
* scsi: lpfc: remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
* scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: use field_get() to extract pcie capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: fix ksft print formats (git-fixes).
* selftests/resctrl: ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-
fixes).
* selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial
cards" (git-fixes).
* serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* treewide: spelling fix in comment (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
* tty: 8250: add support for additional brainboxes px cards (git-fixes).
* tty: 8250: add support for additional brainboxes uc cards (git-fixes).
* tty: 8250: add support for brainboxes up cards (git-fixes).
* tty: 8250: add support for intashield is-100 (git-fixes).
* tty: 8250: add support for intashield ix cards (git-fixes).
* tty: 8250: fix port count of px-257 (git-fixes).
* tty: 8250: fix up px-803/px-857 (git-fixes).
* tty: 8250: remove uc-257 and uc-431 (git-fixes).
* tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
* update ath11k hibernation fix patch set (bsc#1207948)
* update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-
unknown (bsc#1214976 git-fixes).
* usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
* usb: chipidea: fix dma overwrite for tegra (git-fixes).
* usb: chipidea: simplify tegra dma alignment code (git-fixes).
* usb: dwc2: fix possible null pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc2: write hcint with intmask applied (bsc#1214286).
* usb: dwc3: fix default mode initialization (git-fixes).
* usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
* usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: serial: option: add fibocom l7xx modules (git-fixes).
* usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
* usb: serial: option: fix fm101r-gl defines (git-fixes).
* usb: storage: set 1.50 as the lower bcddevice for older "super top"
compatibility (git-fixes).
* usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
* usb: usbip: fix stub_dev hub disconnect (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: do not touch the ce interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix gtk offload status event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
* wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
* wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
* x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
* x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-
fixes).
* x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: make hv_get_nmi_reason public (git-fixes).
* x86/sev: do not try to parse for the cc blob on non-amd hardware (git-
fixes).
* x86/sev: fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: use the ghcb protocol when available for snp cpuid requests (git-
fixes).
* x86: move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert agf log flags to unsigned (git-fixes).
* xfs: convert agi log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize ag block number formatting in ftrace output (git-fixes).
* xfs: standardize ag number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
* xhci: enable rpm on controllers that support low-power states (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4732=1 openSUSE-SLE-15.5-2023-4732=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4732=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4732=1
* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4732=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.27.2
* kernel-devel-rt-5.14.21-150500.13.27.2
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-optional-5.14.21-150500.13.27.2
* kernel-rt_debug-vdso-5.14.21-150500.13.27.2
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2
* reiserfs-kmp-rt-5.14.21-150500.13.27.2
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-vdso-5.14.21-150500.13.27.2
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* gfs2-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2
* cluster-md-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt_debug-devel-5.14.21-150500.13.27.2
* kernel-rt-extra-5.14.21-150500.13.27.2
* dlm-kmp-rt-5.14.21-150500.13.27.2
* kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2
* kernel-rt-extra-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-livepatch-devel-5.14.21-150500.13.27.2
* kernel-rt-optional-debuginfo-5.14.21-150500.13.27.2
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.27.2
* kernel-rt_debug-debugsource-5.14.21-150500.13.27.2
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-devel-5.14.21-150500.13.27.2
* ocfs2-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt-debugsource-5.14.21-150500.13.27.2
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-syms-rt-5.14.21-150500.13.27.1
* kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2
* kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-livepatch-5.14.21-150500.13.27.2
* kselftests-kmp-rt-5.14.21-150500.13.27.2
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.27.2
* kernel-rt-5.14.21-150500.13.27.2
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.27.2
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-debugsource-5.14.21-150500.13.27.2
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_27-rt-1-150500.11.3.2
* kernel-livepatch-5_14_21-150500_13_27-rt-debuginfo-1-150500.11.3.2
* kernel-livepatch-SLE15-SP5-RT_Update_8-debugsource-1-150500.11.3.2
* SUSE Real Time Module 15-SP5 (x86_64)
* kernel-rt_debug-vdso-5.14.21-150500.13.27.2
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt_debug-debuginfo-5.14.21-150500.13.27.2
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-vdso-5.14.21-150500.13.27.2
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* gfs2-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt-devel-debuginfo-5.14.21-150500.13.27.2
* cluster-md-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt_debug-devel-5.14.21-150500.13.27.2
* dlm-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.27.2
* kernel-rt_debug-debugsource-5.14.21-150500.13.27.2
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.27.2
* kernel-rt-debuginfo-5.14.21-150500.13.27.2
* ocfs2-kmp-rt-5.14.21-150500.13.27.2
* kernel-rt-devel-5.14.21-150500.13.27.2
* kernel-rt-debugsource-5.14.21-150500.13.27.2
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.27.2
* kernel-syms-rt-5.14.21-150500.13.27.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.27.2
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-source-rt-5.14.21-150500.13.27.2
* kernel-devel-rt-5.14.21-150500.13.27.2
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.27.2
* kernel-rt-5.14.21-150500.13.27.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5633.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214700
* https://bugzilla.suse.com/show_bug.cgi?id=1214840
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215123
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1215802
* https://bugzilla.suse.com/show_bug.cgi?id=1215931
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216527
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
* https://bugzilla.suse.com/show_bug.cgi?id=1216687
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216761
* https://bugzilla.suse.com/show_bug.cgi?id=1216788
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217095
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217147
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217196
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217511
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237
1
0
14 Dec '23
# Security update for python-cryptography
Announcement ID: SUSE-SU-2023:4842-1
Rating: moderate
References:
* bsc#1217592
Cross-References:
* CVE-2023-49083
CVSS scores:
* CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Python 3 Module 15-SP4
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python-cryptography fixes the following issues:
* CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates
from a PKCS#7 bundle (bsc#1217592).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4842=1 openSUSE-SLE-15.4-2023-4842=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4842=1
* Python 3 Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4842=1
* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2023-4842=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
* Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
* Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python-cryptography-debugsource-41.0.3-150400.16.12.1
* python311-cryptography-41.0.3-150400.16.12.1
* python311-cryptography-debuginfo-41.0.3-150400.16.12.1
## References:
* https://www.suse.com/security/cve/CVE-2023-49083.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217592
1
0
14 Dec '23
# Security update for python3-cryptography
Announcement ID: SUSE-SU-2023:4843-1
Rating: moderate
References:
* bsc#1217592
Cross-References:
* CVE-2023-49083
CVSS scores:
* CVE-2023-49083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-49083 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python3-cryptography fixes the following issues:
* CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates
from a PKCS#7 bundle (bsc#1217592).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4843=1 SUSE-2023-4843=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4843=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4843=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4843=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4843=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4843=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4843=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4843=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4843=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4843=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4843=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-cryptography-debugsource-3.3.2-150400.23.1
* python3-cryptography-3.3.2-150400.23.1
* python3-cryptography-debuginfo-3.3.2-150400.23.1
## References:
* https://www.suse.com/security/cve/CVE-2023-49083.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217592
1
0
SUSE-SU-2023:4836-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3)
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP3)
Announcement ID: SUSE-SU-2023:4836-1
Rating: important
References:
* bsc#1215097
* bsc#1215442
* bsc#1215519
Cross-References:
* CVE-2023-2163
* CVE-2023-3777
* CVE-2023-4622
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_133 fixes several issues.
The following security issues were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4837=1 SUSE-2023-4838=1 SUSE-2023-4846=1
SUSE-2023-4836=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4837=1 SUSE-SLE-
Module-Live-Patching-15-SP3-2023-4838=1 SUSE-SLE-Module-Live-
Patching-15-SP3-2023-4846=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4836=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_36-debugsource-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_26-debugsource-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_29-debugsource-10-150300.2.2
* kernel-livepatch-SLE15-SP3_Update_30-debugsource-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_101-default-debuginfo-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_115-default-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_112-default-debuginfo-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_115-preempt-debuginfo-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_115-preempt-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_112-preempt-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_112-preempt-debuginfo-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_101-preempt-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_133-preempt-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_101-preempt-debuginfo-13-150300.2.2
* kernel-livepatch-5_3_18-150300_59_133-preempt-debuginfo-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2
* kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1
* kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
1
0
SUSE-SU-2023:4839-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3)
by null@suse.de 14 Dec '23
by null@suse.de 14 Dec '23
14 Dec '23
# Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP3)
Announcement ID: SUSE-SU-2023:4839-1
Rating: important
References:
* bsc#1215097
* bsc#1215519
Cross-References:
* CVE-2023-2163
* CVE-2023-3777
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves two vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues.
The following security issues were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4839=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4839=1
## Package List:
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-debuginfo-3-150300.2.1
* kernel-livepatch-SLE15-SP3_Update_37-debugsource-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_138-preempt-debuginfo-3-150300.2.1
* kernel-livepatch-5_3_18-150300_59_138-preempt-3-150300.2.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_138-default-3-150300.2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
1
0
13 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4782-1
Rating: important
References:
* bsc#1210447
* bsc#1214286
* bsc#1214976
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216584
* bsc#1216693
* bsc#1216759
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217124
* bsc#1217140
* bsc#1217195
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 12 vulnerabilities, contains three features and has 25
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
* acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
* acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
* acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
* alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
* alsa: hda/realtek: add quirks for hp laptops (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
* alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
* alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
* alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
* alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
* alsa: info: fix potential deadlock at disconnection (git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: add cortex-a520 cpu part definition (git-fixes)
* arm64: allow kprobes on el0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass esr_elx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out el1 ssbs emulation hook (git-fixes)
* arm64: report el1 undefs better (git-fixes)
* arm64: rework bti exception handling (git-fixes)
* arm64: rework el0 mrs emulation (git-fixes)
* arm64: rework fpac exception handling (git-fixes)
* arm64: split el0/el1 undef handlers (git-fixes)
* arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* asoc: ams-delta.c: use component after check (git-fixes).
* asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
* asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
* asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not
described (git-fixes).
* asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
* asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
* asoc: rt5650: fix the wrong result of key button (git-fixes).
* asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
* ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
* atl1c: work around the dma rx overflow issue (git-fixes).
* atm: iphase: do pci error checks on own line (git-fixes).
* blk-mq: do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: add device 0bda:887b to device tables (git-fixes).
* bluetooth: add device 13d3:3571 to device tables (git-fixes).
* bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
* bluetooth: btusb: add date->evt_skb is null check (git-fixes).
* bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-
fixes).
* bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-
fixes).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -einval on incorrect can id formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
* can: isotp: set max pdu size to 64 kbyte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: fix comment (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
* clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
* clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
* clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
* clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
* clk: sanitize possible_parent_show to handle return value of
of_clk_get_parent_name (git-fixes).
* clk: scmi: free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: change ti_clk_register_omap_hw api (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
* disable loongson drivers loongson is a mips architecture, it does not make
sense to build loongson drivers on other architectures.
* dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* docs: net: move the probe and open/close sections of driver.rst up
(bsc#1215458).
* docs: net: reformat driver.rst from a list to sections (bsc#1215458).
* docs: net: use c syntax highlight in driver.rst (bsc#1215458).
* documentation: networking: correct possessive "its" (bsc#1215458).
* drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-
fixes).
* drm/amd/display: avoid null dereference of timing generator (git-fixes).
* drm/amd/display: change the dmcub mailbox memory location from fb to inbox
(git-fixes).
* drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
* drm/amd/display: use full update for clip size increase of large plane
source (git-fixes).
* drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-
fixes).
* drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
* drm/amdgpu: do not use atrm for external devices (git-fixes).
* drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null
(git-fixes).
* drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
* drm/amdgpu: fix potential null pointer derefernce (git-fixes).
* drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
* drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-
fixes).
* drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
* drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
(git-fixes).
* drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in
drm_bridge_state (git-fixes).
* drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
* drm/bridge: lt8912b: fix bridge_detach (git-fixes).
* drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
* drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-
fixes).
* drm/bridge: lt8912b: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
* drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-
fixes).
* drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
* drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
* drm/bridge: tc358768: fix bit updates (git-fixes).
* drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
* drm/gud: use size_add() in call to struct_size() (git-fixes).
* drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
* drm/i915: fix potential spectre vulnerability (git-fixes).
* drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
* drm/mediatek: fix iommu fault by swapping fbs after updating plane state
(git-fixes).
* drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
* drm/mipi-dsi: create devm device attachment (git-fixes).
* drm/mipi-dsi: create devm device registration (git-fixes).
* drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
* drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-
fixes).
* drm/panel: fix a possible null pointer dereference (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
* drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
* drm/panel: st7703: pick different reset sequence (git-fixes).
* drm/qxl: prevent memory leak (git-fixes).
* drm/radeon: possible buffer overflow (git-fixes).
* drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-
fixes).
* drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-
fixes).
* drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
* drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-
fixes).
* drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-
fixes).
* drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
* drm/vc4: fix typo (git-fixes).
* drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
* dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
* dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
* ensure ia32_emulation is always enabled for kernel-obs-build if
ia32_emulation is disabled by default, ensure it is enabled back for obs
kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the
parameter, no need to grep through the config which may not be very
reliable]
* fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
* fbdev: imsttfb: fix a resource leak in probe (git-fixes).
* fbdev: imsttfb: fix double free in probe() (git-fixes).
* fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
* fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-
fixes).
* fbdev: omapfb: drop unused remove function (git-fixes).
* firewire: core: fix possible memory leak in create_units() (git-fixes).
* firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* fix termination state for idr_for_each_entry_ul() (git-fixes).
* gpio: mockup: fix kerneldoc (git-fixes).
* gpio: mockup: remove unused field (git-fixes).
* hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
* hid: cp2112: fix duplicate workqueue initialization (git-fixes).
* hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
* hid: hyperv: remove unused struct synthhid_msg (git-fixes).
* hid: hyperv: replace one-element array with flexible-array member (git-
fixes).
* hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround
(git-fixes).
* hid: logitech-hidpp: do not restart io, instead defer hid_connect() only
(git-fixes).
* hid: logitech-hidpp: move get_wireless_feature_index() check to
hidpp_connect_event() (git-fixes).
* hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
* hid: logitech-hidpp: revert "do not restart communication if not necessary"
(git-fixes).
* hv: simplify sysctl registration (git-fixes).
* hv_netvsc: fix netvsc_send_completion to avoid multiple message length
checks (git-fixes).
* hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
* hv_netvsc: fix race of register_netdevice_notifier and vf register (git-
fixes).
* hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
* hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-
fixes).
* i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
* i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
* i2c: designware: disable tx_empty irq while waiting for block length byte
(git-fixes).
* i2c: dev: copy userspace array safely (git-fixes).
* i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-
fixes).
* i2c: iproc: handle invalid slave state (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
* i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
* i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-
fixes).
* i3c: master: cdns: fix reading status register (git-fixes).
* i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-
fixes).
* i3c: master: svc: fix check wrong status register in irq handler (git-
fixes).
* i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
* i3c: master: svc: fix race condition in ibi work thread (git-fixes).
* i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-
fixes).
* i3c: master: svc: fix wrong data return when ibi happen during start frame
(git-fixes).
* i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-
fixes).
* i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
* idpf: add controlq init and reset checks (bsc#1215458).
* idpf: add core init and interrupt request (bsc#1215458).
* idpf: add create vport and netdev configuration (bsc#1215458).
* idpf: add ethtool callbacks (bsc#1215458).
* idpf: add module register and probe functionality (bsc#1215458).
* idpf: add ptypes and mac filter support (bsc#1215458).
* idpf: add rx splitq napi poll support (bsc#1215458).
* idpf: add singleq start_xmit and napi poll (bsc#1215458).
* idpf: add splitq start_xmit (bsc#1215458).
* idpf: add sriov support and other ndo_ops (bsc#1215458).
* idpf: add tx splitq napi poll support (bsc#1215458).
* idpf: cancel mailbox work in error path (bsc#1215458).
* idpf: configure resources for rx queues (bsc#1215458).
* idpf: configure resources for tx queues (bsc#1215458).
* idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
* idpf: initialize interrupts and enable vport (bsc#1215458).
* idpf: set scheduling mode for completion queue (bsc#1215458).
* iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-
fixes).
* iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
(git-fixes).
* input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-
fixes).
* input: xpad - add vid for turtle beach controllers (git-fixes).
* irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
* kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is
built since sle15-sp3 but it is not shipped as part of any sle product, only
in leap (in kernel-*-optional).
* kernel-binary: suse-module-tools is also required when installed
requires(pre) adds dependency for the specific sciptlet. however, suse-
module-tools also ships modprobe.d files which may be needed at posttrans
time or any time the kernel is on the system for generating ramdisk. add
plain requires as well.
* kernel-source: move provides after sources
* leds: pwm: do not disable the pwm when the led should be off (git-fixes).
* leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu'
(git-fixes).
* leds: turris-omnia: do not use smbus calls (git-fixes).
* lsm: fix default return value for inode_getsecctx (git-fixes).
* lsm: fix default return value for vm_enough_memory (git-fixes).
* media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
* media: ccs: correctly initialise try compose rectangle (git-fixes).
* media: ccs: fix driver quirk struct documentation (git-fixes).
* media: cedrus: fix clock/reset sequence (git-fixes).
* media: cobalt: use field_get() to extract link width (git-fixes).
* media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
* media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
* media: imon: fix access to invalid resource for the second interface (git-
fixes).
* media: lirc: drop trailing space from scancode transmit (git-fixes).
* media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
* media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
* media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
* media: qcom: camss: fix vfe_get() error jump (git-fixes).
* media: sharp: fix sharp encoding (git-fixes).
* media: siano: drop unnecessary error check for debugfs_create_dir/file()
(git-fixes).
* media: venus: hfi: add checks to handle capabilities from firmware (git-
fixes).
* media: venus: hfi: add checks to perform sanity on queue pointers (git-
fixes).
* media: venus: hfi: fix the check to handle session buffer requirement (git-
fixes).
* media: venus: hfi_parser: add check to keep the number of codecs within
range (git-fixes).
* media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
* media: vidtv: psi: add check for kstrdup (git-fixes).
* media: vivid: avoid integer overflow (git-fixes).
* mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-
fixes).
* mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
* mfd: dln2: fix double put in dln2_probe (git-fixes).
* misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
* misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-
fixes).
* mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237,
git-fixes).
* mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
* mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
* mmc: block: retry commands in cqe error recovery (git-fixes).
* mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
* mmc: cqhci: increase recovery halt timeout (git-fixes).
* mmc: cqhci: warn of halt or task clear failure (git-fixes).
* mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
* mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-
fixes).
* mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-
fixes).
* mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
* mmc: vub300: fix an error code (git-fixes).
* modpost: fix tee module_device_table built on big-endian host (git-fixes).
* mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
* mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
* mtd: rawnand: arasan: include ecc syndrome along with in-band data while
checking for ecc failure (git-fixes).
* net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
* net: add macro netif_subqueue_completed_wake (bsc#1215458).
* net: avoid address overwrite in kernel_connect (bsc#1216861).
* net: fix use-after-free in tw_timer_handler (bsc#1217195).
* net: ieee802154: adf7242: fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: fix return type of mana_start_xmit() (git-fixes).
* net: piggy back on the memory barrier in bql when waking queues
(bsc#1215458).
* net: provide macros for commonly copied lockless queue stop/wake code
(bsc#1215458).
* net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-
fixes).
* net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* nvme: update firmware version after commit (bsc#1215292).
* pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
* pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
* pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
* pci: extract ats disabling to a helper function (bsc#1215458).
* pci: exynos: do not discard .remove() callback (git-fixes).
* pci: keystone: do not discard .probe() callback (git-fixes).
* pci: keystone: do not discard .remove() callback (git-fixes).
* pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-
fixes).
* pci: tegra194: use field_get()/field_prep() with link width fields (git-
fixes).
* pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
* pci: use field_get() to extract link width (git-fixes).
* pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
* pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
(git-fixes).
* pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
* pinctrl: avoid reload of p state in list iteration (git-fixes).
* platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-
fixes).
* platform/x86: wmi: fix opening of char device (git-fixes).
* platform/x86: wmi: fix probe failure when failing to register wmi devices
(git-fixes).
* platform/x86: wmi: remove unnecessary initializations (git-fixes).
* pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
* pm: hibernate: use __get_safe_page() rather than touching the list (git-
fixes).
* powerpc: do not clobber f0/vs0 during fp|altivec register save
(bsc#1217780).
* pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
* pwm: fix double shift bug (git-fixes).
* pwm: sti: reduce number of allocations and drop usage of chip_data (git-
fixes).
* r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
* r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
* r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
* r8152: release firmware if we have an error in probe (git-fixes).
* r8152: run the unload routine if we have errors during probe (git-fixes).
* regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
* regmap: ensure range selector registers are updated after cache sync (git-
fixes).
* regmap: prevent noinc writes from clobbering cache (git-fixes).
* revert "i2c: pxa: move to generic gpio recovery" (git-fixes).
* revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes).
* rpm/check-for-config-changes: add as_wruss to ignored_configs_re add
as_wruss as an ignored_configs_re entry in check-for-config-changes to fix
build on x86_32. there was a fix submitted to upstream but it was not
accepted:
https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.loc…
so carry this in ignored_configs_re instead.
* rpm/check-for-config-changes: add have_shadow_call_stack to
ignored_configs_re not supported by our compiler.
* rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
* s390/ap: fix ap bus crash on early config change callback invocation (git-
fixes bsc#1217687).
* s390/cio: unregister device when the only path is gone (git-fixes
bsc#1217609).
* s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
* s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997
bsc#1217086).
* s390/cmma: fix initial kernel address space page table walk (ltc#203997
bsc#1217086).
* s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
* s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629
bsc#1215124).
* s390/dasd: protect device queue against concurrent access (git-fixes
bsc#1217515).
* s390/dasd: use correct number of retries for erp requests (git-fixes
bsc#1217598).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976 git-fixes).
* s390/mm: add missing arch_set_page_dat() call to gmap allocations
(ltc#203997 bsc#1217086).
* s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
(ltc#203997 bsc#1217086).
* s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
* s390/ptrace: fix ptrace_get_last_break error handling (git-fixes
bsc#1217599).
* sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
* scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
* scsi: lpfc: correct maximum pci function value for ras fw logging
(bsc#1217731).
* scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss()
(bsc#1217731).
* scsi: lpfc: enhance driver logging for selected discovery events
(bsc#1217731).
* scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi()
(bsc#1217731).
* scsi: lpfc: fix possible file string name overflow when updating firmware
(bsc#1217731).
* scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
* scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
* scsi: lpfc: reject received prlis with only initiator fcn role for npiv
ports (bsc#1217124).
* scsi: lpfc: remove unnecessary zero return code assignment in
lpfc_sli4_hba_setup (bsc#1217124).
* scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading
(bsc#1217731).
* scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci
offline (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
* scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
* scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
* scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
* scsi: qla2xxx: use field_get() to extract pcie capability fields (git-
fixes).
* selftests/efivarfs: create-read: fix a resource leak (git-fixes).
* selftests/pidfd: fix ksft print formats (git-fixes).
* selftests/resctrl: ensure the benchmark commands fits to its array (git-
fixes).
* selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-
fixes).
* selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
* seq_buf: fix a misleading comment (git-fixes).
* serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial
cards" (git-fixes).
* serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
* soc: qcom: llcc: handle a second device without data corruption (git-fixes).
* spi: nxp-fspi: use the correct ioremap function (git-fixes).
* spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
* spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
* staging: media: ipu3: remove ftrace-like logging (git-fixes).
* string.h: add array-wrappers for (v)memdup_user() (git-fixes).
* supported.conf: marked idpf supported
* thermal: core: prevent potential string overflow (git-fixes).
* treewide: spelling fix in comment (git-fixes).
* tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
* tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
* tty: 8250: add support for additional brainboxes px cards (git-fixes).
* tty: 8250: add support for additional brainboxes uc cards (git-fixes).
* tty: 8250: add support for brainboxes up cards (git-fixes).
* tty: 8250: add support for intashield is-100 (git-fixes).
* tty: 8250: add support for intashield ix cards (git-fixes).
* tty: 8250: fix port count of px-257 (git-fixes).
* tty: 8250: fix up px-803/px-857 (git-fixes).
* tty: 8250: remove uc-257 and uc-431 (git-fixes).
* tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
* tty: n_gsm: fix race condition in status line change on dead connections
(git-fixes).
* tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
* tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
* tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
* usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
* usb: chipidea: fix dma overwrite for tegra (git-fixes).
* usb: chipidea: simplify tegra dma alignment code (git-fixes).
* usb: dwc2: fix possible null pointer dereference caused by driver
concurrency (git-fixes).
* usb: dwc2: write hcint with intmask applied (bsc#1214286).
* usb: dwc3: fix default mode initialization (git-fixes).
* usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
* usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
* usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
* usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
* usb: dwc3: set the dma max_seg_size (git-fixes).
* usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
* usb: raw-gadget: properly handle interrupted requests (git-fixes).
* usb: serial: option: add fibocom l7xx modules (git-fixes).
* usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
* usb: serial: option: fix fm101r-gl defines (git-fixes).
* usb: storage: set 1.50 as the lower bcddevice for older "super top"
compatibility (git-fixes).
* usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-
fixes).
* usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
* usb: usbip: fix stub_dev hub disconnect (git-fixes).
* virtchnl: add virtchnl version 2 ops (bsc#1215458).
* wifi: ath10k: do not touch the ce interrupt registers after power up (git-
fixes).
* wifi: ath10k: fix clang-specific fortify warning (git-fixes).
* wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
* wifi: ath11k: fix dfs radar event locking (git-fixes).
* wifi: ath11k: fix htt pktlog locking (git-fixes).
* wifi: ath11k: fix temperature event locking (git-fixes).
* wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
* wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-
fixes).
* wifi: iwlwifi: empty overflow queue during flush (git-fixes).
* wifi: iwlwifi: honor the enable_ini value (git-fixes).
* wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
* wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
* wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-
fixes).
* wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
* wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
* wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
* wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file()
(git-fixes).
* x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
* x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
* x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-
fixes).
* x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
* x86/hyperv: fix a warning in mshyperv.h (git-fixes).
* x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
* x86/hyperv: make hv_get_nmi_reason public (git-fixes).
* x86/sev: do not try to parse for the cc blob on non-amd hardware (git-
fixes).
* x86/sev: fix calculation of end address based on number of pages (git-
fixes).
* x86/sev: use the ghcb protocol when available for snp cpuid requests (git-
fixes).
* x86: move gds_ucode_mitigated() declaration to header (git-fixes).
* xfs: add attr state machine tracepoints (git-fixes).
* xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
* xfs: constify btree function parameters that are not modified (git-fixes).
* xfs: convert agf log flags to unsigned (git-fixes).
* xfs: convert agi log flags to unsigned (git-fixes).
* xfs: convert attr type flags to unsigned (git-fixes).
* xfs: convert bmap extent type flags to unsigned (git-fixes).
* xfs: convert bmapi flags to unsigned (git-fixes).
* xfs: convert btree buffer log flags to unsigned (git-fixes).
* xfs: convert buffer flags to unsigned (git-fixes).
* xfs: convert buffer log item flags to unsigned (git-fixes).
* xfs: convert da btree operations flags to unsigned (git-fixes).
* xfs: convert dquot flags to unsigned (git-fixes).
* xfs: convert inode lock flags to unsigned (git-fixes).
* xfs: convert log item tracepoint flags to unsigned (git-fixes).
* xfs: convert log ticket and iclog flags to unsigned (git-fixes).
* xfs: convert quota options flags to unsigned (git-fixes).
* xfs: convert scrub type flags to unsigned (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno"
(git-fixes).
* xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
* xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
* xfs: make the key parameters to all btree key comparison functions const
(git-fixes).
* xfs: make the key parameters to all btree query range functions const (git-
fixes).
* xfs: make the keys and records passed to btree inorder functions const (git-
fixes).
* xfs: make the pointer passed to btree set_root functions const (git-fixes).
* xfs: make the start pointer passed to btree alloc_block functions const
(git-fixes).
* xfs: make the start pointer passed to btree update_lastrec functions const
(git-fixes).
* xfs: mark the record passed into btree init_key functions as const (git-
fixes).
* xfs: mark the record passed into xchk_btree functions as const (git-fixes).
* xfs: remove xfs_btree_cur_t typedef (git-fixes).
* xfs: rename i_disk_size fields in ftrace output (git-fixes).
* xfs: resolve fork names in trace output (git-fixes).
* xfs: standardize ag block number formatting in ftrace output (git-fixes).
* xfs: standardize ag number formatting in ftrace output (git-fixes).
* xfs: standardize daddr formatting in ftrace output (git-fixes).
* xfs: standardize inode generation formatting in ftrace output (git-fixes).
* xfs: standardize inode number formatting in ftrace output (git-fixes).
* xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
* xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
* xhci: enable rpm on controllers that support low-power states (git-fixes).
* xhci: loosen rpm as default policy to cover for amd xhc 1.1 (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4782=1 openSUSE-SLE-15.4-2023-4782=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4782=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* ocfs2-kmp-azure-5.14.21-150400.14.75.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-optional-5.14.21-150400.14.75.1
* gfs2-kmp-azure-5.14.21-150400.14.75.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.75.1
* cluster-md-kmp-azure-5.14.21-150400.14.75.1
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.75.1
* kernel-syms-azure-5.14.21-150400.14.75.1
* kernel-azure-debugsource-5.14.21-150400.14.75.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.75.1
* dlm-kmp-azure-5.14.21-150400.14.75.1
* kselftests-kmp-azure-5.14.21-150400.14.75.1
* kernel-azure-devel-5.14.21-150400.14.75.1
* kernel-azure-extra-5.14.21-150400.14.75.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* reiserfs-kmp-azure-5.14.21-150400.14.75.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.75.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.75.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.75.1
* kernel-source-azure-5.14.21-150400.14.75.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.75.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-azure-debuginfo-5.14.21-150400.14.75.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.75.1
* kernel-syms-azure-5.14.21-150400.14.75.1
* kernel-azure-devel-5.14.21-150400.14.75.1
* kernel-azure-debugsource-5.14.21-150400.14.75.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.75.1
* kernel-source-azure-5.14.21-150400.14.75.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2006.html
* https://www.suse.com/security/cve/CVE-2023-25775.html
* https://www.suse.com/security/cve/CVE-2023-39197.html
* https://www.suse.com/security/cve/CVE-2023-39198.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-45863.html
* https://www.suse.com/security/cve/CVE-2023-45871.html
* https://www.suse.com/security/cve/CVE-2023-46862.html
* https://www.suse.com/security/cve/CVE-2023-5158.html
* https://www.suse.com/security/cve/CVE-2023-5717.html
* https://www.suse.com/security/cve/CVE-2023-6039.html
* https://www.suse.com/security/cve/CVE-2023-6176.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210447
* https://bugzilla.suse.com/show_bug.cgi?id=1214286
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://bugzilla.suse.com/show_bug.cgi?id=1215124
* https://bugzilla.suse.com/show_bug.cgi?id=1215292
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1215458
* https://bugzilla.suse.com/show_bug.cgi?id=1215710
* https://bugzilla.suse.com/show_bug.cgi?id=1216058
* https://bugzilla.suse.com/show_bug.cgi?id=1216105
* https://bugzilla.suse.com/show_bug.cgi?id=1216259
* https://bugzilla.suse.com/show_bug.cgi?id=1216584
* https://bugzilla.suse.com/show_bug.cgi?id=1216693
* https://bugzilla.suse.com/show_bug.cgi?id=1216759
* https://bugzilla.suse.com/show_bug.cgi?id=1216844
* https://bugzilla.suse.com/show_bug.cgi?id=1216861
* https://bugzilla.suse.com/show_bug.cgi?id=1216909
* https://bugzilla.suse.com/show_bug.cgi?id=1216959
* https://bugzilla.suse.com/show_bug.cgi?id=1216965
* https://bugzilla.suse.com/show_bug.cgi?id=1216976
* https://bugzilla.suse.com/show_bug.cgi?id=1217036
* https://bugzilla.suse.com/show_bug.cgi?id=1217068
* https://bugzilla.suse.com/show_bug.cgi?id=1217086
* https://bugzilla.suse.com/show_bug.cgi?id=1217124
* https://bugzilla.suse.com/show_bug.cgi?id=1217140
* https://bugzilla.suse.com/show_bug.cgi?id=1217195
* https://bugzilla.suse.com/show_bug.cgi?id=1217200
* https://bugzilla.suse.com/show_bug.cgi?id=1217205
* https://bugzilla.suse.com/show_bug.cgi?id=1217332
* https://bugzilla.suse.com/show_bug.cgi?id=1217366
* https://bugzilla.suse.com/show_bug.cgi?id=1217515
* https://bugzilla.suse.com/show_bug.cgi?id=1217598
* https://bugzilla.suse.com/show_bug.cgi?id=1217599
* https://bugzilla.suse.com/show_bug.cgi?id=1217609
* https://bugzilla.suse.com/show_bug.cgi?id=1217687
* https://bugzilla.suse.com/show_bug.cgi?id=1217731
* https://bugzilla.suse.com/show_bug.cgi?id=1217780
* https://jira.suse.com/browse/PED-3184
* https://jira.suse.com/browse/PED-5021
* https://jira.suse.com/browse/PED-7237
1
0
13 Dec '23
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2023:4787-1
Rating: important
References:
* bsc#1217765
* bsc#1217766
Cross-References:
* CVE-2023-6377
* CVE-2023-6478
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues:
* CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button
actions(bsc#1217765).
* CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (bsc#1217766).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4787=1 openSUSE-SLE-15.5-2023-4787=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4787=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4787=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-Xvfb-21.1.4-150500.7.10.1
* xorg-x11-server-extra-21.1.4-150500.7.10.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-debugsource-21.1.4-150500.7.10.1
* xorg-x11-server-sdk-21.1.4-150500.7.10.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-source-21.1.4-150500.7.10.1
* xorg-x11-server-21.1.4-150500.7.10.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-Xvfb-21.1.4-150500.7.10.1
* xorg-x11-server-extra-21.1.4-150500.7.10.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-debugsource-21.1.4-150500.7.10.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.10.1
* xorg-x11-server-21.1.4-150500.7.10.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-21.1.4-150500.7.10.1
* xorg-x11-server-sdk-21.1.4-150500.7.10.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.10.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://www.suse.com/security/cve/CVE-2023-6478.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
* https://bugzilla.suse.com/show_bug.cgi?id=1217766
1
0
13 Dec '23
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2023:4791-1
Rating: important
References:
* bsc#1217765
* bsc#1217766
Cross-References:
* CVE-2023-6377
* CVE-2023-6478
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves two vulnerabilities can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues:
* CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions
(bsc#1217765).
* CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (bsc#1217766).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4791=1 openSUSE-SLE-15.4-2023-4791=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4791=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4791=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xorg-x11-server-source-1.20.3-150400.38.32.1
* xorg-x11-server-debugsource-1.20.3-150400.38.32.1
* xorg-x11-server-1.20.3-150400.38.32.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.32.1
* xorg-x11-server-extra-1.20.3-150400.38.32.1
* xorg-x11-server-sdk-1.20.3-150400.38.32.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.32.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-1.20.3-150400.38.32.1
* xorg-x11-server-1.20.3-150400.38.32.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.32.1
* xorg-x11-server-extra-1.20.3-150400.38.32.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.32.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-debugsource-1.20.3-150400.38.32.1
* xorg-x11-server-sdk-1.20.3-150400.38.32.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.32.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://www.suse.com/security/cve/CVE-2023-6478.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
* https://bugzilla.suse.com/show_bug.cgi?id=1217766
1
0
SUSE-SU-2023:4775-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5)
by null@suse.de 13 Dec '23
by null@suse.de 13 Dec '23
13 Dec '23
# Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5)
Announcement ID: SUSE-SU-2023:4775-1
Rating: important
References:
* bsc#1215097
* bsc#1215442
* bsc#1215519
* bsc#1215971
Cross-References:
* CVE-2023-2163
* CVE-2023-3777
* CVE-2023-4622
* CVE-2023-5345
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_13_18 fixes several issues.
The following security issues were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
* CVE-2023-5345: Fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215971)
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215442).
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215519)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4775=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4779=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4779=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_13-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_15_53-rt-3-150400.2.1
* kernel-livepatch-5_14_21-150400_15_53-rt-debuginfo-3-150400.2.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_18-rt-3-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-3-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_18-rt-3-150500.2.1
* kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-3-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-3-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
* https://bugzilla.suse.com/show_bug.cgi?id=1215442
* https://bugzilla.suse.com/show_bug.cgi?id=1215519
* https://bugzilla.suse.com/show_bug.cgi?id=1215971
1
0
SUSE-SU-2023:4781-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)
by null@suse.de 13 Dec '23
by null@suse.de 13 Dec '23
13 Dec '23
# Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP5)
Announcement ID: SUSE-SU-2023:4781-1
Rating: important
References:
* bsc#1215097
Cross-References:
* CVE-2023-3777
CVSS scores:
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro 6.0
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_13_24 fixes one issue.
The following security issue was fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215097)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4781=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4781=1
## Package List:
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_24-rt-2-150500.2.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-2-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215097
1
0
# Security update for xwayland
Announcement ID: SUSE-SU-2023:4788-1
Rating: important
References:
* bsc#1217765
* bsc#1217766
Cross-References:
* CVE-2023-6377
* CVE-2023-6478
CVSS scores:
* CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for xwayland fixes the following issues:
* CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button
actions(bsc#1217765).
* CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (bsc#1217766).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4788=1 openSUSE-SLE-15.5-2023-4788=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4788=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* xwayland-debuginfo-22.1.5-150500.7.8.1
* xwayland-debugsource-22.1.5-150500.7.8.1
* xwayland-devel-22.1.5-150500.7.8.1
* xwayland-22.1.5-150500.7.8.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* xwayland-debuginfo-22.1.5-150500.7.8.1
* xwayland-debugsource-22.1.5-150500.7.8.1
* xwayland-22.1.5-150500.7.8.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6377.html
* https://www.suse.com/security/cve/CVE-2023-6478.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217765
* https://bugzilla.suse.com/show_bug.cgi?id=1217766
1
0
12 Dec '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4734-1
Rating: important
References:
* bsc#1084909
* bsc#1207948
* bsc#1210447
* bsc#1214286
* bsc#1214700
* bsc#1214840
* bsc#1214976
* bsc#1215123
* bsc#1215124
* bsc#1215292
* bsc#1215420
* bsc#1215458
* bsc#1215710
* bsc#1215802
* bsc#1215931
* bsc#1216058
* bsc#1216105
* bsc#1216259
* bsc#1216527
* bsc#1216584
* bsc#1216687
* bsc#1216693
* bsc#1216759
* bsc#1216788
* bsc#1216844
* bsc#1216861
* bsc#1216909
* bsc#1216959
* bsc#1216965
* bsc#1216976
* bsc#1217036
* bsc#1217068
* bsc#1217086
* bsc#1217095
* bsc#1217124
* bsc#1217140
* bsc#1217147
* bsc#1217195
* bsc#1217196
* bsc#1217200
* bsc#1217205
* bsc#1217332
* bsc#1217366
* bsc#1217511
* bsc#1217515
* bsc#1217598
* bsc#1217599
* bsc#1217609
* bsc#1217687
* bsc#1217731
* bsc#1217780
* jsc#PED-3184
* jsc#PED-5021
* jsc#PED-7237
Cross-References:
* CVE-2023-2006
* CVE-2023-25775
* CVE-2023-39197
* CVE-2023-39198
* CVE-2023-4244
* CVE-2023-45863
* CVE-2023-45871
* CVE-2023-46862
* CVE-2023-5158
* CVE-2023-5633
* CVE-2023-5717
* CVE-2023-6039
* CVE-2023-6176
CVSS scores:
* CVE-2023-2006 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2006 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-25775 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-25775 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-39197 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39198 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39198 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45871 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45871 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46862 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5158 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5158 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-5633 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5633 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5717 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6039 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 13 vulnerabilities, contains three features and has 38
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-2006: Fixed a race condition in the RxRPC network protocol
(bsc#1210447).
* CVE-2023-25775: Fixed improper access control in the Intel Ethernet
Controller RDMA driver (bsc#1216959).
* CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet()
(bsc#1216976).
* CVE-2023-39198: Fixed a race condition leading to use-after-free in
qxl_mode_dumb_create() (bsc#1216965).
* CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which
could be exploited to achieve local privilege escalation (bsc#1215420).
* CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path()
(bsc#1216058).
* CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may
not be adequate for frames larger than the MTU (bsc#1216259).
* CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo()
(bsc#1216693).
* CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in
drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
* CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were
handled when they were being used to store a surface (bsc#1216527).
* CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the
Performance Events component (bsc#1216584).
* CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in
drivers/net/usb/lan78xx.c (bsc#1217068).
* CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm
scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
* acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
* acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
* acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
* acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
* alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
* alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
* alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
* alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
* alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
* alsa: hda/realtek: add quirks for hp laptops (git-fixes).
* alsa: hda/realtek: add support dual speaker for dell (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
* alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
* alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-
fixes).
* alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
* alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
* alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
* alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
* alsa: info: fix potential deadlock at disconnection (git-fixes).
* alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices
(git-fixes).
* arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
* arm64: add cortex-a520 cpu part definition (git-fixes)
* arm64: allow kprobes on el0 handlers (git-fixes)
* arm64: armv8_deprecated move emulation functions (git-fixes)
* arm64: armv8_deprecated: fix unused-function error (git-fixes)
* arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
* arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
* arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
* arm64: consistently pass esr_elx to die() (git-fixes)
* arm64: die(): pass 'err' as long (git-fixes)
* arm64: factor insn read out of call_undef_hook() (git-fixes)
* arm64: factor out el1 ssbs emulation hook (git-fixes)
* arm64: report el1 undefs better (git-fixes)
* arm64: rework bti exception handling (git-fixes)
* arm64: rework el0 mrs emulation (git-fixes)
* arm64: rework fpac exception handling (git-fixes)
* arm64: split el0/el1 undef handlers (git-fixes)
* arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
* asoc: ams-delta.c: use component after check (git-fixes).
* asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix
(git-fixes).
* asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
* asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
* asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
* asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not
described (git-fixes).
* asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
* asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
* asoc: rt5650: fix the wrong result of key button (git-fixes).
* asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
* asoc: sof: core: ensure sof_ops_free() is still called when probe never ran
(git-fixes).
* asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
* ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
* atl1c: work around the dma rx overflow issue (git-fixes).
* atm: iphase: do pci error checks on own line (git-fixes).
* blk-mq: do not clear driver tags own mapping (bsc#1217366).
* blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
(bsc#1217366).
* bluetooth: add device 0bda:887b to device tables (git-fixes).
* bluetooth: add device 13d3:3571 to device tables (git-fixes).
* bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
* bluetooth: btusb: add date->evt_skb is null check (git-fixes).
* bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-
fixes).
* bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-
fixes).
* btrfs: always log symlinks in full mode (bsc#1214840).
* can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is
accessed out of bounds (git-fixes).
* can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
* can: dev: can_restart(): fix race condition between controller restart and
netif_carrier_on() (git-fixes).
* can: isotp: add local echo tx processing for consecutive frames (git-fixes).
* can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-
fixes).
* can: isotp: fix tx state handling for echo tx processing (git-fixes).
* can: isotp: handle wait_event_interruptible() return values (git-fixes).
* can: isotp: isotp_bind(): return -einval on incorrect can id formatting
(git-fixes).
* can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-
fixes).
* can: isotp: remove re-binding of bound socket (git-fixes).
* can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
* can: isotp: set max pdu size to 64 kbyte (git-fixes).
* can: isotp: split tx timer into transmission and timeout (git-fixes).
* can: sja1000: fix comment (git-fixes).
* clk: imx: imx8mq: correct error handling path (git-fixes).
* clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
* clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
* clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
* clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
* clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
* clk: npcm7xx: fix incorrect kfree (git-fixes).
* clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies
(git-fixes).
* clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
* clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-
fixes).
* clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-
fixes).
* clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
* clk: sanitize possible_parent_show to handle return value of
of_clk_get_parent_name (git-fixes).
* clk: scmi: free scmi_clk allocated when the clocks with invalid info are
skipped (git-fixes).
* clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
* clk: ti: change ti_clk_register_omap_hw api (git-fixes).
* clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
* clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
* clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-
fixes).
* clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware
(git-fixes).
* clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
* crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
* crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
* disable loongson drivers loongson is a mips architecture, it does not make
sense to build loongson drivers on other architectures.
* dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-
fixes).
* dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-
fixes).
* dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
* dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
* doc/readme.suse: adjust heading style (jsc#ped-5021) * underscore all
headings as a preparation for markdown conversion. * use title-style
capitalization for the document name and sentence-style capitalization for
section headings, as recommended in the current suse documentation style
guide.
* doc/readme.suse: bring information about compiling up to date (jsc#ped-5021)
* when building the kernel, do not mention to initially change the current
directory to /usr/src/linux because later description discourages it and
specifies to use 'make -c /usr/src/linux'. * avoid writing additional
details in parentheses, incorporate them instead properly in the text. * fix
the obsolete name of /etc/modprobe.d/unsupported-modules ->
/etc/modprobe.d/10-unsupported-modules.conf. * drop a note that a newly
built kernel should be added to the boot manager because that normally
happens automatically when running 'make install'. * update a link to the
kernel module packages manual. * when preparing a build for external
modules, mention use of the upstream recommended 'make modules_prepare'
instead of a pair of 'make prepare' \+ 'make scripts'. * fix some
typos+grammar.
* doc/readme.suse: bring the overview section up to date (jsc#ped-5021) *
update informa