openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2023
- 2 participants
- 58 discussions
20 Jul '23
# Security update for redis
Announcement ID: SUSE-SU-2023:2924-1
Rating: important
References:
* #1213193
Cross-References:
* CVE-2022-24834
CVSS scores:
* CVE-2022-24834 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-24834 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Server Applications Module 15-SP4
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for redis fixes the following issues:
* CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries
(bsc#1213193).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2924=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2924=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2924=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2924=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* redis-debuginfo-6.2.6-150400.3.22.1
* redis-debugsource-6.2.6-150400.3.22.1
* redis-6.2.6-150400.3.22.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* redis-debuginfo-6.2.6-150400.3.22.1
* redis-debugsource-6.2.6-150400.3.22.1
* redis-6.2.6-150400.3.22.1
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* redis-debuginfo-6.2.6-150400.3.22.1
* redis-debugsource-6.2.6-150400.3.22.1
* redis-6.2.6-150400.3.22.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* redis-debuginfo-6.2.6-150400.3.22.1
* redis-debugsource-6.2.6-150400.3.22.1
* redis-6.2.6-150400.3.22.1
## References:
* https://www.suse.com/security/cve/CVE-2022-24834.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213193
1
0
SUSE-SU-2023:2925-1: important: Security update for redis7
by security@lists.opensuse.org 20 Jul '23
by security@lists.opensuse.org 20 Jul '23
20 Jul '23
# Security update for redis7
Announcement ID: SUSE-SU-2023:2925-1
Rating: important
References:
* #1208790
* #1208793
* #1209528
* #1210548
* #1213193
* #1213249
Cross-References:
* CVE-2022-24834
* CVE-2022-36021
* CVE-2023-25155
* CVE-2023-28425
* CVE-2023-28856
* CVE-2023-36824
CVSS scores:
* CVE-2022-24834 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-24834 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-36021 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-36021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-25155 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-25155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28425 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28856 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-36824 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-36824 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves six vulnerabilities can now be installed.
## Description:
This update for redis7 fixes the following issues:
* CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries
(bsc#1213193).
* CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548).
* CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER,
ZRANDMEMBER, and HRANDFIELD (bsc#1208790).
* CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793).
* CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command
(bsc#1209528).
* CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation
(bsc#1213249).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-2925=1 openSUSE-SLE-15.5-2023-2925=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2925=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* redis7-7.0.8-150500.3.3.1
* redis7-debuginfo-7.0.8-150500.3.3.1
* redis7-debugsource-7.0.8-150500.3.3.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* redis7-7.0.8-150500.3.3.1
* redis7-debuginfo-7.0.8-150500.3.3.1
* redis7-debugsource-7.0.8-150500.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2022-24834.html
* https://www.suse.com/security/cve/CVE-2022-36021.html
* https://www.suse.com/security/cve/CVE-2023-25155.html
* https://www.suse.com/security/cve/CVE-2023-28425.html
* https://www.suse.com/security/cve/CVE-2023-28856.html
* https://www.suse.com/security/cve/CVE-2023-36824.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208790
* https://bugzilla.suse.com/show_bug.cgi?id=1208793
* https://bugzilla.suse.com/show_bug.cgi?id=1209528
* https://bugzilla.suse.com/show_bug.cgi?id=1210548
* https://bugzilla.suse.com/show_bug.cgi?id=1213193
* https://bugzilla.suse.com/show_bug.cgi?id=1213249
1
0
SUSE-SU-2023:2917-1: critical: Security update for SUSE Manager Client Tools
by security@lists.opensuse.org 20 Jul '23
by security@lists.opensuse.org 20 Jul '23
20 Jul '23
# Security update for SUSE Manager Client Tools
Announcement ID: SUSE-SU-2023:2917-1
Rating: critical
References:
* #1212099
* #1212100
* #1212641
Cross-References:
* CVE-2023-2183
* CVE-2023-2801
* CVE-2023-3128
CVSS scores:
* CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
* CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
* CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves three vulnerabilities and contains two features can now be
installed.
## Description:
This update fixes the following issues:
grafana:
* Update to version 9.5.5:
* CVE-2023-3128: Fix authentication bypass using Azure AD OAuth (bsc#1212641,
jsc#PED-3694)
* Bug fixes:
* Auth: Show invite button if disable login form is set to false.
* Azure: Fix Kusto auto-completion for Azure datasources.
* RBAC: Remove legacy AC editor and admin role on new dashboard route.
* API: Revert allowing editors to access GET /datasources.
* Settings: Add ability to override skip_org_role_sync with Env variables.
* Update to version 9.5.3:
* CVE-2023-2801: Query: Prevent crash while executing concurrent mixed queries
(bsc#1212099)
* CVE-2023-2183: Alerting: Require alert.notifications:write permissions to
test receivers and templates (bsc#1212100)
* Update to version 9.5.2: Alerting: Scheduler use rule fingerprint instead of
version. Explore: Update table min height. DataLinks: Encoded URL fixed.
TimeSeries: Fix leading null-fill for missing intervals. Dashboard: Revert
fixed header shown on mobile devices in the new panel header. PostgreSQL:
Fix TLS certificate issue by downgrading lib/pq. Provisioning: Fix
provisioning issues with legacy alerting and data source permissions.
Alerting: Fix misleading status code in provisioning API. Loki: Fix log
samples using `instant` queries. Panel Header: Implement new Panel Header on
Angular Panels. Azure Monitor: Fix bug that was not showing resources for
certain locations. Alerting: Fix panic when reparenting receivers to groups
following an attempted rename via Provisioning. Cloudwatch Logs: Clarify
Cloudwatch Logs Limits.
* Update to 9.5.1 Loki Variable Query Editor: Fix bug when the query is
updated Expressions: Fix expression load with legacy UID -100
## Patch Instructions:
To install this SUSE Critical update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2917=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2917=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2917=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2917=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.5-150200.3.44.1
* grafana-9.5.5-150200.3.44.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.5-150200.3.44.1
* grafana-9.5.5-150200.3.44.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.5-150200.3.44.1
* grafana-9.5.5-150200.3.44.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.5-150200.3.44.1
* grafana-9.5.5-150200.3.44.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2183.html
* https://www.suse.com/security/cve/CVE-2023-2801.html
* https://www.suse.com/security/cve/CVE-2023-3128.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212099
* https://bugzilla.suse.com/show_bug.cgi?id=1212100
* https://bugzilla.suse.com/show_bug.cgi?id=1212641
* https://jira.suse.com/browse/MSQA-687
* https://jira.suse.com/browse/PED-3694
1
0
SUSE-SU-2023:2263-2: important: Security update for python-Flask
by security@lists.opensuse.org 20 Jul '23
by security@lists.opensuse.org 20 Jul '23
20 Jul '23
# Security update for python-Flask
Announcement ID: SUSE-SU-2023:2263-2
Rating: important
References:
* #1211246
Cross-References:
* CVE-2023-30861
CVSS scores:
* CVE-2023-30861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-30861 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.5
An update that solves one vulnerability can now be installed.
## Description:
This update for python-Flask fixes the following issues:
* CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching
(bsc#1211246).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2263=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* python3-Flask-1.0.4-150400.3.3.1
* python3-Flask-doc-1.0.4-150400.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2023-30861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211246
1
0
SUSE-SU-2023:2284-2: important: Security update for texlive
by security@lists.opensuse.org 20 Jul '23
by security@lists.opensuse.org 20 Jul '23
20 Jul '23
# Security update for texlive
Announcement ID: SUSE-SU-2023:2284-2
Rating: important
References:
* #1211389
Cross-References:
* CVE-2023-32700
CVSS scores:
* CVE-2023-32700 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-32700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
An update that solves one vulnerability can now be installed.
## Description:
This update for texlive fixes the following issues:
* CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2284=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* texlive-de-macro-bin-2021.20210325.svn17399-150400.31.3.1
* texlive-pfarrei-bin-2021.20210325.svn29348-150400.31.3.1
* texlive-latex-bin-bin-2021.20210325.svn54358-150400.31.3.1
* texlive-chktex-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-context-bin-2021.20210325.svn34112-150400.31.3.1
* texlive-ctanupload-bin-2021.20210325.svn23866-150400.31.3.1
* texlive-xpdfopen-bin-2021.20210325.svn52917-150400.31.3.1
* texlive-musixtnt-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1
* texlive-makeindex-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-bibtex8-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-pdflatexpicscale-bin-2021.20210325.svn41779-150400.31.3.1
* texlive-texloganalyser-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-lacheck-bin-debuginfo-2021.20210325.svn53999-150400.31.3.1
* texlive-asymptote-bin-2021.20210325.svn57890-150400.31.3.1
* texlive-texplate-bin-2021.20210325.svn53444-150400.31.3.1
* texlive-tie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-latex-bin-dev-bin-2021.20210325.svn53999-150400.31.3.1
* texlive-latexindent-bin-2021.20210325.svn32150-150400.31.3.1
* texlive-bib2gls-bin-2021.20210325.svn45266-150400.31.3.1
* texlive-ptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-pdftex-quiet-bin-2021.20210325.svn49140-150400.31.3.1
* texlive-tikztosvg-bin-2021.20210325.svn55132-150400.31.3.1
* texlive-authorindex-bin-2021.20210325.svn18790-150400.31.3.1
* texlive-bundledoc-bin-2021.20210325.svn17794-150400.31.3.1
* texlive-lcdftypetools-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-pedigree-perl-bin-2021.20210325.svn25962-150400.31.3.1
* texlive-pkfix-bin-2021.20210325.svn13364-150400.31.3.1
* texlive-pst-pdf-bin-2021.20210325.svn7838-150400.31.3.1
* texlive-mex-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-m-tx-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1
* texlive-afm2pl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-asymptote-bin-debuginfo-2021.20210325.svn57890-150400.31.3.1
* texlive-ctie-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-kpathsea-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-lacheck-bin-2021.20210325.svn53999-150400.31.3.1
* texlive-optex-bin-2021.20210325.svn53804-150400.31.3.1
* texlive-afm2pl-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-make4ht-bin-2021.20210325.svn37750-150400.31.3.1
* texlive-ps2pk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-dvips-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* libptexenc1-1.3.9-150400.31.3.1
* texlive-bibexport-bin-2021.20210325.svn16219-150400.31.3.1
* texlive-gsftopk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-ctanify-bin-2021.20210325.svn24061-150400.31.3.1
* texlive-epspdf-bin-2021.20210325.svn29050-150400.31.3.1
* texlive-mfware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-omegaware-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-epstopdf-bin-2021.20210325.svn18336-150400.31.3.1
* texlive-pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-uplatex-bin-2021.20210325.svn52800-150400.31.3.1
* texlive-pax-bin-2021.20210325.svn10843-150400.31.3.1
* libtexlua53-5-debuginfo-5.3.6-150400.31.3.1
* texlive-luatex-bin-2021.20210325.svn58535-150400.31.3.1
* texlive-chklref-bin-2021.20210325.svn52631-150400.31.3.1
* texlive-yplan-bin-2021.20210325.svn34398-150400.31.3.1
* texlive-texware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-pmx-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-dviljk-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-debuginfo-2021.20210325-150400.31.3.1
* texlive-xetex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-match_parens-bin-2021.20210325.svn23500-150400.31.3.1
* texlive-texosquery-bin-2021.20210325.svn43596-150400.31.3.1
* texlive-debugsource-2021.20210325-150400.31.3.1
* texlive-luatex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1
* texlive-gregoriotex-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-xetex-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-autosp-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-aleph-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-synctex-bin-2021.20210325.svn58136-150400.31.3.1
* texlive-texliveonfly-bin-2021.20210325.svn24062-150400.31.3.1
* texlive-texlua-devel-5.3.6-150400.31.3.1
* texlive-pythontex-bin-2021.20210325.svn31638-150400.31.3.1
* texlive-bibtex-bin-2021.20210325.svn57878-150400.31.3.1
* libsynctex2-debuginfo-1.21-150400.31.3.1
* texlive-multibibliography-bin-2021.20210325.svn30534-150400.31.3.1
* texlive-texsis-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-cluttex-bin-2021.20210325.svn48871-150400.31.3.1
* texlive-latexpand-bin-2021.20210325.svn27025-150400.31.3.1
* texlive-tex4ebook-bin-2021.20210325.svn37771-150400.31.3.1
* texlive-fontinst-bin-2021.20210325.svn53554-150400.31.3.1
* texlive-pdfcrop-bin-2021.20210325.svn14387-150400.31.3.1
* texlive-ltxfileinfo-bin-2021.20210325.svn29005-150400.31.3.1
* texlive-ttfutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-dviout-util-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-latexfileversion-bin-2021.20210325.svn25012-150400.31.3.1
* texlive-cslatex-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-synctex-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1
* texlive-accfonts-bin-2021.20210325.svn12688-150400.31.3.1
* texlive-convbkmk-bin-2021.20210325.svn30408-150400.31.3.1
* texlive-dviasm-bin-2021.20210325.svn8329-150400.31.3.1
* texlive-mflua-bin-2021.20210325.svn58535-150400.31.3.1
* texlive-amstex-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-attachfile2-bin-2021.20210325.svn52909-150400.31.3.1
* texlive-xelatex-dev-bin-2021.20210325.svn53999-150400.31.3.1
* texlive-findhyph-bin-2021.20210325.svn14758-150400.31.3.1
* texlive-scripts-bin-2021.20210325.svn55172-150400.31.3.1
* texlive-pdftex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1
* texlive-wordcount-bin-2021.20210325.svn46165-150400.31.3.1
* texlive-fontware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-ulqda-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-xindex-bin-2021.20210325.svn49312-150400.31.3.1
* texlive-tex4ht-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-mkgrkindex-bin-2021.20210325.svn14428-150400.31.3.1
* texlive-uptex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-cweb-bin-2021.20210325.svn58136-150400.31.3.1
* texlive-urlbst-bin-2021.20210325.svn23262-150400.31.3.1
* texlive-bin-devel-2021.20210325-150400.31.3.1
* texlive-a2ping-bin-2021.20210325.svn27321-150400.31.3.1
* texlive-texware-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-webquiz-bin-2021.20210325.svn50419-150400.31.3.1
* texlive-tex4ht-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-dvipdfmx-bin-2021.20210325.svn58535-150400.31.3.1
* texlive-dvisvgm-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-ctie-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-ketcindy-bin-2021.20210325.svn49033-150400.31.3.1
* texlive-latex-git-log-bin-2021.20210325.svn30983-150400.31.3.1
* texlive-metapost-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-pkfix-helper-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-ctanbib-bin-2021.20210325.svn48478-150400.31.3.1
* texlive-ptex-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-pdfbook2-bin-2021.20210325.svn37537-150400.31.3.1
* texlive-2021.20210325-150400.31.3.1
* texlive-latex-papersize-bin-2021.20210325.svn42296-150400.31.3.1
* texlive-synctex-devel-1.21-150400.31.3.1
* texlive-mf2pt1-bin-2021.20210325.svn23406-150400.31.3.1
* texlive-splitindex-bin-2021.20210325.svn29688-150400.31.3.1
* texlive-velthuis-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1
* texlive-pdfxup-bin-2021.20210325.svn40690-150400.31.3.1
* texlive-purifyeps-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-latexdiff-bin-2021.20210325.svn16420-150400.31.3.1
* texlive-tpic2pdftex-bin-2021.20210325.svn50281-150400.31.3.1
* libtexlua53-5-5.3.6-150400.31.3.1
* texlive-luaotfload-bin-2021.20210325.svn34647-150400.31.3.1
* texlive-bibtexu-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-cjkutils-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-ttfutils-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-crossrefware-bin-2021.20210325.svn45927-150400.31.3.1
* texlive-axodraw2-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-detex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-dviinfox-bin-2021.20210325.svn44515-150400.31.3.1
* texlive-listings-ext-bin-2021.20210325.svn15093-150400.31.3.1
* texlive-luajittex-bin-2021.20210325.svn58535-150400.31.3.1
* texlive-ps2pk-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-pdftosrc-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-dvisvgm-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-texdoctk-bin-2021.20210325.svn29741-150400.31.3.1
* texlive-glossaries-bin-2021.20210325.svn37813-150400.31.3.1
* texlive-seetexk-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-vlna-bin-2021.20210325.svn50281-150400.31.3.1
* texlive-patgen-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-detex-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-seetexk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* libptexenc1-debuginfo-1.3.9-150400.31.3.1
* texlive-petri-nets-bin-2021.20210325.svn39165-150400.31.3.1
* texlive-platex-bin-2021.20210325.svn52800-150400.31.3.1
* texlive-metafont-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-kotex-utils-bin-2021.20210325.svn32101-150400.31.3.1
* texlive-dvipng-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-tie-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-texdiff-bin-2021.20210325.svn15506-150400.31.3.1
* texlive-metapost-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-xpdfopen-bin-debuginfo-2021.20210325.svn52917-150400.31.3.1
* texlive-csplain-bin-2021.20210325.svn50528-150400.31.3.1
* texlive-lollipop-bin-2021.20210325.svn41465-150400.31.3.1
* libsynctex2-1.21-150400.31.3.1
* texlive-axodraw2-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-makeindex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-texdef-bin-2021.20210325.svn45011-150400.31.3.1
* texlive-light-latex-make-bin-2021.20210325.svn56352-150400.31.3.1
* texlive-latexmk-bin-2021.20210325.svn10937-150400.31.3.1
* texlive-albatross-bin-2021.20210325.svn57089-150400.31.3.1
* texlive-dvicopy-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-lilyglyphs-bin-2021.20210325.svn31696-150400.31.3.1
* texlive-arara-bin-2021.20210325.svn29036-150400.31.3.1
* texlive-srcredact-bin-2021.20210325.svn38710-150400.31.3.1
* texlive-dvipdfmx-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1
* texlive-makedtx-bin-2021.20210325.svn38769-150400.31.3.1
* texlive-ltximg-bin-2021.20210325.svn32346-150400.31.3.1
* texlive-pmxchords-bin-2021.20210325.svn32405-150400.31.3.1
* texlive-metafont-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-pdfjam-bin-2021.20210325.svn52858-150400.31.3.1
* texlive-cjk-gs-integrate-bin-2021.20210325.svn37223-150400.31.3.1
* texlive-bibtexu-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-typeoutfileinfo-bin-2021.20210325.svn25648-150400.31.3.1
* texlive-mfware-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-checklistings-bin-2021.20210325.svn38300-150400.31.3.1
* texlive-fontware-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-mkpic-bin-2021.20210325.svn33688-150400.31.3.1
* texlive-chktex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-scripts-extra-bin-2021.20210325.svn53577-150400.31.3.1
* texlive-dvidvi-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-texfot-bin-2021.20210325.svn33155-150400.31.3.1
* texlive-l3build-bin-2021.20210325.svn46894-150400.31.3.1
* libkpathsea6-debuginfo-6.3.3-150400.31.3.1
* texlive-svn-multi-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-mflua-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1
* texlive-dtl-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-mkjobtexmf-bin-2021.20210325.svn8457-150400.31.3.1
* texlive-vlna-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1
* texlive-ps2eps-bin-2021.20210325.svn50281-150400.31.3.1
* texlive-tex-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-pygmentex-bin-2021.20210325.svn34996-150400.31.3.1
* texlive-web-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-thumbpdf-bin-2021.20210325.svn6898-150400.31.3.1
* texlive-jfmutil-bin-2021.20210325.svn44835-150400.31.3.1
* texlive-ctan-o-mat-bin-2021.20210325.svn46996-150400.31.3.1
* texlive-lwarp-bin-2021.20210325.svn43292-150400.31.3.1
* texlive-ptex-fontmaps-bin-2021.20210325.svn44206-150400.31.3.1
* texlive-getmap-bin-2021.20210325.svn34971-150400.31.3.1
* libkpathsea6-6.3.3-150400.31.3.1
* texlive-xml2pmx-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-ps2eps-bin-debuginfo-2021.20210325.svn50281-150400.31.3.1
* texlive-luahbtex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1
* texlive-tex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-kpathsea-devel-6.3.3-150400.31.3.1
* texlive-clojure-pamphlet-bin-2021.20210325.svn51944-150400.31.3.1
* texlive-fig4latex-bin-2021.20210325.svn14752-150400.31.3.1
* texlive-vpe-bin-2021.20210325.svn6897-150400.31.3.1
* texlive-musixtex-bin-2021.20210325.svn37026-150400.31.3.1
* texlive-autosp-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-spix-bin-2021.20210325.svn55933-150400.31.3.1
* texlive-fontools-bin-2021.20210325.svn25997-150400.31.3.1
* texlive-xdvi-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-bibtex8-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-dvipos-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-m-tx-bin-2021.20210325.svn50281-150400.31.3.1
* texlive-latex2nemeth-bin-2021.20210325.svn42300-150400.31.3.1
* texlive-mptopdf-bin-2021.20210325.svn18674-150400.31.3.1
* texlive-pdftex-bin-2021.20210325.svn58535-150400.31.3.1
* texlive-luahbtex-bin-2021.20210325.svn58535-150400.31.3.1
* texlive-rubik-bin-2021.20210325.svn32919-150400.31.3.1
* texlive-xdvi-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-adhocfilelist-bin-2021.20210325.svn28038-150400.31.3.1
* texlive-dtxgen-bin-2021.20210325.svn29031-150400.31.3.1
* texlive-hyperxmp-bin-2021.20210325.svn56984-150400.31.3.1
* texlive-texdirflatten-bin-2021.20210325.svn12782-150400.31.3.1
* texlive-musixtnt-bin-2021.20210325.svn50281-150400.31.3.1
* texlive-dvicopy-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-aleph-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-patgen-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-ptexenc-devel-1.3.9-150400.31.3.1
* texlive-velthuis-bin-2021.20210325.svn50281-150400.31.3.1
* texlive-web-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-texcount-bin-2021.20210325.svn13013-150400.31.3.1
* texlive-texdoc-bin-2021.20210325.svn47948-150400.31.3.1
* texlive-dosepsbin-bin-2021.20210325.svn24759-150400.31.3.1
* texlive-dvipos-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-exceltex-bin-2021.20210325.svn25860-150400.31.3.1
* texlive-lcdftypetools-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-sty2dtx-bin-2021.20210325.svn21215-150400.31.3.1
* texlive-cachepic-bin-2021.20210325.svn15543-150400.31.3.1
* texlive-dviout-util-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-gregoriotex-bin-debuginfo-2021.20210325.svn58378-150400.31.3.1
* texlive-cjkutils-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-dvidvi-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-latex2man-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-pdftosrc-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-dviljk-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-ptex2pdf-bin-2021.20210325.svn29335-150400.31.3.1
* texlive-git-latexdiff-bin-2021.20210325.svn54732-150400.31.3.1
* texlive-gsftopk-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-jadetex-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-kpathsea-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-listbib-bin-2021.20210325.svn26126-150400.31.3.1
* texlive-mltex-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-uptex-bin-2021.20210325.svn58378-150400.31.3.1
* texlive-fragmaster-bin-2021.20210325.svn13663-150400.31.3.1
* texlive-xmltex-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-checkcites-bin-2021.20210325.svn25623-150400.31.3.1
* texlive-dtl-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-mathspic-bin-2021.20210325.svn23661-150400.31.3.1
* texlive-bibtex-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-omegaware-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-pst2pdf-bin-2021.20210325.svn29333-150400.31.3.1
* texlive-cweb-bin-debuginfo-2021.20210325.svn58136-150400.31.3.1
* texlive-eplain-bin-2021.20210325.svn3006-150400.31.3.1
* texlive-cyrillic-bin-bin-2021.20210325.svn53554-150400.31.3.1
* texlive-xml2pmx-bin-2021.20210325.svn57878-150400.31.3.1
* texlive-dvipng-bin-debuginfo-2021.20210325.svn57878-150400.31.3.1
* texlive-perltex-bin-2021.20210325.svn16181-150400.31.3.1
* texlive-dvips-bin-2021.20210325.svn57878-150400.31.3.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* texlive-texluajit-devel-2.1.0beta3-150400.31.3.1
* libtexluajit2-2.1.0beta3-150400.31.3.1
* texlive-luajittex-bin-debuginfo-2021.20210325.svn58535-150400.31.3.1
* libtexluajit2-debuginfo-2.1.0beta3-150400.31.3.1
* openSUSE Leap 15.5 (noarch)
* perl-biber-2021.20210325.svn30357-150400.31.3.1
* texlive-diadia-bin-2021.20210325.svn37645-150400.31.3.1
* texlive-biber-bin-2021.20210325.svn57273-150400.31.3.1
## References:
* https://www.suse.com/security/cve/CVE-2023-32700.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211389
1
0
19 Jul '23
# Security update for curl
Announcement ID: SUSE-SU-2023:2891-1
Rating: moderate
References:
* #1213237
Cross-References:
* CVE-2023-32001
CVSS scores:
* CVE-2023-32001 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for curl fixes the following issues:
* CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2891=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2891=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2891=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-2891=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-2891=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-2891=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-2891=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2891=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2891=1
## Package List:
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl-devel-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* openSUSE Leap 15.4 (x86_64)
* libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1
* libcurl4-32bit-8.0.1-150400.5.26.1
* libcurl-devel-32bit-8.0.1-150400.5.26.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl-devel-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* openSUSE Leap 15.5 (x86_64)
* libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1
* libcurl4-32bit-8.0.1-150400.5.26.1
* libcurl-devel-32bit-8.0.1-150400.5.26.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl-devel-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* Basesystem Module 15-SP4 (x86_64)
* libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1
* libcurl4-32bit-8.0.1-150400.5.26.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* curl-debugsource-8.0.1-150400.5.26.1
* libcurl-devel-8.0.1-150400.5.26.1
* libcurl4-8.0.1-150400.5.26.1
* curl-8.0.1-150400.5.26.1
* curl-debuginfo-8.0.1-150400.5.26.1
* libcurl4-debuginfo-8.0.1-150400.5.26.1
* Basesystem Module 15-SP5 (x86_64)
* libcurl4-32bit-debuginfo-8.0.1-150400.5.26.1
* libcurl4-32bit-8.0.1-150400.5.26.1
## References:
* https://www.suse.com/security/cve/CVE-2023-32001.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213237
1
0
SUSE-SU-2023:2892-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 19 Jul '23
by security@lists.opensuse.org 19 Jul '23
19 Jul '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:2892-1
Rating: important
References:
* #1187829
* #1189998
* #1194869
* #1205758
* #1208410
* #1209039
* #1209780
* #1210335
* #1210565
* #1210584
* #1210853
* #1211014
* #1211346
* #1211400
* #1211410
* #1211794
* #1211852
* #1212051
* #1212265
* #1212350
* #1212405
* #1212445
* #1212448
* #1212456
* #1212494
* #1212495
* #1212504
* #1212513
* #1212540
* #1212556
* #1212561
* #1212563
* #1212564
* #1212584
* #1212592
* #1212603
* #1212605
* #1212606
* #1212619
* #1212685
* #1212701
* #1212741
* #1212835
* #1212838
* #1212842
* #1212848
* #1212861
* #1212869
* #1212892
* #1212961
* #1213010
* #1213011
* #1213012
* #1213013
* #1213014
* #1213015
* #1213016
* #1213017
* #1213018
* #1213019
* #1213020
* #1213021
* #1213024
* #1213025
* #1213032
* #1213034
* #1213035
* #1213036
* #1213037
* #1213038
* #1213039
* #1213040
* #1213041
* #1213087
* #1213088
* #1213089
* #1213090
* #1213092
* #1213093
* #1213094
* #1213095
* #1213096
* #1213098
* #1213099
* #1213100
* #1213102
* #1213103
* #1213104
* #1213105
* #1213106
* #1213107
* #1213108
* #1213109
* #1213110
* #1213111
* #1213112
* #1213113
* #1213114
* #1213116
* #1213134
Cross-References:
* CVE-2023-1249
* CVE-2023-1829
* CVE-2023-2430
* CVE-2023-28866
* CVE-2023-3090
* CVE-2023-3111
* CVE-2023-3212
* CVE-2023-3220
* CVE-2023-3357
* CVE-2023-3358
* CVE-2023-3389
* CVE-2023-35788
* CVE-2023-35823
* CVE-2023-35828
* CVE-2023-35829
CVSS scores:
* CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2430 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-28866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-28866 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3220 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3220 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 15 vulnerabilities, contains one feature and has 85 fixes
can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that
allowed a local user to crash the system (bsc#1209039).
* CVE-2023-1829: Fixed a use-after-free vulnerability in the control index
filter (tcindex) (bsc#1210335).
* CVE-2023-2430: Fixed a possible denial of service via a missing lock in the
io_uring subsystem (bsc#1211014).
* CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c
because amp_init1[] and amp_init2[] are supposed to have an intentionally
invalid element, but did not (bsc#1209780).
* CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver
(bsc#1212842).
* CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate
in fs/btrfs/relocation.c (bsc#1212051).
* CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system
(bsc#1212265).
* CVE-2023-3220: Fixed a NULL pointer dereference flaw in
dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks
check of the return value of kzalloc() (bsc#1212556).
* CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor
Fusion Hub driver (bsc#1212605).
* CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated
Sensor Hub (ISH) driver (bsc#1212606).
* CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring
subsystem (bsc#1212838).
* CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code
via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in
net/sched/cls_flower.c (bsc#1212504).
* CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in
drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
* CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in
drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
* CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in
drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
The following non-security bugs were fixed:
* ACPI: CPPC: Add AMD pstate energy performance preference cppc control
(bsc#1212445).
* ACPI: CPPC: Add auto select register read/write support (bsc#1212445).
* ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
* ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
* ALSA: fireface: make read-only const array for model names static (git-
fixes).
* ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the
ALC256 (git-fixes).
* ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
* ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
* ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
* ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
* ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
* ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
* ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook
(git-fixes).
* ALSA: hda/realtek: Whitespace fix (git-fixes).
* ALSA: hda: LNL: add HD Audio PCI ID (git-fixes).
* ALSA: hda: fix a possible null-pointer dereference due to data race in
snd_hdac_regmap_sync() (git-fixes).
* ALSA: jack: Fix mutex call in snd_jack_report() (git-fixes).
* ALSA: oxfw: make read-only const array models static (git-fixes).
* ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-
fixes).
* ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD
playback (git-fixes).
* ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
* ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
* ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
* ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
* ARM: dts: vexpress: add missing cache properties (git-fixes).
* ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
* ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
* ASoC: es8316: Increment max value for ALC Capture Target Volume control
(git-fixes).
* ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes).
* ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
* ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
* ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes).
* ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
* Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
* Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
* Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-
fixes).
* Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
* Documentation: devlink: add add devlink-selftests to the table of contents
(git-fixes).
* Documentation: devlink: mlx5.rst: Fix htmldoc build warning (git-fixes).
* Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
* Drop a buggy dvb-core fix patch (bsc#1205758)
* Fix documentation of panic_on_warn (git-fixes).
* Get module prefix from kmod (bsc#1212835).
* HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
* HID: wacom: Add error check to wacom_parse_and_register() (git-fixes).
* IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-
fixes)
* IB/isert: Fix dead lock in ib_isert (git-fixes)
* IB/isert: Fix incorrect release of isert connection (git-fixes)
* IB/isert: Fix possible list corruption in CMA handler (git-fixes)
* IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
(git-fixes)
* Input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
* Input: drv260x - fix typo in register value define (git-fixes).
* Input: drv260x - remove unused .reg_defaults (git-fixes).
* Input: drv260x - sleep between polling GO bit (git-fixes).
* Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
* Input: soc_button_array - add invalid acpi_index DMI quirk handling (git-
fixes).
* KVM: arm64: Do not hypercall before EL2 init (git-fixes)
* KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
* KVM: arm64: Save PSTATE early on exit (git-fixes)
* KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
* NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
* NTB: ntb_tool: Add check for devm_kcalloc (git-fixes).
* NTB: ntb_transport: fix possible memory leak while device_register() fails
(git-fixes).
* PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git-
fixes).
* PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
* PCI: Release resource invalidated by coalescing (git-fixes).
* PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
* PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git-
fixes).
* PCI: ftpci100: Release the clock resources (git-fixes).
* PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes).
* PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git-
fixes).
* PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-
fixes).
* PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
* PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-
fixes).
* PCI: rockchip: Set address alignment for endpoint mode (git-fixes).
* PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
* PCI: rockchip: Write PCI Device ID to correct register (git-fixes).
* PCI: vmd: Reset VMD config register between soft reboots (git-fixes).
* PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
* RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-
fixes)
* RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
* RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
* RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
* RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
* RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
* RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
* RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
* RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
* RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
* RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
* RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
* RDMA/mlx5: Create an indirect flow table for steering anchor (git-fixes)
* RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
* RDMA/mlx5: Fix affinity assignment (git-fixes)
* RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
* RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile
(jsc#SLE-19253).
* RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
* RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
* RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
* RDMA/rxe: Fix packet length checks (git-fixes)
* RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
* RDMA/rxe: Fix rxe_cq_post (git-fixes)
* RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
* RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
* RDMA/rxe: Remove the unused variable obj (git-fixes)
* RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
* RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
* RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
* Remove more packaging cruft for SLE < 12 SP3
* Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
* Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
* Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-
fixes).
* Revert "net: phy: dp83867: perform soft reset and retain established link"
(git-fixes).
* SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
* USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-
fixes).
* USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
(git-fixes).
* USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
* USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git-
fixes).
* USB: dwc3: gadget: Reset num TRBs before giving back the request (git-
fixes).
* USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-
fixes).
* USB: dwc3: qcom: Fix potential memory leak (git-fixes).
* USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-
fixes).
* USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
* USB: gadget: u_serial: Add null pointer check in gserial_suspend (git-
fixes).
* USB: gadget: udc: fix NULL dereference in remove() (git-fixes).
* USB: hide unused usbfs_notify_suspend/resume functions (git-fixes).
* USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
* USB: serial: option: add Quectel EM061KGL series (git-fixes).
* USB: typec: ucsi: Fix command cancellation (git-fixes).
* USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
* Update commit 52b1b46c39ae ("of: Create platform devices for OF
framebuffers") (bsc#1212405).
* Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes,
bsc#1210853).
* amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
* apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
* arm64: Add missing Set/Way CMO encodings (git-fixes).
* arm64: Always load shadow stack pointer directly from the task struct (git-
fixes)
* arm64: Stash shadow stack pointer in the task struct on interrupt (git-
fixes)
* arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
* arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
* arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
* arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-
fixes)
* bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
* bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
* bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
(git-fixes).
* bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
* bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-
fixes).
* bonding: Fix negative jump label count on nested bonding (bsc#1212685).
* bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
* bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
* bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
* bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
* bpf: Add extra path pointer check to d_path helper (git-fixes).
* bpf: Fix UAF in task local storage (bsc#1212564).
* bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
* bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
* can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
* can: kvaser_pciefd: Remove handler for unused
KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
* can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
* can: length: fix bitstuffing count (git-fixes).
* can: length: fix description of the RRS field (git-fixes).
* can: length: make header self contained (git-fixes).
* ceph: fix use-after-free bug for inodes when flushing capsnaps
(bsc#1212540).
* cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all()
(bsc#1212563).
* cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
* cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
(bsc#1212563).
* clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
* clk: cdce925: check return value of kasprintf() (git-fixes).
* clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
* clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-
fixes).
* clk: imx: scu: use _safe list iterator to avoid a use after free (git-
fixes).
* clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
* clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-
fixes).
* clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
* clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
* clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
* clk: si5341: free unused memory on probe failure (git-fixes).
* clk: si5341: return error if one synth clock registration fails (git-fixes).
* clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
* clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
* clk: vc5: check memory returned by kasprintf() (git-fixes).
* clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-
fixes).
* crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
* crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
* device-dax: Fix duplicate 'hmem' device registration (bsc#1211400).
* disable two x86 PAT related patches (bsc#1212456).
* docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes).
* docs: networking: Update codeaurora references for rmnet (git-fixes).
* drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
* drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
* drm/amd/display: Add minimal pipe split transition state (git-fixes).
* drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
* drm/amd/display: Explicitly specify update type per plane info change (git-
fixes).
* drm/amd/display: Fix artifacting on eDP panels when engaging freesync video
mode (git-fixes).
* drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
* drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961).
* drm/amd/display: disable seamless boot if force_odm_combine is enabled
(bsc#1212848, bsc#1212961).
* drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-
fixes).
* drm/amd/display: edp do not add non-edid timings (git-fixes).
* drm/amd/display: fix the system hang while disable PSR (git-fixes).
* drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
* drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario
(bsc#1212848, bsc#1212961).
* drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise
issue (bsc#1212848, bsc#1212961).
* drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961).
* drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848,
bsc#1212961).
* drm/amd: Make sure image is written to trigger VBIOS image update flow (git-
fixes).
* drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes).
* drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
* drm/amdgpu: Validate VM ioctl flags (git-fixes).
* drm/amdgpu: add missing radeon secondary PCI ID (git-fixes).
* drm/amdgpu: fix clearing mappings for BOs that are always valid in VM
(bsc#1212848, bsc#1212961).
* drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961).
* drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
* drm/amdkfd: Fix potential deallocation of previously deallocated memory
(git-fixes).
* drm/bridge: tc358768: always enable HS video mode (git-fixes).
* drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
* drm/bridge: tc358768: fix PLL target frequency (git-fixes).
* drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
* drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
* drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes).
* drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
* drm/exynos: vidi: fix a wrong error return (git-fixes).
* drm/i915/gvt: remove unused variable gma_bottom in command parser (git-
fixes).
* drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-
fixes).
* drm/i915/selftests: Add some missing error propagation (git-fixes).
* drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
* drm/i915/selftests: Stop using kthread_stop() (git-fixes).
* drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-
fixes).
* drm/i915: Use 18 fast wake AUX sync len (git-fixes).
* drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
* drm/msm/dp: Free resources after unregistering them (git-fixes).
* drm/msm/dpu: correct MERGE_3D length (git-fixes).
* drm/msm/dpu: do not enable color-management if DSPPs are not available (git-
fixes).
* drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-
fixes).
* drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
* drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
* drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
* drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
* drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-
fixes).
* drm/radeon: fix possible division-by-zero errors (git-fixes).
* drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-
fixes).
* drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
* drm/vram-helper: fix function names in vram helper doc (git-fixes).
* drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-
fixes).
* drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-
fixes).
* dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-
fixes).
* dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible"
conditional schema (git-fixes).
* elf: correct note name comment (git-fixes).
* ext4: Fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
* ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
* ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
(bsc#1213088).
* ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
* ext4: add strict range checks while freeing blocks (bsc#1213089).
* ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
* ext4: block range must be validated before use in ext4_mb_clear_bb()
(bsc#1213090).
* ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
* ext4: disallow ea_inodes with extended attributes (bsc#1213108).
* ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
* ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
* ext4: fix WARNING in mb_find_extent (bsc#1213099).
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
* ext4: fix data races when using cached status extents (bsc#1213102).
* ext4: fix deadlock when converting an inline directory in nojournal mode
(bsc#1213105).
* ext4: fix i_disksize exceeding i_size problem in paritally written case
(bsc#1213015).
* ext4: fix lockdep warning when enabling MMP (bsc#1213100).
* ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
(bsc#1213021).
* ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
(bsc#1213098).
* ext4: improve error handling from ext4_dirhash() (bsc#1213104).
* ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
* ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
* ext4: only update i_reserved_data_blocks on successful block allocation
(bsc#1213019).
* ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
* ext4: refuse to create ea block when umounted (bsc#1213093).
* ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
(bsc#1213107).
* ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
* ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
* ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
* ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
* extcon: Fix kernel doc of property capability fields to avoid warnings (git-
fixes).
* extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
* extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
* extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is
registered (git-fixes).
* extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
* extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-
fixes).
* fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
(git-fixes).
* firmware: stratix10-svc: Fix a potential resource leak in
svc_create_memory_pool() (git-fixes).
* hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
* hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
* hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
* hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134
ltc#202861).
* hvcs: Use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
* hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
* hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
* hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
* hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
* i2c: imx-lpi2c: fix type char overflow issue when calculating the clock
cycle (git-fixes).
* i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
* iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
* ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
* ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
* ice: Do not double unplug aux on peer initiated reset (git-fixes).
* ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
* ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376).
* ice: Fix DSCP PFC TLV creation (git-fixes).
* ice: Fix DSCP PFC TLV creation (jsc#PED-376).
* ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
* ice: Fix ice VF reset during iavf initialization (jsc#PED-376).
* ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376).
* ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-
fixes).
* ice: Fix memory corruption in VF driver (git-fixes).
* ice: Ignore EEXIST when setting promisc mode (git-fixes).
* ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
* ice: Prevent set_channel from changing queues while RDMA active
(jsc#PED-376).
* ice: Reset FDIR counter in FDIR init stage (git-fixes).
* ice: Reset FDIR counter in FDIR init stage (jsc#PED-376).
* ice: add profile conflict check for AVF FDIR (git-fixes).
* ice: add profile conflict check for AVF FDIR (jsc#PED-376).
* ice: block LAN in case of VF to VF offload (git-fixes).
* ice: block LAN in case of VF to VF offload (jsc#PED-376).
* ice: check if VF exists before mode check (jsc#PED-376).
* ice: config netdev tc before setting queues number (git-fixes).
* ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
* ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376).
* ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
* ice: ethtool: advertise 1000M speeds properly (git-fixes).
* ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-
fixes).
* ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg()
(jsc#PED-376).
* ice: fix lost multicast packets in promisc mode (jsc#PED-376).
* ice: fix wrong fallback logic for FDIR (git-fixes).
* ice: fix wrong fallback logic for FDIR (jsc#PED-376).
* ice: handle E822 generic device ID in PLDM header (git-fixes).
* ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
* ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376).
* ice: use bitmap_free instead of devm_kfree (git-fixes).
* ice: xsk: disable txq irq before flushing hw (jsc#PED-376).
* ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
* ieee802154: hwsim: Fix possible memory leaks (git-fixes).
* ifcvf/vDPA: fix misuse virtio-net device config size for blk dev
(jsc#SLE-19253).
* igb: Fix extts capture value format for 82580/i354/i350 (git-fixes).
* igb: fix bit_shift to be in [1..8] range (git-fixes).
* igb: fix nvm.ops.read() error handling (git-fixes).
* igc: Clean the TX buffer and TX descriptor ring (git-fixes).
* igc: Fix possible system crash when loading module (git-fixes).
* iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-
fixes).
* iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
* iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
* iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
* init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
(bsc#1212448).
* init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
* init: Provide arch_cpu_finalize_init() (bsc#1212448).
* init: Remove check_bugs() leftovers (bsc#1212448).
* inotify: Avoid reporting event with invalid wd (bsc#1213025).
* integrity: Fix possible multiple allocation in integrity_inode_get() (git-
fixes).
* io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-
fixes).
* io_uring: do not expose io_fill_cqe_aux() (bsc#1211014).
* io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes).
* io_uring: fix return value when removing provided buffers (git-fixes).
* io_uring: fix size calculation when registering buf ring (git-fixes).
* irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
* irqchip/ftintc010: Mark all function static (git-fixes).
* irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
* jbd2: fix data missing when reusing bh which is ready to be checkpointed
(bsc#1213095).
* jdb2: Do not refuse invalidation of already invalidated buffers
(bsc#1213014).
* kABI workaround for cpp_acpi extensions for EPP (bsc#1212445).
* kernel-docs: Add buildrequires on python3-base when using python3 The
python3 binary is provided by python3-base.
* kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
* kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
* kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
* kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-
fixes).
* kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
* kprobes: Prohibit probes in gate area (git-fixes).
* kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
(git-fixes).
* kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
* lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346,
bsc#1211852).
* lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT
(bsc#1211852).
* lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
* lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
* lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
* lpfc: Enhance congestion statistics collection (bsc#1211852).
* lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port
(bsc#1211852, bsc#1208410, bsc#1211346).
* lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state
(bsc#1211852).
* lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
* mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
* media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
(git-fixes).
* media: cec: core: do not set last_initiator if tx in progress (git-fixes).
* media: cec: i2c: ch7322: also select REGMAP (git-fixes).
* media: i2c: Correct format propagation for st-mipid02 (git-fixes).
* media: usb: Check az6007_read() return value (git-fixes).
* media: usb: siano: Fix warning due to null work_func_t function pointer
(git-fixes).
* media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
* media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
* memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
* meson saradc: fix clock divider mask length (git-fixes).
* mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
* mfd: pm8008: Fix module autoloading (git-fixes).
* mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
* mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
* mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
* mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
* misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
* misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
* misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
* mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
* mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549).
* mlx5: fix skb leak while fifo resync and push (jsc#PED-1549).
* mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
* mm/vmalloc: do not output a spurious warning when huge vmalloc() fails
(bsc#1211410).
* mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
* mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
* mmc: bcm2835: fix deferred probing (git-fixes).
* mmc: meson-gx: remove redundant mmc_request_done() call from irq context
(git-fixes).
* mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
* mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
* mmc: mtk-sd: fix deferred probing (git-fixes).
* mmc: mvsdio: fix deferred probing (git-fixes).
* mmc: omap: fix deferred probing (git-fixes).
* mmc: omap_hsmmc: fix deferred probing (git-fixes).
* mmc: owl: fix deferred probing (git-fixes).
* mmc: sdhci-acpi: fix deferred probing (git-fixes).
* mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
* mmc: sdhci-spear: fix deferred probing (git-fixes).
* mmc: sh_mmcif: fix deferred probing (git-fixes).
* mmc: sunxi: fix deferred probing (git-fixes).
* mmc: usdhi60rol0: fix deferred probing (git-fixes).
* mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
* net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path
(jsc#PED-1549).
* net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path
(jsc#SLE-19253).
* net/mlx5: Allow async trigger completion execution on single CPU systems
(jsc#SLE-19253).
* net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
* net/mlx5: Avoid false positive lockdep warning by adding lock_class_key
(jsc#SLE-19253).
* net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794).
* net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
* net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549).
* net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
* net/mlx5: Bridge, verify LAG state when adding bond to bridge
(jsc#SLE-19253).
* net/mlx5: Collect command failures data only for known commands
(jsc#PED-1549).
* net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE
(jsc#PED-1549).
* net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE
(jsc#SLE-19253).
* net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
(jsc#PED-1549).
* net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
(jsc#SLE-19253).
* net/mlx5: DR, Fix missing flow_source when creating multi-destination FW
table (jsc#SLE-19253).
* net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
(jsc#PED-1549).
* net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
(jsc#SLE-19253).
* net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549).
* net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549).
* net/mlx5: Do not advertise IPsec netdev support for non-IPsec device
(jsc#SLE-19253).
* net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
* net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549).
* net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
* net/mlx5: E-Switch, properly handle ingress tagged packets on VST
(jsc#PED-1549).
* net/mlx5: E-Switch, properly handle ingress tagged packets on VST
(jsc#SLE-19253).
* net/mlx5: E-switch, Create per vport table based on devlink encap mode
(jsc#PED-1549).
* net/mlx5: E-switch, Create per vport table based on devlink encap mode
(jsc#SLE-19253).
* net/mlx5: E-switch, Do not destroy indirect table in split rule
(jsc#PED-1549).
* net/mlx5: E-switch, Do not destroy indirect table in split rule
(jsc#SLE-19253).
* net/mlx5: E-switch, Fix missing set of split_count when forward to ovs
internal port (jsc#PED-1549).
* net/mlx5: E-switch, Fix missing set of split_count when forward to ovs
internal port (jsc#SLE-19253).
* net/mlx5: E-switch, Fix setting of reserved fields on
MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
* net/mlx5: E-switch, Fix setting of reserved fields on
MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
* net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549).
* net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
(jsc#PED-1549).
* net/mlx5: ECPF, wait for VF pages only after disabling host PFs
(jsc#PED-1549).
* net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549).
* net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
* net/mlx5: Expose SF firmware pages counter (jsc#PED-1549).
* net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
* net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549).
* net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
* net/mlx5: Fix command stats access after free (jsc#PED-1549).
* net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
* net/mlx5: Fix error message when failing to allocate device memory
(jsc#PED-1549).
* net/mlx5: Fix error message when failing to allocate device memory
(jsc#SLE-19253).
* net/mlx5: Fix handling of entry refcount when command is not issued to FW
(jsc#SLE-19253).
* net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549).
* net/mlx5: Fix possible use-after-free in async command interface
(jsc#SLE-19253).
* net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549).
* net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
* net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549).
* net/mlx5: Fix steering rules cleanup (jsc#PED-1549).
* net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
* net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
* net/mlx5: Geneve, Fix handling of Geneve object id as error code
(jsc#PED-1549).
* net/mlx5: Geneve, Fix handling of Geneve object id as error code
(jsc#SLE-19253).
* net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549).
* net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
* net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549).
* net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549).
* net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
* net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549).
* net/mlx5: Read the TC mapping of all priorities on ETS query
(jsc#SLE-19253).
* net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
* net/mlx5: SF, Drain health before removing device (jsc#PED-1549).
* net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
* net/mlx5: SF: Fix probing active SFs during driver probe phase
(jsc#SLE-19253).
* net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549).
* net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
* net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549).
* net/mlx5: Store page counters in a single array (jsc#PED-1549).
* net/mlx5: Wait for firmware to enable CRS before pci_restore_state
(jsc#SLE-19253).
* net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
* net/mlx5: check attr pointer validity before dereferencing it
(jsc#PED-1549).
* net/mlx5: check attr pointer validity before dereferencing it
(jsc#SLE-19253).
* net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
* net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work()
(jsc#SLE-19253).
* net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
* net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
(jsc#PED-1549).
* net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers
(jsc#SLE-19253).
* net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549).
* net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
* net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
(jsc#PED-1549).
* net/mlx5: fw_tracer, Zero consumer index when reloading the tracer
(jsc#SLE-19253).
* net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549).
* net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
* net/mlx5e: Avoid false lock dependency warning on tc_ht even more
(jsc#PED-1549).
* net/mlx5e: Avoid false lock dependency warning on tc_ht even more
(jsc#SLE-19253).
* net/mlx5e: Block entering switchdev mode with ns inconsistency
(jsc#PED-1549).
* net/mlx5e: Block entering switchdev mode with ns inconsistency
(jsc#SLE-19253).
* net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549).
* net/mlx5e: Do not attach netdev profile while handling internal error
(jsc#PED-1549).
* net/mlx5e: Do not attach netdev profile while handling internal error
(jsc#SLE-19253).
* net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549).
* net/mlx5e: Do not clone flow post action attributes second time
(jsc#PED-1549).
* net/mlx5e: Do not increment ESN when updating IPsec ESN state
(jsc#SLE-19253).
* net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549).
* net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
* net/mlx5e: E-Switch, Fix comparing termination table instance
(jsc#SLE-19253).
* net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
* net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
(jsc#SLE-19253).
* net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549).
* net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549).
* net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
* net/mlx5e: Fix capability check for updating vnic env counters
(jsc#SLE-19253).
* net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549).
* net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode
(jsc#PED-1549).
* net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549).
* net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549).
* net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
* net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549).
* net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
* net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549).
* net/mlx5e: Fix macsec possible null dereference when updating MAC security
entity (SecY) (jsc#PED-1549).
* net/mlx5e: Fix macsec ssci attribute handling in offload path
(jsc#PED-1549).
* net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
* net/mlx5e: Fix use-after-free when reverting termination table
(jsc#SLE-19253).
* net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
* net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
(jsc#SLE-19253).
* net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent
(jsc#PED-1549).
* net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are
present (jsc#PED-1549).
* net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default
(jsc#PED-1549).
* net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default
(jsc#SLE-19253).
* net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549).
* net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549).
* net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
* net/mlx5e: Initialize link speed to zero (jsc#PED-1549).
* net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
* net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549).
* net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549).
* net/mlx5e: QoS, Fix wrongfully setting parent_element_id on
MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
* net/mlx5e: QoS, Fix wrongfully setting parent_element_id on
MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
* net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk
(jsc#PED-1549).
* net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549).
* net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option
(jsc#PED-1549).
* net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549).
* net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
* net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
* net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549).
* net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
(jsc#PED-1549).
* net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
(jsc#SLE-19253).
* net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549).
* net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549).
* net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549).
* net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
* net/mlx5e: do as little as possible in napi poll when budget is 0
(jsc#PED-1549).
* net/mlx5e: do as little as possible in napi poll when budget is 0
(jsc#SLE-19253).
* net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
* net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
* net/net_failover: fix txq exceeding warning (git-fixes).
* net/sched: fix initialization order when updating chain 0 head (git-fixes).
* net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-
fixes).
* net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
(git-fixes).
* net: ena: Account for the number of processed bytes in XDP (git-fixes).
* net: ena: Do not register memory info on XDP exchange (git-fixes).
* net: ena: Fix rx_copybreak value update (git-fixes).
* net: ena: Fix toeplitz initial hash value (git-fixes).
* net: ena: Set default value for RX interrupt moderation (git-fixes).
* net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
* net: ena: Use bitmask to indicate packet redirection (git-fixes).
* net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
* net: hns3: fix output information incomplete for dumping tx queue info with
debugfs (git-fixes).
* net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
* net: hns3: fix sending pfc frames after reset issue (git-fixes).
* net: hns3: fix tm port shapping of fibre port is incorrect after driver
initialization (git-fixes).
* net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549).
* net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
* net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
* net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
* nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
* nfp: only report pause frame configuration for physical device (git-fixes).
* nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
* nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
(git-fixes).
* nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-
fixes).
* nouveau: fix client work fence deletion race (git-fixes).
* ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
* ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
* nvme-core: fix dev_pm_qos memleak (git-fixes).
* nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
* nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
* nvme-multipath: support io stats on the mpath device (bsc#1210565).
* nvme-pci: add quirk for missing secondary temperature thresholds (git-
fixes).
* nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
* nvme: introduce nvme_start_request (bsc#1210565).
* ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
* ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
* ocfs2: fix non-auto defrag path not working issue (git-fixes).
* octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
* octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
* octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
* octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-
fixes).
* opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
* perf/x86/intel/cstate: Add Emerald Rapids (PED-4396).
* phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git-
fixes).
* phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
* phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
* pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
* pinctrl: cherryview: Return correct value if pin in push-pull mode (git-
fixes).
* pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-
fixes).
* platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
* platform/x86: think-lmi: Correct NVME password handling (git-fixes).
* platform/x86: think-lmi: Correct System password interface (git-fixes).
* platform/x86: think-lmi: mutex protection around multiple WMI calls (git-
fixes).
* platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles
(git-fixes).
* power: supply: Fix logic checking if system is running from battery (git-
fixes).
* power: supply: Ratelimit no data debug output (git-fixes).
* power: supply: ab8500: Fix external_power_changed race (git-fixes).
* power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() +
schedule() (git-fixes).
* power: supply: sc27xx: Fix external_power_changed race (git-fixes).
* powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled
(bsc#1194869).
* powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
(bsc#1194869 bsc#1212701).
* powerpc/purgatory: remove PGO flags (bsc#1194869).
* powerpc/set_memory: Avoid spinlock recursion in change_page_attr()
(bsc#1194869).
* pstore/ram: Add check for kstrdup (git-fixes).
* pwm: ab8500: Fix error code in probe() (git-fixes).
* pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
* pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
* qed/qede: Fix scheduling while atomic (git-fixes).
* radeon: avoid double free in ci_dpm_init() (git-fixes).
* rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
* regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
* regulator: Fix error checking for debugfs_create_dir (git-fixes).
* regulator: core: Fix more error checking for debugfs_create_dir() (git-
fixes).
* regulator: core: Streamline debugfs operations (git-fixes).
* regulator: helper: Document ramp_delay parameter of
regulator_set_ramp_delay_regmap() (git-fixes).
* regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
* rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have
options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
* rtc: efi: Add wakeup support (bsc#1213116).
* rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116).
* rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116).
* rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-
fixes).
* s390/ap: fix memory leak in ap_init_qci_info() (git-fixes).
* s390/dasd: Use correct lock while counting channel queue length (git-fixes
bsc#1212592).
* s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
* s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
* s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-
fixes).
* sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
* sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
* scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-
fixes).
* scsi: stex: Fix gcc 13 warnings (git-fixes).
* selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
* selftests: mptcp: depend on SYN_COOKIES (git-fixes).
* selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
* serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
* serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
* serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
* serial: 8250_omap: Use force_suspend and resume for system suspend (git-
fixes).
* serial: atmel: do not enable IRQs prematurely (git-fixes).
* serial: lantiq: add missing interrupt ack (git-fixes).
* signal/s390: Use force_sigsegv in default_trap_handler (git-fixes
bsc#1212861).
* soc/fsl/qe: fix usb.c build errors (git-fixes).
* soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
* soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
* soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
* spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-
fixes).
* spi: dw: Round of n_bytes to power of 2 (git-fixes).
* spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
* spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
* spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
* spi: tegra210-quad: Fix combined sequence (bsc#1212584)
* spi: tegra210-quad: Fix iterator outside loop (git-fixes).
* spi: tegra210-quad: Multi-cs support (bsc#1212584)
* supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
* task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes).
* task_work: Introduce task_work_pending (git-fixes).
* test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
* test_firmware: prevent race conditions by a correct implementation of
locking (git-fixes).
* test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
(git-fixes).
* thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
(git-fixes).
* thunderbolt: dma_test: Use correct value for absent rings when creating
paths (git-fixes).
* tls: Skip tls_append_frag on zero copy size (git-fixes).
* tools: bpftool: Remove invalid \' json escape (git-fixes).
* tracing/histograms: Allow variables to have some modifiers (git-fixes).
* tracing/probe: trace_probe_primary_from_call(): checked list_first_entry
(git-fixes).
* tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-
fixes).
* tracing: Have event format check not flag %p* on __get_dynamic_array() (git-
fixes, bsc#1212350).
* tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-
fixes).
* tracing: Update print fmt check to handle new __get_sockaddr() macro (git-
fixes, bsc#1212350).
* tty: serial: imx: fix rs485 rx after tx (git-fixes).
* tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in
case of error (git-fixes).
* tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when
iterating clk (git-fixes).
* ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* ubi: ensure that VID header offset + VID header size <= alloc, size
(bsc#1210584).
* udf: Avoid double brelse() in udf_rename() (bsc#1213032).
* udf: Define EFSCORRUPTED error code (bsc#1213038).
* udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
* udf: Discard preallocation before extending file with a hole (bsc#1213036).
* udf: Do not bother looking for prealloc extents if i_lenExtents matches
i_size (bsc#1213035).
* udf: Do not bother merging very long extents (bsc#1213040).
* udf: Do not update file length for failed writes to inline files
(bsc#1213041).
* udf: Fix error handling in udf_new_inode() (bsc#1213112).
* udf: Fix extending file within last block (bsc#1213037).
* udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
* udf: Preserve link count of system files (bsc#1213113).
* udf: Truncate added extents on failed expansion (bsc#1213039).
* usrmerge: Adjust module path in the kernel sources (bsc#1212835).
* vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence
(jsc#PED-1549).
* vDPA: check virtio device features to detect MQ (jsc#PED-1549).
* vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549).
* vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549).
* vdpa/mlx5: Directly assign memory key (jsc#PED-1549).
* vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
* vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549).
* vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
* vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549).
* vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
* vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549).
* vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549).
* vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549).
* vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549).
* vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
* vdpa: Use BIT_ULL for bit operations (jsc#PED-1549).
* vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549).
* vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549).
* vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549).
* vduse: avoid empty string for dev name (jsc#PED-1549).
* vduse: check that offset is within bounds in get_config() (jsc#PED-1549).
* vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549).
* vduse: prevent uninitialized memory accesses (jsc#PED-1549).
* vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549).
* vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549).
* vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549).
* vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549).
* vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549).
* vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
* w1: fix loop in w1_fini() (git-fixes).
* w1: w1_therm: fix locking behavior in convert_t (git-fixes).
* wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
* wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-
fixes).
* wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
* wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
* wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
(git-fixes).
* wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
* wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
* wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
* wifi: iwlwifi: pcie: fix NULL pointer dereference in
iwl_pcie_irq_rx_msix_handler() (git-fixes).
* wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
* wifi: mwifiex: Fix the size of a memory allocation in
mwifiex_ret_802_11_scan() (git-fixes).
* wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
* wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-
fixes).
* wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-
fixes).
* wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
* wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
* writeback: fix call of incorrect macro (bsc#1213024).
* writeback: fix dereferencing NULL mapping->host on writeback_page_template
(git-fixes).
* x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
* x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
* x86/fpu: Mark init functions __init (bsc#1212448).
* x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
(bsc#1212448).
* x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
* x86/init: Initialize signal frame size late (bsc#1212448).
* x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-
fixes).
* x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe
range (git-fixes).
* x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
* x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
* x86/microcode: Print previous version of microcode after reload (git-fixes).
* x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
* x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
* x86/mm: Initialize text poking earlier (bsc#1212448).
* x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
* x86/mm: fix poking_init() for Xen PV guests (git-fixes).
* x86/msr: Add AMD CPPC MSR definitions (bsc#1212445).
* x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
* x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
* x86/xen: fix secondary processor fpu initialization (bsc#1212869).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-2892=1 openSUSE-SLE-15.5-2023-2892=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2892=1
## Package List:
* openSUSE Leap 15.5 (aarch64 x86_64)
* dlm-kmp-azure-debuginfo-5.14.21-150500.33.6.1
* kernel-azure-livepatch-devel-5.14.21-150500.33.6.1
* kernel-azure-devel-5.14.21-150500.33.6.1
* kernel-azure-extra-debuginfo-5.14.21-150500.33.6.1
* kernel-syms-azure-5.14.21-150500.33.6.1
* kselftests-kmp-azure-5.14.21-150500.33.6.1
* cluster-md-kmp-azure-5.14.21-150500.33.6.1
* ocfs2-kmp-azure-5.14.21-150500.33.6.1
* kernel-azure-devel-debuginfo-5.14.21-150500.33.6.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.6.1
* kselftests-kmp-azure-debuginfo-5.14.21-150500.33.6.1
* reiserfs-kmp-azure-5.14.21-150500.33.6.1
* dlm-kmp-azure-5.14.21-150500.33.6.1
* kernel-azure-debuginfo-5.14.21-150500.33.6.1
* gfs2-kmp-azure-debuginfo-5.14.21-150500.33.6.1
* gfs2-kmp-azure-5.14.21-150500.33.6.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.6.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.6.1
* kernel-azure-extra-5.14.21-150500.33.6.1
* kernel-azure-debugsource-5.14.21-150500.33.6.1
* kernel-azure-optional-5.14.21-150500.33.6.1
* kernel-azure-optional-debuginfo-5.14.21-150500.33.6.1
* openSUSE Leap 15.5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.6.1
* openSUSE Leap 15.5 (x86_64)
* kernel-azure-vdso-debuginfo-5.14.21-150500.33.6.1
* kernel-azure-vdso-5.14.21-150500.33.6.1
* openSUSE Leap 15.5 (noarch)
* kernel-devel-azure-5.14.21-150500.33.6.1
* kernel-source-azure-5.14.21-150500.33.6.1
* Public Cloud Module 15-SP5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.6.1
* Public Cloud Module 15-SP5 (aarch64 x86_64)
* kernel-azure-devel-5.14.21-150500.33.6.1
* kernel-azure-debuginfo-5.14.21-150500.33.6.1
* kernel-azure-debugsource-5.14.21-150500.33.6.1
* kernel-syms-azure-5.14.21-150500.33.6.1
* kernel-azure-devel-debuginfo-5.14.21-150500.33.6.1
* Public Cloud Module 15-SP5 (noarch)
* kernel-devel-azure-5.14.21-150500.33.6.1
* kernel-source-azure-5.14.21-150500.33.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-1249.html
* https://www.suse.com/security/cve/CVE-2023-1829.html
* https://www.suse.com/security/cve/CVE-2023-2430.html
* https://www.suse.com/security/cve/CVE-2023-28866.html
* https://www.suse.com/security/cve/CVE-2023-3090.html
* https://www.suse.com/security/cve/CVE-2023-3111.html
* https://www.suse.com/security/cve/CVE-2023-3212.html
* https://www.suse.com/security/cve/CVE-2023-3220.html
* https://www.suse.com/security/cve/CVE-2023-3357.html
* https://www.suse.com/security/cve/CVE-2023-3358.html
* https://www.suse.com/security/cve/CVE-2023-3389.html
* https://www.suse.com/security/cve/CVE-2023-35788.html
* https://www.suse.com/security/cve/CVE-2023-35823.html
* https://www.suse.com/security/cve/CVE-2023-35828.html
* https://www.suse.com/security/cve/CVE-2023-35829.html
* https://bugzilla.suse.com/show_bug.cgi?id=1187829
* https://bugzilla.suse.com/show_bug.cgi?id=1189998
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1205758
* https://bugzilla.suse.com/show_bug.cgi?id=1208410
* https://bugzilla.suse.com/show_bug.cgi?id=1209039
* https://bugzilla.suse.com/show_bug.cgi?id=1209780
* https://bugzilla.suse.com/show_bug.cgi?id=1210335
* https://bugzilla.suse.com/show_bug.cgi?id=1210565
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1211014
* https://bugzilla.suse.com/show_bug.cgi?id=1211346
* https://bugzilla.suse.com/show_bug.cgi?id=1211400
* https://bugzilla.suse.com/show_bug.cgi?id=1211410
* https://bugzilla.suse.com/show_bug.cgi?id=1211794
* https://bugzilla.suse.com/show_bug.cgi?id=1211852
* https://bugzilla.suse.com/show_bug.cgi?id=1212051
* https://bugzilla.suse.com/show_bug.cgi?id=1212265
* https://bugzilla.suse.com/show_bug.cgi?id=1212350
* https://bugzilla.suse.com/show_bug.cgi?id=1212405
* https://bugzilla.suse.com/show_bug.cgi?id=1212445
* https://bugzilla.suse.com/show_bug.cgi?id=1212448
* https://bugzilla.suse.com/show_bug.cgi?id=1212456
* https://bugzilla.suse.com/show_bug.cgi?id=1212494
* https://bugzilla.suse.com/show_bug.cgi?id=1212495
* https://bugzilla.suse.com/show_bug.cgi?id=1212504
* https://bugzilla.suse.com/show_bug.cgi?id=1212513
* https://bugzilla.suse.com/show_bug.cgi?id=1212540
* https://bugzilla.suse.com/show_bug.cgi?id=1212556
* https://bugzilla.suse.com/show_bug.cgi?id=1212561
* https://bugzilla.suse.com/show_bug.cgi?id=1212563
* https://bugzilla.suse.com/show_bug.cgi?id=1212564
* https://bugzilla.suse.com/show_bug.cgi?id=1212584
* https://bugzilla.suse.com/show_bug.cgi?id=1212592
* https://bugzilla.suse.com/show_bug.cgi?id=1212603
* https://bugzilla.suse.com/show_bug.cgi?id=1212605
* https://bugzilla.suse.com/show_bug.cgi?id=1212606
* https://bugzilla.suse.com/show_bug.cgi?id=1212619
* https://bugzilla.suse.com/show_bug.cgi?id=1212685
* https://bugzilla.suse.com/show_bug.cgi?id=1212701
* https://bugzilla.suse.com/show_bug.cgi?id=1212741
* https://bugzilla.suse.com/show_bug.cgi?id=1212835
* https://bugzilla.suse.com/show_bug.cgi?id=1212838
* https://bugzilla.suse.com/show_bug.cgi?id=1212842
* https://bugzilla.suse.com/show_bug.cgi?id=1212848
* https://bugzilla.suse.com/show_bug.cgi?id=1212861
* https://bugzilla.suse.com/show_bug.cgi?id=1212869
* https://bugzilla.suse.com/show_bug.cgi?id=1212892
* https://bugzilla.suse.com/show_bug.cgi?id=1212961
* https://bugzilla.suse.com/show_bug.cgi?id=1213010
* https://bugzilla.suse.com/show_bug.cgi?id=1213011
* https://bugzilla.suse.com/show_bug.cgi?id=1213012
* https://bugzilla.suse.com/show_bug.cgi?id=1213013
* https://bugzilla.suse.com/show_bug.cgi?id=1213014
* https://bugzilla.suse.com/show_bug.cgi?id=1213015
* https://bugzilla.suse.com/show_bug.cgi?id=1213016
* https://bugzilla.suse.com/show_bug.cgi?id=1213017
* https://bugzilla.suse.com/show_bug.cgi?id=1213018
* https://bugzilla.suse.com/show_bug.cgi?id=1213019
* https://bugzilla.suse.com/show_bug.cgi?id=1213020
* https://bugzilla.suse.com/show_bug.cgi?id=1213021
* https://bugzilla.suse.com/show_bug.cgi?id=1213024
* https://bugzilla.suse.com/show_bug.cgi?id=1213025
* https://bugzilla.suse.com/show_bug.cgi?id=1213032
* https://bugzilla.suse.com/show_bug.cgi?id=1213034
* https://bugzilla.suse.com/show_bug.cgi?id=1213035
* https://bugzilla.suse.com/show_bug.cgi?id=1213036
* https://bugzilla.suse.com/show_bug.cgi?id=1213037
* https://bugzilla.suse.com/show_bug.cgi?id=1213038
* https://bugzilla.suse.com/show_bug.cgi?id=1213039
* https://bugzilla.suse.com/show_bug.cgi?id=1213040
* https://bugzilla.suse.com/show_bug.cgi?id=1213041
* https://bugzilla.suse.com/show_bug.cgi?id=1213087
* https://bugzilla.suse.com/show_bug.cgi?id=1213088
* https://bugzilla.suse.com/show_bug.cgi?id=1213089
* https://bugzilla.suse.com/show_bug.cgi?id=1213090
* https://bugzilla.suse.com/show_bug.cgi?id=1213092
* https://bugzilla.suse.com/show_bug.cgi?id=1213093
* https://bugzilla.suse.com/show_bug.cgi?id=1213094
* https://bugzilla.suse.com/show_bug.cgi?id=1213095
* https://bugzilla.suse.com/show_bug.cgi?id=1213096
* https://bugzilla.suse.com/show_bug.cgi?id=1213098
* https://bugzilla.suse.com/show_bug.cgi?id=1213099
* https://bugzilla.suse.com/show_bug.cgi?id=1213100
* https://bugzilla.suse.com/show_bug.cgi?id=1213102
* https://bugzilla.suse.com/show_bug.cgi?id=1213103
* https://bugzilla.suse.com/show_bug.cgi?id=1213104
* https://bugzilla.suse.com/show_bug.cgi?id=1213105
* https://bugzilla.suse.com/show_bug.cgi?id=1213106
* https://bugzilla.suse.com/show_bug.cgi?id=1213107
* https://bugzilla.suse.com/show_bug.cgi?id=1213108
* https://bugzilla.suse.com/show_bug.cgi?id=1213109
* https://bugzilla.suse.com/show_bug.cgi?id=1213110
* https://bugzilla.suse.com/show_bug.cgi?id=1213111
* https://bugzilla.suse.com/show_bug.cgi?id=1213112
* https://bugzilla.suse.com/show_bug.cgi?id=1213113
* https://bugzilla.suse.com/show_bug.cgi?id=1213114
* https://bugzilla.suse.com/show_bug.cgi?id=1213116
* https://bugzilla.suse.com/show_bug.cgi?id=1213134
* https://jira.suse.com/browse/PED-3931
1
0
SUSE-SU-2023:2884-1: important: Security update for python310
by security@lists.opensuse.org 19 Jul '23
by security@lists.opensuse.org 19 Jul '23
19 Jul '23
# Security update for python310
Announcement ID: SUSE-SU-2023:2884-1
Rating: important
References:
* #1203750
* #1208471
* #1211765
Cross-References:
* CVE-2007-4559
* CVE-2023-24329
CVSS scores:
* CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Python 3 Module 15-SP4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves two vulnerabilities and has one fix can now be installed.
## Description:
This update for python310 fixes the following issues:
* Make marshalling of `set` and `frozenset` deterministic (bsc#1211765)
python310 was updated to 3.10.12:
* urllib.parse.urlsplit() now strips leading C0 control and space characters
following the specification for URLs defined by WHATWG in response to
CVE-2023-24329 (bsc#1208471).
* Fixed a security in flaw in uu.decode() that could allow for directory
traversal based on the input if no out_file was specified.
* Do not expose the local on-disk location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
* trace. **main** now uses io.open_code() for files to be executed instead of
raw open().
* CVE-2007-4559: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that allows limiting tar
features than may be surprising or dangerous, such as creating files outside
the destination directory. See Extraction filters for details (fixing
bsc#1203750).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2884=1
* Python 3 Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2884=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2884=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python310-doc-devhelp-3.10.12-150400.4.30.1
* python310-testsuite-3.10.12-150400.4.30.1
* python310-core-debugsource-3.10.12-150400.4.30.1
* python310-debugsource-3.10.12-150400.4.30.1
* python310-testsuite-debuginfo-3.10.12-150400.4.30.1
* python310-devel-3.10.12-150400.4.30.1
* python310-debuginfo-3.10.12-150400.4.30.1
* python310-dbm-3.10.12-150400.4.30.1
* python310-base-debuginfo-3.10.12-150400.4.30.1
* python310-tools-3.10.12-150400.4.30.1
* libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1
* python310-curses-debuginfo-3.10.12-150400.4.30.1
* python310-idle-3.10.12-150400.4.30.1
* python310-3.10.12-150400.4.30.1
* python310-base-3.10.12-150400.4.30.1
* libpython3_10-1_0-3.10.12-150400.4.30.1
* python310-doc-3.10.12-150400.4.30.1
* python310-tk-debuginfo-3.10.12-150400.4.30.1
* python310-dbm-debuginfo-3.10.12-150400.4.30.1
* python310-tk-3.10.12-150400.4.30.1
* python310-curses-3.10.12-150400.4.30.1
* openSUSE Leap 15.5 (x86_64)
* python310-base-32bit-3.10.12-150400.4.30.1
* python310-base-32bit-debuginfo-3.10.12-150400.4.30.1
* libpython3_10-1_0-32bit-3.10.12-150400.4.30.1
* python310-32bit-debuginfo-3.10.12-150400.4.30.1
* libpython3_10-1_0-32bit-debuginfo-3.10.12-150400.4.30.1
* python310-32bit-3.10.12-150400.4.30.1
* Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python310-debuginfo-3.10.12-150400.4.30.1
* libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1
* python310-curses-debuginfo-3.10.12-150400.4.30.1
* python310-curses-3.10.12-150400.4.30.1
* python310-idle-3.10.12-150400.4.30.1
* python310-dbm-3.10.12-150400.4.30.1
* python310-core-debugsource-3.10.12-150400.4.30.1
* python310-3.10.12-150400.4.30.1
* python310-debugsource-3.10.12-150400.4.30.1
* python310-base-debuginfo-3.10.12-150400.4.30.1
* python310-dbm-debuginfo-3.10.12-150400.4.30.1
* python310-tk-debuginfo-3.10.12-150400.4.30.1
* python310-tk-3.10.12-150400.4.30.1
* python310-tools-3.10.12-150400.4.30.1
* python310-base-3.10.12-150400.4.30.1
* libpython3_10-1_0-3.10.12-150400.4.30.1
* python310-devel-3.10.12-150400.4.30.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* python310-doc-devhelp-3.10.12-150400.4.30.1
* python310-testsuite-3.10.12-150400.4.30.1
* python310-core-debugsource-3.10.12-150400.4.30.1
* python310-debugsource-3.10.12-150400.4.30.1
* python310-testsuite-debuginfo-3.10.12-150400.4.30.1
* python310-devel-3.10.12-150400.4.30.1
* python310-debuginfo-3.10.12-150400.4.30.1
* python310-dbm-3.10.12-150400.4.30.1
* python310-base-debuginfo-3.10.12-150400.4.30.1
* python310-tools-3.10.12-150400.4.30.1
* libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1
* python310-curses-debuginfo-3.10.12-150400.4.30.1
* python310-idle-3.10.12-150400.4.30.1
* python310-3.10.12-150400.4.30.1
* python310-base-3.10.12-150400.4.30.1
* libpython3_10-1_0-3.10.12-150400.4.30.1
* python310-doc-3.10.12-150400.4.30.1
* python310-tk-debuginfo-3.10.12-150400.4.30.1
* python310-dbm-debuginfo-3.10.12-150400.4.30.1
* python310-tk-3.10.12-150400.4.30.1
* python310-curses-3.10.12-150400.4.30.1
* openSUSE Leap 15.4 (x86_64)
* python310-base-32bit-3.10.12-150400.4.30.1
* python310-base-32bit-debuginfo-3.10.12-150400.4.30.1
* libpython3_10-1_0-32bit-3.10.12-150400.4.30.1
* python310-32bit-debuginfo-3.10.12-150400.4.30.1
* libpython3_10-1_0-32bit-debuginfo-3.10.12-150400.4.30.1
* python310-32bit-3.10.12-150400.4.30.1
## References:
* https://www.suse.com/security/cve/CVE-2007-4559.html
* https://www.suse.com/security/cve/CVE-2023-24329.html
* https://bugzilla.suse.com/show_bug.cgi?id=1203750
* https://bugzilla.suse.com/show_bug.cgi?id=1208471
* https://bugzilla.suse.com/show_bug.cgi?id=1211765
1
0
SUSE-SU-2023:2886-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE
by security@lists.opensuse.org 19 Jul '23
by security@lists.opensuse.org 19 Jul '23
19 Jul '23
# Security update for MozillaFirefox, MozillaFirefox-branding-SLE
Announcement ID: SUSE-SU-2023:2886-1
Rating: important
References:
* #1212101
* #1212438
Cross-References:
* CVE-2023-3482
* CVE-2023-37201
* CVE-2023-37202
* CVE-2023-37203
* CVE-2023-37204
* CVE-2023-37205
* CVE-2023-37206
* CVE-2023-37207
* CVE-2023-37208
* CVE-2023-37209
* CVE-2023-37210
* CVE-2023-37211
* CVE-2023-37212
CVSS scores:
* CVE-2023-3482 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-37201 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-37202 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-37203 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-37204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2023-37205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2023-37206 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-37207 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2023-37208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-37209 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-37210 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2023-37211 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-37212 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Desktop Applications Module 15-SP4
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 13 vulnerabilities can now be installed.
## Description:
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following
issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
* Required fields are now highlighted in PDF forms.
* Improved performance on high-refresh rate monitors (120Hz+).
* Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and
Arrow keys. View this article for additional details.
* Windows' "Make text bigger" accessibility setting now affects all the UI and
content pages, rather than only applying to system font sizes.
* Non-breaking spaces are now preserved—preventing automatic line breaks—when
copying text from a form control.
* Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on
Linux.
* Fixed an issue in which Firefox startup could be significantly slowed down
by the processing of Web content local storage. This had the greatest impact
on users with platter hard drives and significant local storage.
* Removed a configuration option to allow SHA-1 signatures in certificates:
SHA-1 signatures in certificates—long since determined to no longer be
secure enough—are now not supported.
* Highlight color is preserved correctly after typing `Enter` in the mail
composer of Yahoo Mail and Outlook. After bypassing the https only error
page navigating back would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was visited.
* Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text
contexts, such as input and text area.
* Added an option to print only the current page from the print preview
dialog.
* Swipe to navigate (two fingers on a touchpad swiped left or right to perform
history back or forward) on Windows is now enabled.
* Stability on Windows is significantly improved as Firefox handles low-memory
situations much better.
* Touchpad scrolling on macOS was made more accessible by reducing unintended
diagonal scrolling opposite of the intended scroll axis.
* Firefox is less likely to run out of memory on Linux and performs more
efficiently for the rest of the system when memory runs low.
* It is now possible to edit PDFs: including writing text, drawing, and adding
signatures.
* Setting Firefox as your default browser now also makes it the default PDF
application on Windows systems.
* Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform
history back or forward) now works for Linux users on Wayland.
* Text Recognition in images allows users on macOS 10.15 and higher to extract
text from the selected image (such as a meme or screenshot).
* Firefox View helps you get back to content you previously discovered. A
pinned tab allows you to find and open recently closed tabs on your current
device and access tabs from other devices (via our “Tab Pickup” feature).
* Import maps, which allow web pages to control the behavior of JavaScript
imports, are now enabled by default.
* Processes used for background tabs now use efficiency mode on Windows 11 to
limit resource use.
* The shift+esc keyboard shortcut now opens the Process Manager, offering a
way to quickly identify processes that are using too many resources.
* Firefox now supports properly color correcting images tagged with ICCv4
profiles.
* Support for non-English characters when saving and printing PDF forms.
* The bookmarks toolbar's default "Only show on New Tab" state works correctly
for blank new tabs. As before, you can change the bookmark toolbar's
behavior using the toolbar context menu.
* Manifest Version 3 (MV3) extension support is now enabled by default (MV2
remains enabled/supported). This major update also ushers an exciting user
interface change in the form of the new extensions button.
* The Arbitrary Code Guard exploit protection has been enabled in the media
playback utility processes, improving security for Windows users.
* The native HTML date picker for date and datetime inputs can now be used
with a keyboard alone, improving its accessibility for screen reader users.
Users with limited mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
* Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina
(es-AR) locales now come with a built- in dictionary for the Firefox
spellchecker.
* On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead
of zooming. This avoids accidental zooming and matches the behavior of other
web browsers on macOS.
* It's now possible to import bookmarks, history and passwords not only from
Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi.
* GPU sandboxing has been enabled on Windows.
* On Windows, third-party modules can now be blocked from injecting themselves
into Firefox, which can be helpful if they are causing crashes or other
undesirable behavior.
* Date, time, and datetime-local input fields can now be cleared with
`Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and
`Ctrl+Delete` on Windows and Linux.
* GPU-accelerated Canvas2D is enabled by default on macOS and Linux.
* WebGL performance improvement on Windows, MacOS and Linux.
* Enables overlay of hardware-decoded video with non-Intel GPUs on Windows
10/11, improving video playback performance and video scaling quality.
* Windows native notifications are now enabled.
* Firefox Relay users can now opt-in to create Relay email masks directly from
the Firefox credential manager. You must be signed in with your Firefox
Account.
* We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc).
* Right-clicking on password fields now shows an option to reveal the
password.
* Private windows and ETP set to strict will now include email tracking
protection. This will make it harder for email trackers to learn the
browsing habits of Firefox users. You can check the Tracking Content in the
sub-panel on the shield icon panel.
* The deprecated U2F Javascript API is now disabled by default. The U2F
protocol remains usable through the WebAuthn API. The U2F API can be re-
enabled using the `security.webauth.u2f` preference.
* Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and
effortlessly switch to full-screen mode on the web's most popular video
websites.
* Firefox's address bar is already a great place to search for what you're
looking for. Now you'll always be able to see your web search terms and
refine them while viewing your search's results - no additional scrolling
needed! Also, a new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest entries.
* Private windows now protect users even better by blocking third-party
cookies and storage of content trackers.
* Passwords automatically generated by Firefox now include special characters,
giving users more secure passwords by default.
* Firefox 115 introduces a redesigned accessibility engine which significantly
improves the speed, responsiveness, and stability of Firefox when used with:
* Screen readers, as well as certain other accessibility software;
* East Asian input methods;
* Enterprise single sign-on software; and
* Other applications which use accessibility frameworks to access information.
* Firefox 115 now supports AV1 Image Format files containing animations
(AVIS), improving support for AVIF images across the web.
* The Windows GPU sandbox first shipped in the Firefox 110 release has been
tightened to enhance the security benefits it provides.
* A 13-year-old feature request was fulfilled and Firefox now supports files
being drag-and-dropped directly from Microsoft Outlook. A special thanks to
volunteer contributor Marco Spiess for helping to get this across the finish
line!
* Users on macOS can now access the Services sub-menu directly from Firefox
context menus.
* On Windows, the elastic overscroll effect has been enabled by default. When
two-finger scrolling on the touchpad or scrolling on the touchscreen, you
will now see a bouncing animation when scrolling past the edge of a scroll
container.
* Firefox is now available in the Tajik (tg) language.
* Added UI to manage the DNS over HTTPS exception list.
* Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is
accessible by adding the Bookmarks menu button to the toolbar.
* Restrict searches to your local browsing history by selecting Search history
from the History, Library or Application menu buttons.
* Mac users can now capture video from their cameras in all supported native
resolutions. This enables resolutions higher than 1280x720.
* It is now possible to reorder the extensions listed in the extensions panel.
* Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn
authenticators over USB. Some advanced features, such as fully passwordless
logins, require a PIN to be set on the authenticator.
* Pocket Recommended content can now be seen in France, Italy, and Spain.
* DNS over HTTPS settings are now part of the Privacy & Security section of
the Settings page and allow the user to choose from all the supported modes.
* Migrating from another browser? Now you can bring over payment methods
you've saved in Chrome-based browsers to Firefox.
* Hardware video decoding enabled for Intel GPUs on Linux.
* The Tab Manager dropdown now features close buttons, so you can close tabs
more quickly.
* Windows Magnifier now follows the text cursor correctly when the Firefox
title bar is visible.
* Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions- using-
keyboard?_gl=1 _16it7nj_ _ga _MTEzNjg4MjY5NC4xNjQ1MjAxMDU3_
_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-
slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-
available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-
next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-
firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure-
password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-
performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment
mismatch in SpiderMonkey
* CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local
system files
* CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option
element
* CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL
characters
* CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the
FileSystem API
* CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550,
bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076,
bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed
in Firefox 115
* Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2886=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2886=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2886=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2886=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2886=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2886=1
* SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2886=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2886=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2886=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2886=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2886=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-2886=1
* SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-2886=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2886=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* MozillaFirefox-branding-upstream-115.0-150200.152.93.1
* openSUSE Leap 15.5 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* Desktop Applications Module 15-SP4 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* Desktop Applications Module 15-SP5 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise Real Time 15 SP3 (x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise Real Time 15 SP3 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Enterprise Storage 7.1 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* SUSE Enterprise Storage 7 (aarch64 x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* SUSE Enterprise Storage 7 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-115.0-150200.152.93.1
* MozillaFirefox-translations-common-115.0-150200.152.93.1
* MozillaFirefox-debugsource-115.0-150200.152.93.1
* MozillaFirefox-branding-SLE-115-150200.9.13.1
* MozillaFirefox-debuginfo-115.0-150200.152.93.1
* MozillaFirefox-translations-other-115.0-150200.152.93.1
* MozillaFirefox-branding-upstream-115.0-150200.152.93.1
* openSUSE Leap 15.4 (noarch)
* MozillaFirefox-devel-115.0-150200.152.93.1
## References:
* https://www.suse.com/security/cve/CVE-2023-3482.html
* https://www.suse.com/security/cve/CVE-2023-37201.html
* https://www.suse.com/security/cve/CVE-2023-37202.html
* https://www.suse.com/security/cve/CVE-2023-37203.html
* https://www.suse.com/security/cve/CVE-2023-37204.html
* https://www.suse.com/security/cve/CVE-2023-37205.html
* https://www.suse.com/security/cve/CVE-2023-37206.html
* https://www.suse.com/security/cve/CVE-2023-37207.html
* https://www.suse.com/security/cve/CVE-2023-37208.html
* https://www.suse.com/security/cve/CVE-2023-37209.html
* https://www.suse.com/security/cve/CVE-2023-37210.html
* https://www.suse.com/security/cve/CVE-2023-37211.html
* https://www.suse.com/security/cve/CVE-2023-37212.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212101
* https://bugzilla.suse.com/show_bug.cgi?id=1212438
1
0
SUSE-SU-2023:2233-2: important: Security update for cups-filters
by security@lists.opensuse.org 19 Jul '23
by security@lists.opensuse.org 19 Jul '23
19 Jul '23
# Security update for cups-filters
Announcement ID: SUSE-SU-2023:2233-2
Rating: important
References:
* #1211340
Cross-References:
* CVE-2023-24805
CVSS scores:
* CVE-2023-24805 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-24805 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
An update that solves one vulnerability can now be installed.
## Description:
This update for cups-filters fixes the following issues:
* CVE-2023-24805: Fixed a remote code execution in the beh backend
(bsc#1211340).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-2233=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* cups-filters-debugsource-1.25.0-150200.3.6.1
* cups-filters-1.25.0-150200.3.6.1
* cups-filters-devel-1.25.0-150200.3.6.1
* cups-filters-debuginfo-1.25.0-150200.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-24805.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211340
1
0