February 2023 - openSUSE Security Announce

openSUSE-SU-2023:0048-1: moderate: Security update for gssntlmssp
by opensuse-security＠opensuse.org 18 Feb '23

18 Feb '23

openSUSE Security Update: Security update for gssntlmssp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0048-1 Rating: moderate References: #1208278 #1208279 #1208280 #1208281 #1208282 Cross-References: CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 CVSS scores: CVE-2023-25563 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25564 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2023-25565 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25566 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-25567 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for gssntlmssp fixes the following issues: Update to version 1.2.0 * Implement gss_set_cred_option. * Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated. * Move HMAC code to OpenSSL EVP API. * Fix crash bug when acceptor credentials are NULL. * Translations update from Fedora Weblate. Fix security issues: * CVE-2023-25563 (boo#1208278): multiple out-of-bounds read when decoding NTLM fields. * CVE-2023-25564 (boo#1208279): memory corruption when decoding UTF16 strings. * CVE-2023-25565 (boo#1208280): incorrect free when decoding target information. * CVE-2023-25566 (boo#1208281): memory leak when parsing usernames. * CVE-2023-25567 (boo#1208282): out-of-bounds read when decoding target information. Update to version 1.1 * various build fixes and better compatibility when a MIC is requested. Update to version 1.0 * Fix test_gssapi_rfc5587. * Actually run tests with make check. * Add two tests around NTLMSSP_NEGOTIATE_LMKEY. * Refine LM compatibility level logic. * Refactor the gssntlm_required_security function. * Implement reading LM/NT hashes. * Add test for smpasswd-like user files. * Return confidentiality status. * Fix segfault in sign/seal functions. * Fix dummy signature generation. * Use UCS16LE instead of UCS-2LE. * Provide a zero lm key if the password is too long. * Completely omit CBs AV pairs when no CB provided. * Change license to the more permissive ISC. * Do not require cached users with winbind. * Add ability to pass keyfile via cred store. * Remove unused parts of Makefile.am. * Move attribute names to allocated strings. * Adjust serialization for name attributes. * Fix crash in acquiring credentials. * Fix fallback to external_creds interface. * Introduce parse_user_name() function. * Add test for parse_user_name. * Change how we assemble user names in ASC. * Use thread local storage for winbind context. * Make per thread winbind context optional. * Fixed memleak of usr_cred. * Support get_sids request via name attributes. * Fixed memory leaks found by valgrind. - Update to version 0.9 * add support for getting session key. * Add gss_inquire_attrs_for_mech(). * Return actual data for RFC5587 API. * Add new Windows version flags. * Add Key exchange also when wanting integrity only. * Drop support for GSS_C_MA_NOT_DFLT_MECH. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-48=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): gssntlmssp-1.2.0-bp154.2.3.1 gssntlmssp-devel-1.2.0-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-25563.html https://www.suse.com/security/cve/CVE-2023-25564.html https://www.suse.com/security/cve/CVE-2023-25565.html https://www.suse.com/security/cve/CVE-2023-25566.html https://www.suse.com/security/cve/CVE-2023-25567.html https://bugzilla.suse.com/1208278 https://bugzilla.suse.com/1208279 https://bugzilla.suse.com/1208280 https://bugzilla.suse.com/1208281 https://bugzilla.suse.com/1208282

1 0

SUSE-SU-2023:0443-1: important: Security update for mozilla-nss
by opensuse-security＠opensuse.org 17 Feb '23

17 Feb '23

SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0443-1 Rating: important References: #1208138 Cross-References: CVE-2023-0767 CVSS scores: CVE-2023-0767 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-443=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-443=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-443=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-443=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-443=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-443=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-443=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-443=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-443=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-443=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-443=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-443=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-443=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-443=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-443=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-443=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Server 4.2 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Manager Proxy 4.2 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7.1 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.79.4-150000.3.93.1 libfreebl3-32bit-3.79.4-150000.3.93.1 libfreebl3-32bit-debuginfo-3.79.4-150000.3.93.1 libfreebl3-debuginfo-3.79.4-150000.3.93.1 libfreebl3-hmac-3.79.4-150000.3.93.1 libfreebl3-hmac-32bit-3.79.4-150000.3.93.1 libsoftokn3-3.79.4-150000.3.93.1 libsoftokn3-32bit-3.79.4-150000.3.93.1 libsoftokn3-32bit-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-debuginfo-3.79.4-150000.3.93.1 libsoftokn3-hmac-3.79.4-150000.3.93.1 libsoftokn3-hmac-32bit-3.79.4-150000.3.93.1 mozilla-nss-3.79.4-150000.3.93.1 mozilla-nss-32bit-3.79.4-150000.3.93.1 mozilla-nss-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-3.79.4-150000.3.93.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-certs-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-debugsource-3.79.4-150000.3.93.1 mozilla-nss-devel-3.79.4-150000.3.93.1 mozilla-nss-sysinit-3.79.4-150000.3.93.1 mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.93.1 mozilla-nss-tools-3.79.4-150000.3.93.1 mozilla-nss-tools-debuginfo-3.79.4-150000.3.93.1 References: https://www.suse.com/security/cve/CVE-2023-0767.html https://bugzilla.suse.com/1208138

1 0

SUSE-SU-2023:0444-1: important: Security update for rubygem-actionpack-5_1
by opensuse-security＠opensuse.org 17 Feb '23

17 Feb '23

SUSE Security Update: Security update for rubygem-actionpack-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0444-1 Rating: important References: #1207451 #1207455 Cross-References: CVE-2023-22792 CVE-2023-22795 CVSS scores: CVE-2023-22792 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-22795 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache (bsc#1207451). - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies (bnc#1207455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-444=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-444=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 References: https://www.suse.com/security/cve/CVE-2023-22792.html https://www.suse.com/security/cve/CVE-2023-22795.html https://bugzilla.suse.com/1207451 https://bugzilla.suse.com/1207455

1 0

SUSE-SU-2023:0435-1: moderate: Security update for java-17-openjdk
by opensuse-security＠opensuse.org 16 Feb '23

16 Feb '23

SUSE Security Update: Security update for java-17-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0435-1 Rating: moderate References: #1205916 #1207246 #1207248 Cross-References: CVE-2023-21835 CVE-2023-21843 CVSS scores: CVE-2023-21835 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-21835 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-21843 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-21843 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-435=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-435=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.6.0-150400.3.12.1 java-17-openjdk-accessibility-17.0.6.0-150400.3.12.1 java-17-openjdk-accessibility-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-debugsource-17.0.6.0-150400.3.12.1 java-17-openjdk-demo-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-jmods-17.0.6.0-150400.3.12.1 java-17-openjdk-src-17.0.6.0-150400.3.12.1 - openSUSE Leap 15.4 (noarch): java-17-openjdk-javadoc-17.0.6.0-150400.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.6.0-150400.3.12.1 java-17-openjdk-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-debugsource-17.0.6.0-150400.3.12.1 java-17-openjdk-demo-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-17.0.6.0-150400.3.12.1 java-17-openjdk-devel-debuginfo-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-17.0.6.0-150400.3.12.1 java-17-openjdk-headless-debuginfo-17.0.6.0-150400.3.12.1 References: https://www.suse.com/security/cve/CVE-2023-21835.html https://www.suse.com/security/cve/CVE-2023-21843.html https://bugzilla.suse.com/1205916 https://bugzilla.suse.com/1207246 https://bugzilla.suse.com/1207248

1 0

SUSE-SU-2023:0434-1: important: Security update for mozilla-nss
by opensuse-security＠opensuse.org 16 Feb '23

16 Feb '23

SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0434-1 Rating: important References: #1208138 Cross-References: CVE-2023-0767 CVSS scores: CVE-2023-0767 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-434=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-434=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-434=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-434=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-devel-3.79.4-150400.3.26.1 mozilla-nss-sysinit-3.79.4-150400.3.26.1 mozilla-nss-sysinit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79.4-150400.3.26.1 libfreebl3-32bit-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-sysinit-32bit-3.79.4-150400.3.26.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150400.3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-devel-3.79.4-150400.3.26.1 mozilla-nss-sysinit-3.79.4-150400.3.26.1 mozilla-nss-sysinit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79.4-150400.3.26.1 libfreebl3-32bit-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-3.79.4-150400.3.26.1 libsoftokn3-32bit-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-3.79.4-150400.3.26.1 mozilla-nss-32bit-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-3.79.4-150400.3.26.1 mozilla-nss-certs-32bit-debuginfo-3.79.4-150400.3.26.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libfreebl3-3.79.4-150400.3.26.1 libfreebl3-debuginfo-3.79.4-150400.3.26.1 libfreebl3-hmac-3.79.4-150400.3.26.1 libsoftokn3-3.79.4-150400.3.26.1 libsoftokn3-debuginfo-3.79.4-150400.3.26.1 libsoftokn3-hmac-3.79.4-150400.3.26.1 mozilla-nss-3.79.4-150400.3.26.1 mozilla-nss-certs-3.79.4-150400.3.26.1 mozilla-nss-certs-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debuginfo-3.79.4-150400.3.26.1 mozilla-nss-debugsource-3.79.4-150400.3.26.1 mozilla-nss-tools-3.79.4-150400.3.26.1 mozilla-nss-tools-debuginfo-3.79.4-150400.3.26.1 References: https://www.suse.com/security/cve/CVE-2023-0767.html https://bugzilla.suse.com/1208138

1 0

SUSE-SU-2023:0433-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 16 Feb '23

16 Feb '23

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0433-1 Rating: important References: #1065729 #1185861 #1185863 #1186449 #1191256 #1192868 #1193629 #1194869 #1195175 #1195655 #1196058 #1199701 #1204063 #1204356 #1204662 #1205495 #1206006 #1206036 #1206056 #1206057 #1206258 #1206363 #1206459 #1206616 #1206677 #1206784 #1207010 #1207034 #1207036 #1207050 #1207125 #1207134 #1207149 #1207158 #1207184 #1207186 #1207190 #1207237 #1207263 #1207269 #1207497 #1207500 #1207501 #1207506 #1207507 #1207734 #1207769 #1207795 #1207842 #1207878 #1207933 SLE-21132 SLE-24682 Cross-References: CVE-2020-24588 CVE-2022-4382 CVE-2022-47929 CVE-2023-0122 CVE-2023-0179 CVE-2023-0266 CVE-2023-0590 CVE-2023-23454 CVE-2023-23455 CVSS scores: CVE-2020-24588 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-24588 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-4382 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4382 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-0122 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-0179 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-0590 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities, contains two features and has 42 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes). - Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes). - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). - Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). - Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes). - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" (git-fixes). - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-433=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-433=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-433=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-433=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-433=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-433=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-433=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-433=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-433=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.46.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.46.1 dlm-kmp-default-5.14.21-150400.24.46.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.46.1 gfs2-kmp-default-5.14.21-150400.24.46.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-base-rebuild-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-devel-5.14.21-150400.24.46.1 kernel-default-devel-debuginfo-5.14.21-150400.24.46.1 kernel-default-extra-5.14.21-150400.24.46.1 kernel-default-extra-debuginfo-5.14.21-150400.24.46.1 kernel-default-livepatch-5.14.21-150400.24.46.1 kernel-default-livepatch-devel-5.14.21-150400.24.46.1 kernel-default-optional-5.14.21-150400.24.46.1 kernel-default-optional-debuginfo-5.14.21-150400.24.46.1 kernel-obs-build-5.14.21-150400.24.46.1 kernel-obs-build-debugsource-5.14.21-150400.24.46.1 kernel-obs-qa-5.14.21-150400.24.46.1 kernel-syms-5.14.21-150400.24.46.1 kselftests-kmp-default-5.14.21-150400.24.46.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.46.1 ocfs2-kmp-default-5.14.21-150400.24.46.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 reiserfs-kmp-default-5.14.21-150400.24.46.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.46.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.46.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.46.1 kernel-kvmsmall-devel-5.14.21-150400.24.46.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.46.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.46.1 kernel-debug-debuginfo-5.14.21-150400.24.46.1 kernel-debug-debugsource-5.14.21-150400.24.46.1 kernel-debug-devel-5.14.21-150400.24.46.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.46.1 kernel-debug-livepatch-devel-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.46.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 dlm-kmp-64kb-5.14.21-150400.24.46.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 dtb-allwinner-5.14.21-150400.24.46.1 dtb-altera-5.14.21-150400.24.46.1 dtb-amazon-5.14.21-150400.24.46.1 dtb-amd-5.14.21-150400.24.46.1 dtb-amlogic-5.14.21-150400.24.46.1 dtb-apm-5.14.21-150400.24.46.1 dtb-apple-5.14.21-150400.24.46.1 dtb-arm-5.14.21-150400.24.46.1 dtb-broadcom-5.14.21-150400.24.46.1 dtb-cavium-5.14.21-150400.24.46.1 dtb-exynos-5.14.21-150400.24.46.1 dtb-freescale-5.14.21-150400.24.46.1 dtb-hisilicon-5.14.21-150400.24.46.1 dtb-lg-5.14.21-150400.24.46.1 dtb-marvell-5.14.21-150400.24.46.1 dtb-mediatek-5.14.21-150400.24.46.1 dtb-nvidia-5.14.21-150400.24.46.1 dtb-qcom-5.14.21-150400.24.46.1 dtb-renesas-5.14.21-150400.24.46.1 dtb-rockchip-5.14.21-150400.24.46.1 dtb-socionext-5.14.21-150400.24.46.1 dtb-sprd-5.14.21-150400.24.46.1 dtb-xilinx-5.14.21-150400.24.46.1 gfs2-kmp-64kb-5.14.21-150400.24.46.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-5.14.21-150400.24.46.1 kernel-64kb-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-debugsource-5.14.21-150400.24.46.1 kernel-64kb-devel-5.14.21-150400.24.46.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-extra-5.14.21-150400.24.46.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.46.1 kernel-64kb-optional-5.14.21-150400.24.46.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.46.1 kselftests-kmp-64kb-5.14.21-150400.24.46.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 ocfs2-kmp-64kb-5.14.21-150400.24.46.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 reiserfs-kmp-64kb-5.14.21-150400.24.46.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.46.1 kernel-docs-5.14.21-150400.24.46.2 kernel-docs-html-5.14.21-150400.24.46.2 kernel-macros-5.14.21-150400.24.46.1 kernel-source-5.14.21-150400.24.46.1 kernel-source-vanilla-5.14.21-150400.24.46.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.46.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.46.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-extra-5.14.21-150400.24.46.1 kernel-default-extra-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-livepatch-5.14.21-150400.24.46.1 kernel-default-livepatch-devel-5.14.21-150400.24.46.1 kernel-livepatch-5_14_21-150400_24_46-default-1-150400.9.3.3 kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-1-150400.9.3.3 kernel-livepatch-SLE15-SP4_Update_8-debugsource-1-150400.9.3.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 reiserfs-kmp-default-5.14.21-150400.24.46.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.46.1 kernel-obs-build-debugsource-5.14.21-150400.24.46.1 kernel-syms-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.46.2 kernel-source-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 kernel-default-devel-5.14.21-150400.24.46.1 kernel-default-devel-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.46.1 kernel-64kb-debuginfo-5.14.21-150400.24.46.1 kernel-64kb-debugsource-5.14.21-150400.24.46.1 kernel-64kb-devel-5.14.21-150400.24.46.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.46.1 kernel-macros-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.46.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.46.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.46.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.46.1 kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.46.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.46.1 dlm-kmp-default-5.14.21-150400.24.46.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.46.1 gfs2-kmp-default-5.14.21-150400.24.46.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debuginfo-5.14.21-150400.24.46.1 kernel-default-debugsource-5.14.21-150400.24.46.1 ocfs2-kmp-default-5.14.21-150400.24.46.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.46.1 References: https://www.suse.com/security/cve/CVE-2020-24588.html https://www.suse.com/security/cve/CVE-2022-4382.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-0122.html https://www.suse.com/security/cve/CVE-2023-0179.html https://www.suse.com/security/cve/CVE-2023-0266.html https://www.suse.com/security/cve/CVE-2023-0590.html https://www.suse.com/security/cve/CVE-2023-23454.html https://www.suse.com/security/cve/CVE-2023-23455.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1185861 https://bugzilla.suse.com/1185863 https://bugzilla.suse.com/1186449 https://bugzilla.suse.com/1191256 https://bugzilla.suse.com/1192868 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195175 https://bugzilla.suse.com/1195655 https://bugzilla.suse.com/1196058 https://bugzilla.suse.com/1199701 https://bugzilla.suse.com/1204063 https://bugzilla.suse.com/1204356 https://bugzilla.suse.com/1204662 https://bugzilla.suse.com/1205495 https://bugzilla.suse.com/1206006 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206258 https://bugzilla.suse.com/1206363 https://bugzilla.suse.com/1206459 https://bugzilla.suse.com/1206616 https://bugzilla.suse.com/1206677 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1207010 https://bugzilla.suse.com/1207034 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207050 https://bugzilla.suse.com/1207125 https://bugzilla.suse.com/1207134 https://bugzilla.suse.com/1207149 https://bugzilla.suse.com/1207158 https://bugzilla.suse.com/1207184 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207190 https://bugzilla.suse.com/1207237 https://bugzilla.suse.com/1207263 https://bugzilla.suse.com/1207269 https://bugzilla.suse.com/1207497 https://bugzilla.suse.com/1207500 https://bugzilla.suse.com/1207501 https://bugzilla.suse.com/1207506 https://bugzilla.suse.com/1207507 https://bugzilla.suse.com/1207734 https://bugzilla.suse.com/1207769 https://bugzilla.suse.com/1207795 https://bugzilla.suse.com/1207842 https://bugzilla.suse.com/1207878 https://bugzilla.suse.com/1207933

1 0

SUSE-SU-2023:0431-1: important: Security update for apache2-mod_security2
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for apache2-mod_security2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0431-1 Rating: important References: #1207379 Cross-References: CVE-2023-24021 CVSS scores: CVE-2023-24021 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2023-24021 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_security2 fixes the following issues: - CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content (bsc#1207379). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-431=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-431=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.4-150400.3.6.1 apache2-mod_security2-debuginfo-2.9.4-150400.3.6.1 apache2-mod_security2-debugsource-2.9.4-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_security2-2.9.4-150400.3.6.1 apache2-mod_security2-debuginfo-2.9.4-150400.3.6.1 apache2-mod_security2-debugsource-2.9.4-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2023-24021.html https://bugzilla.suse.com/1207379

1 0

SUSE-SU-2023:0429-1: important: Security update for curl
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0429-1 Rating: important References: #1207990 #1207991 #1207992 Cross-References: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVSS scores: CVE-2023-23914 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-23915 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2023-23916 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-429=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-429=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-429=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-429=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl-devel-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.15.1 libcurl4-32bit-7.79.1-150400.5.15.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl-devel-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.15.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.15.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): curl-7.79.1-150400.5.15.1 curl-debuginfo-7.79.1-150400.5.15.1 curl-debugsource-7.79.1-150400.5.15.1 libcurl4-7.79.1-150400.5.15.1 libcurl4-debuginfo-7.79.1-150400.5.15.1 References: https://www.suse.com/security/cve/CVE-2023-23914.html https://www.suse.com/security/cve/CVE-2023-23915.html https://www.suse.com/security/cve/CVE-2023-23916.html https://bugzilla.suse.com/1207990 https://bugzilla.suse.com/1207991 https://bugzilla.suse.com/1207992

1 0

SUSE-SU-2023:0423-1: moderate: Security update for aws-efs-utils
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for aws-efs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0423-1 Rating: moderate References: #1191055 #1206737 Cross-References: CVE-2022-46174 CVSS scores: CVE-2022-46174 (NVD) : 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46174 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for aws-efs-utils fixes the following issues: - Updated to version 1.34.5: - CVE-2022-46174: Fixed a race condition when mounting filesystems using TLS, which could result in various failures (bsc#1206737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-423=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-423=1 Package List: - openSUSE Leap 15.4 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-efs-utils-1.34.5-150100.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-46174.html https://bugzilla.suse.com/1191055 https://bugzilla.suse.com/1206737

1 0

SUSE-SU-2023:0427-1: important: Security update for bind
by opensuse-security＠opensuse.org 15 Feb '23

15 Feb '23

SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0427-1 Rating: important References: #1207471 Cross-References: CVE-2022-3094 CVSS scores: CVE-2022-3094 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3094 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-427=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-427=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-427=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-427=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-427=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-427=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-427=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-427=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-427=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-427=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-427=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bind-chrootenv-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Server 4.2 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Retail Branch Server 4.2 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Manager Proxy 4.2 (x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Manager Proxy 4.2 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): bind-9.16.6-150300.22.27.1 bind-chrootenv-9.16.6-150300.22.27.1 bind-debuginfo-9.16.6-150300.22.27.1 bind-debugsource-9.16.6-150300.22.27.1 bind-devel-9.16.6-150300.22.27.1 bind-utils-9.16.6-150300.22.27.1 bind-utils-debuginfo-9.16.6-150300.22.27.1 libbind9-1600-9.16.6-150300.22.27.1 libbind9-1600-debuginfo-9.16.6-150300.22.27.1 libdns1605-9.16.6-150300.22.27.1 libdns1605-debuginfo-9.16.6-150300.22.27.1 libirs-devel-9.16.6-150300.22.27.1 libirs1601-9.16.6-150300.22.27.1 libirs1601-debuginfo-9.16.6-150300.22.27.1 libisc1606-9.16.6-150300.22.27.1 libisc1606-debuginfo-9.16.6-150300.22.27.1 libisccc1600-9.16.6-150300.22.27.1 libisccc1600-debuginfo-9.16.6-150300.22.27.1 libisccfg1600-9.16.6-150300.22.27.1 libisccfg1600-debuginfo-9.16.6-150300.22.27.1 libns1604-9.16.6-150300.22.27.1 libns1604-debuginfo-9.16.6-150300.22.27.1 - SUSE Enterprise Storage 7.1 (noarch): bind-doc-9.16.6-150300.22.27.1 python3-bind-9.16.6-150300.22.27.1 References: https://www.suse.com/security/cve/CVE-2022-3094.html https://bugzilla.suse.com/1207471

1 0