openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2023
- 3 participants
- 127 discussions
openSUSE-SU-2023:0209-1: moderate: Security update for trytond
by opensuse-security@opensuse.org 06 Aug '23
by opensuse-security@opensuse.org 06 Aug '23
06 Aug '23
openSUSE Security Update: Security update for trytond
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0209-1
Rating: moderate
References: #1213869
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for trytond fixes the following issues:
- Version 6.0.34 - Security Bugfix Release
See https://discuss.tryton.org/t/security-release-for-issue-12428/6397
- Version 6.0.33 - Bugfix Release
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-209=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
trytond-6.0.34-bp155.2.6.1
References:
https://bugzilla.suse.com/1213869
1
0
openSUSE-SU-2023:0206-1: moderate: Security update for amanda
by opensuse-security@opensuse.org 04 Aug '23
by opensuse-security@opensuse.org 04 Aug '23
04 Aug '23
openSUSE Security Update: Security update for amanda
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0206-1
Rating: moderate
References: #1213701
Cross-References: CVE-2023-30577
CVSS scores:
CVE-2023-30577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for amanda fixes the following issues:
- CVE-2023-30577: Fixed improper argument checking for runtar.c
[boo#1213701],
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-206=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
amanda-3.5.1-bp154.3.6.1
References:
https://www.suse.com/security/cve/CVE-2023-30577.html
https://bugzilla.suse.com/1213701
1
0
openSUSE-SU-2023:0205-1: moderate: Security update for amanda
by opensuse-security@opensuse.org 04 Aug '23
by opensuse-security@opensuse.org 04 Aug '23
04 Aug '23
openSUSE Security Update: Security update for amanda
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0205-1
Rating: moderate
References: #1213701
Cross-References: CVE-2023-30577
CVSS scores:
CVE-2023-30577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for amanda fixes the following issues:
- CVE-2023-30577: Fixed improper argument checking for runtar.c
[boo#1213701]
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-205=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):
amanda-3.5.2-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-30577.html
https://bugzilla.suse.com/1213701
1
0
04 Aug '23
# Security update for xtrans
Announcement ID: SUSE-SU-2023:3190-1
Rating: low
References:
* #1178613
Cross-References:
* CVE-2020-25697
CVSS scores:
* CVE-2020-25697 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2020-25697 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for xtrans fixes the following issues:
* CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the
client side (bsc#1178613).
## Patch Instructions:
To install this SUSE Low update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3190=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3190=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3190=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3190=1
* SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3190=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* xtrans-1.3.5-150000.3.3.1
* openSUSE Leap 15.5 (noarch)
* xtrans-1.3.5-150000.3.3.1
* Basesystem Module 15-SP4 (noarch)
* xtrans-1.3.5-150000.3.3.1
* Basesystem Module 15-SP5 (noarch)
* xtrans-1.3.5-150000.3.3.1
* SUSE Linux Enterprise Real Time 15 SP3 (noarch)
* xtrans-1.3.5-150000.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2020-25697.html
* https://bugzilla.suse.com/show_bug.cgi?id=1178613
1
0
SUSE-SU-2023:3180-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 03 Aug '23
by security@lists.opensuse.org 03 Aug '23
03 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3180-1
Rating: important
References:
* #1150305
* #1193629
* #1194869
* #1207894
* #1208788
* #1211243
* #1211867
* #1212256
* #1212301
* #1212525
* #1212846
* #1212905
* #1213059
* #1213061
* #1213205
* #1213206
* #1213226
* #1213233
* #1213245
* #1213247
* #1213252
* #1213258
* #1213259
* #1213263
* #1213264
* #1213286
* #1213311
* #1213493
* #1213523
* #1213524
* #1213533
* #1213543
* #1213705
Cross-References:
* CVE-2023-20593
* CVE-2023-2985
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3812
CVSS scores:
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves seven vulnerabilities, contains two features and has 26
fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
The following non-security bugs were fixed:
* Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758).
* Support sub-NUMA clustering on UV (jsc#PED-4718).
* Fixed multipath not supported error (bsc#1213311).
* Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-
fixes)
* Revert "drm/i915: Disable DSB usage for now" (git-fixes).
* acpi: Fix suspend with Xen PV (git-fixes).
* adreno: Shutdown the GPU properly (git-fixes).
* arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
* arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-
fixes)
* arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
* arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
* asoc: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-
fixes).
* asoc: SOF: topology: Fix logic for copying tuples (git-fixes).
* bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-
fixes).
* bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes).
* bluetooth: ISO: fix iso_conn related locking and validity issues (git-
fixes).
* bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes).
* bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
* bluetooth: fix use-bdaddr-property quirk (git-fixes).
* bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
* bluetooth: hci_event: call disconnect callback before deleting conn (git-
fixes).
* bluetooth: hci_sync: Avoid use-after-free in dbg for
hci_remove_adv_monitor() (git-fixes).
* bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-
fixes).
* can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
* ceph: add a dedicated private data for netfs rreq (bsc#1213205).
* ceph: fix blindly expanding the readahead windows (bsc#1213206).
* cifs: add a warning when the in-flight count goes negative (bsc#1193629).
* cifs: address unused variable warning (bsc#1193629).
* cifs: do all necessary checks for credits within or before locking
(bsc#1193629).
* cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
* cifs: fix max_credits implementation (bsc#1193629).
* cifs: fix session state check in reconnect to avoid use-after-free issue
(bsc#1193629).
* cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
* cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
* cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
* cifs: fix status checks in cifs_tree_connect (bsc#1193629).
* cifs: log session id when a matching ses is not found (bsc#1193629).
* cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
* cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
* cifs: print all credit counters in DebugData (bsc#1193629).
* cifs: print client_guid in DebugData (bsc#1193629).
* cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
* cifs: print nosharesock value while dumping mount options (bsc#1193629).
* codel: fix kernel-doc notation warnings (git-fixes).
* cpufreq: tegra194: Fix module loading (git-fixes).
* devlink: fix kernel-doc notation warnings (git-fixes).
* dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes).
* drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
* drm/amd/amdgpu: limit one queue per gang (git-fixes).
* drm/amd/amdgpu: update mes11 api def (git-fixes).
* drm/amd/display (gcc13): fix enum mismatch (git-fixes).
* drm/amd/display: Add Z8 allow states to z-state support list (git-fixes).
* drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes).
* drm/amd/display: Add minimum Z8 residency debug option (git-fixes).
* drm/amd/display: Add missing WA and MCLK validation (git-fixes).
* drm/amd/display: Change default Z8 watermark values (git-fixes).
* drm/amd/display: Correct DML calculation to align HW formula (git-fixes).
* drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes).
* drm/amd/display: Do not update DRR while BW optimizations pending (git-
fixes).
* drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes).
* drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes).
* drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes).
* drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes).
* drm/amd/display: Fix Z8 support configurations (git-fixes).
* drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes).
* drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
* drm/amd/display: Have Payload Properly Created After Resume (git-fixes).
* drm/amd/display: Lowering min Z8 residency time (git-fixes).
* drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes).
* drm/amd/display: Refactor eDP PSR codes (git-fixes).
* drm/amd/display: Remove FPU guards from the DML folder (git-fixes).
* drm/amd/display: Remove optimization for VRR updates (git-fixes).
* drm/amd/display: Remove stutter only configurations (git-fixes).
* drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes).
* drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes).
* drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes).
* drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
* drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes).
* drm/amd/display: fix a divided-by-zero error (git-fixes).
* drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
* drm/amd/display: limit timing for single dimm memory (git-fixes).
* drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
* drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
* drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7
(git-fixes).
* drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes).
* drm/amd/pm: conditionally disable pcie lane switching for some
sienna_cichlid SKUs (git-fixes).
* drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-
fixes).
* drm/amd/pm: resolve reboot exception for si oland (git-fixes).
* drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes).
* drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes).
* drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
* drm/amd: Add a new helper for loading/validating microcode (git-fixes).
* drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes).
* drm/amd: Load MES microcode during early_init (git-fixes).
* drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes).
* drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-
fixes).
* drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
* drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
* drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
* drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes).
* drm/amdgpu/mes11: enable reg active poll (git-fixes).
* drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes).
* drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-
fixes).
* drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes).
* drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes).
* drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function
(git-fixes).
* drm/amdgpu: Fix sdma v4 sw fini error (git-fixes).
* drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes).
* drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-
fixes).
* drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
* drm/amdgpu: change reserved vram info print (git-fixes).
* drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes).
* drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes).
* drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
* drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
* drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
* drm/amdgpu: refine get gpu clock counter method (git-fixes).
* drm/amdgpu: remove deprecated MES version vars (git-fixes).
* drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
* drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes).
* drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
* drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes).
* drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes).
* drm/bridge: anx7625: Prevent endless probe loop (git-fixes).
* drm/bridge: it6505: Move a variable assignment behind a null pointer check
in receive_timing_debugfs_show() (git-fixes).
* drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes).
* drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
* drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes).
* drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
* drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes).
* drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes).
* drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes).
* drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes).
* drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes).
* drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
* drm/etnaviv: reap idle mapping if it does not match the softpin address
(git-fixes).
* drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs
(bsc#1213493).
* drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
* drm/i915/gt: Cleanup partial engine discovery failures (git-fixes).
* drm/i915/guc: Add error-capture init warnings when needed (git-fixes).
* drm/i915/guc: Fix missing ecodes (git-fixes).
* drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes).
* drm/i915/guc: Rename GuC register state capture node to be more obvious
(git-fixes).
* drm/i915/mtl: update scaler source and destination limits for MTL (git-
fixes).
* drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-
fixes).
* drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-
fixes).
* drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-
fixes).
* drm/i915: Allow panel fixed modes to have differing sync polarities (git-
fixes).
* drm/i915: Check pipe source size when using skl+ scalers (git-fixes).
* drm/i915: Do panel VBT init early if the VBT declares an explicit panel type
(git-fixes).
* drm/i915: Fix TypeC mode initialization during system resume (git-fixes).
* drm/i915: Fix a memory leak with reused mmap_offset (git-fixes).
* drm/i915: Fix negative value passed as remaining time (git-fixes).
* drm/i915: Fix one wrong caching mode enum usage (git-fixes).
* drm/i915: Introduce intel_panel_init_alloc() (git-fixes).
* drm/i915: Never return 0 if not all requests retired (git-fixes).
* drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes).
* drm/i915: Print return value on error (git-fixes).
* drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes).
* drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
* drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes).
* drm/msm/adreno: Simplify read64/write64 helpers (git-fixes).
* drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes).
* drm/msm/dpu: Assign missing writeback log_mask (git-fixes).
* drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
* drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
* drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-
fixes).
* drm/msm/hdmi: use devres helper for runtime PM management (git-fixes).
* drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-
fixes).
* drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-
fixes).
* drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
* drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
* drm/ttm: Do not leak a resource on swapout move error (git-fixes).
* drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes).
* drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-
fixes).
* drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable
implementation (git-fixes).
* drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable
implementation (git-fixes).
* drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable
(git-fixes).
* drm/vmwgfx: Remove ttm object hashtable (git-fixes).
* drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes).
* drm/vmwgfx: Write the driver id registers (git-fixes).
* drm: Add fixed-point helper to get rounded integer values (git-fixes).
* drm: Add missing DP DSC extended capability definitions (git-fixes).
* drm: Optimize drm buddy top-down allocation method (git-fixes).
* drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-
fixes).
* drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes).
* drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes).
* drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes).
* drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
* fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
* fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
* i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226).
* irqchip/gic-v3: Claim iomem resources (bsc#1213533)
* irqchip/gicv3: Handle resource request failure consistently (bsc#1213533)
* irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533)
* kABI: do not check external trampolines for signature (kabi bsc#1207894
bsc#1211243).
* kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators
are directly tied to the architecture, there is no reason to have out-of-
tree production drivers
* kabi/severities: ignore kABI of i915 module It's exported only for its sub-
module, not really used by externals
* kabi/severities: ignore kABI of vmwgfx The driver exports a function
unnecessarily without used by anyone else. Ignore the kABI changes.
* memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
* net: mana: Add support for vlan tagging (bsc#1212301).
* net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
* net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-
fixes).
* net: qrtr: start MHI channel after endpoit creation (git-fixes).
* nilfs2: reject devices with insufficient block count (git-fixes).
* ocfs2: Switch to security_inode_init_security() (git-fixes).
* ocfs2: check new file size on fallocate call (git-fixes).
* ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
* pci: s390: Fix use-after-free of PCI resources with per-function hotplug
(bsc#1212525).
* pci: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-
fixes).
* perf/x86/amd/core: Always clear status for idx (bsc#1213233).
* pie: fix kernel-doc notation warning (git-fixes).
* powerpc/64: Only WARN if __pa()/__va() called with bad addresses
(bsc#1194869).
* powerpc/64s: Fix VAS mm use after free (bsc#1194869).
* powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
* powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
* powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
(bsc#1194869).
* powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare()
(bsc#1194869).
* powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
boundary (bsc#1150305 ltc#176097 git-fixes).
* powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
* powerpc/powernv/sriov: perform null check on iov before dereferencing iov
(bsc#1194869).
* powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
(bsc#1194869).
* powerpc/prom_init: Fix kernel config grep (bsc#1194869).
* powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close
(jsc#PED-542 git-fixes).
* powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
* powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
* powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
* powerpc: define get_cycles macro for arch-override (bsc#1194869).
* powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
* rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME
They depend on CONFIG_TOOLCHAIN_HAS__.
* rsi: remove kernel-doc comment marker (git-fixes).
* s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
* s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
* s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
* s390/pci: clean up left over special treatment for function zero
(bsc#1212525).
* s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
* s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
* s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes
bsc#1213252).
* s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
(git-fixes bsc#1213264).
* s390: discard .interp section (git-fixes bsc#1213247).
* security: keys: Modify mismatched function name (git-fixes).
* selftests/ir: fix build with ancient kernel headers (git-fixes).
* selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
* selftests: forwarding: Fix packet matching in mirroring selftests (git-
fixes).
* selftests: tc: add 'ct' action kconfig dep (git-fixes).
* selftests: tc: add ConnTrack procfs kconfig (git-fixes).
* selftests: tc: set timeout to 15 minutes (git-fixes).
* signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
* signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
(bsc#1194869).
* smb3: do not reserve too many oplock credits (bsc#1193629).
* smb3: missing null check in SMB2_change_notify (bsc#1193629).
* smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
* smb: client: fix missed ses refcounting (git-fixes).
* smb: client: fix parsing of source mount option (bsc#1193629).
* smb: client: fix shared DFS root mounts with different prefixes
(bsc#1193629).
* smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
* smb: client: fix warning in CIFSFindNext() (bsc#1193629).
* smb: client: fix warning in cifs_match_super() (bsc#1193629).
* smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
* smb: client: fix warning in generic_ip_connect() (bsc#1193629).
* smb: client: improve DFS mount check (bsc#1193629).
* smb: client: remove redundant pointer 'server' (bsc#1193629).
* smb: delete an unnecessary statement (bsc#1193629).
* smb: move client and server files to common directory fs/smb (bsc#1193629).
* smb: remove obsolete comment (bsc#1193629).
* soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes).
* soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes).
* soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes).
* spi: bcm63xx: fix max prepend length (git-fixes).
* swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes).
* tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
fixes).
* usb: dwc2: Fix some error handling paths (git-fixes).
* usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
* usb: typec: Fix fast_role_swap_current show function (git-fixes).
* usb: typec: Fix fast_role_swap_current show function (git-fixes).
* wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
* wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware
restart (git-fixes).
* wifi: ath11k: Add missing check for ioremap (git-fixes).
* wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
fixes).
* x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes).
* x86/platform/uv: Add platform resolving #defines for misc
GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718).
* x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256
jsc#PED-4718).
* x86/platform/uv: Helper functions for allocating and freeing conversion
tables (bsc#1212256 jsc#PED-4718).
* x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256
jsc#PED-4718).
* x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256
jsc#PED-4718).
* x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256
jsc#PED-4718).
* x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718).
* x86/platform/uv: When searching for minimums, start at INT_MAX not 99999
(bsc#1212256 jsc#PED-4718).
* x86: Fix .brk attribute in linker script (git-fixes).
* xfs: clean up the rtbitmap fsmap backend (git-fixes).
* xfs: do not deplete the reserve pool when trying to shrink the fs (git-
fixes).
* xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
* xfs: fix getfsmap reporting past the last rt extent (git-fixes).
* xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
fixes).
* xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
* xfs: fix logdev fsmap query result filtering (git-fixes).
* xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
* xfs: fix uninitialized variable access (git-fixes).
* xfs: make fsmap backend function key parameters const (git-fixes).
* xfs: make the record pointer passed to query_range functions const (git-
fixes).
* xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-3180=1 openSUSE-SLE-15.5-2023-3180=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-3180=1
## Package List:
* openSUSE Leap 15.5 (aarch64 x86_64)
* kernel-syms-azure-5.14.21-150500.33.11.1
* kernel-azure-debuginfo-5.14.21-150500.33.11.1
* dlm-kmp-azure-debuginfo-5.14.21-150500.33.11.1
* kselftests-kmp-azure-5.14.21-150500.33.11.1
* ocfs2-kmp-azure-5.14.21-150500.33.11.1
* kernel-azure-devel-5.14.21-150500.33.11.1
* kernel-azure-livepatch-devel-5.14.21-150500.33.11.1
* gfs2-kmp-azure-5.14.21-150500.33.11.1
* kernel-azure-debugsource-5.14.21-150500.33.11.1
* reiserfs-kmp-azure-5.14.21-150500.33.11.1
* kernel-azure-optional-5.14.21-150500.33.11.1
* dlm-kmp-azure-5.14.21-150500.33.11.1
* gfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1
* cluster-md-kmp-azure-5.14.21-150500.33.11.1
* kernel-azure-optional-debuginfo-5.14.21-150500.33.11.1
* kernel-azure-extra-5.14.21-150500.33.11.1
* kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.11.1
* kernel-azure-extra-debuginfo-5.14.21-150500.33.11.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.11.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.11.1
* kselftests-kmp-azure-debuginfo-5.14.21-150500.33.11.1
* openSUSE Leap 15.5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.11.1
* openSUSE Leap 15.5 (x86_64)
* kernel-azure-vdso-5.14.21-150500.33.11.1
* kernel-azure-vdso-debuginfo-5.14.21-150500.33.11.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-azure-5.14.21-150500.33.11.1
* kernel-devel-azure-5.14.21-150500.33.11.1
* Public Cloud Module 15-SP5 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150500.33.11.1
* Public Cloud Module 15-SP5 (aarch64 x86_64)
* kernel-azure-devel-debuginfo-5.14.21-150500.33.11.1
* kernel-syms-azure-5.14.21-150500.33.11.1
* kernel-azure-debuginfo-5.14.21-150500.33.11.1
* kernel-azure-devel-5.14.21-150500.33.11.1
* kernel-azure-debugsource-5.14.21-150500.33.11.1
* Public Cloud Module 15-SP5 (noarch)
* kernel-source-azure-5.14.21-150500.33.11.1
* kernel-devel-azure-5.14.21-150500.33.11.1
## References:
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://bugzilla.suse.com/show_bug.cgi?id=1150305
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1207894
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1211243
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212256
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212525
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1212905
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213205
* https://bugzilla.suse.com/show_bug.cgi?id=1213206
* https://bugzilla.suse.com/show_bug.cgi?id=1213226
* https://bugzilla.suse.com/show_bug.cgi?id=1213233
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213247
* https://bugzilla.suse.com/show_bug.cgi?id=1213252
* https://bugzilla.suse.com/show_bug.cgi?id=1213258
* https://bugzilla.suse.com/show_bug.cgi?id=1213259
* https://bugzilla.suse.com/show_bug.cgi?id=1213263
* https://bugzilla.suse.com/show_bug.cgi?id=1213264
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213311
* https://bugzilla.suse.com/show_bug.cgi?id=1213493
* https://bugzilla.suse.com/show_bug.cgi?id=1213523
* https://bugzilla.suse.com/show_bug.cgi?id=1213524
* https://bugzilla.suse.com/show_bug.cgi?id=1213533
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://jira.suse.com/browse/PED-4718
* https://jira.suse.com/browse/PED-4758
1
0
SUSE-SU-2023:3181-1: important: Security update for go1.20
by security@lists.opensuse.org 03 Aug '23
by security@lists.opensuse.org 03 Aug '23
03 Aug '23
# Security update for go1.20
Announcement ID: SUSE-SU-2023:3181-1
Rating: important
References:
* #1206346
* #1213880
Cross-References:
* CVE-2023-29409
CVSS scores:
* CVE-2023-29409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability and has one fix can now be installed.
## Description:
This update for go1.20 fixes the following issues:
* Update to go v1.20.7 (released 2023-08-01) (bsc#1206346)
* CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to
8192 bits to avoid DoSing client/server while validating signatures for
extremely large RSA keys. (bsc#1213880)
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3181=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3181=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3181=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3181=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.20-1.20.7-150000.1.20.1
* go1.20-doc-1.20.7-150000.1.20.1
* go1.20-race-1.20.7-150000.1.20.1
* go1.20-debuginfo-1.20.7-150000.1.20.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.20-1.20.7-150000.1.20.1
* go1.20-doc-1.20.7-150000.1.20.1
* Development Tools Module 15-SP4 (aarch64 x86_64)
* go1.20-race-1.20.7-150000.1.20.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.20-1.20.7-150000.1.20.1
* go1.20-doc-1.20.7-150000.1.20.1
* go1.20-race-1.20.7-150000.1.20.1
* go1.20-debuginfo-1.20.7-150000.1.20.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.20-1.20.7-150000.1.20.1
* go1.20-doc-1.20.7-150000.1.20.1
* go1.20-race-1.20.7-150000.1.20.1
* go1.20-debuginfo-1.20.7-150000.1.20.1
## References:
* https://www.suse.com/security/cve/CVE-2023-29409.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206346
* https://bugzilla.suse.com/show_bug.cgi?id=1213880
1
0
SUSE-SU-2023:3182-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 03 Aug '23
by security@lists.opensuse.org 03 Aug '23
03 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3182-1
Rating: important
References:
* #1150305
* #1193629
* #1194869
* #1207894
* #1208788
* #1210565
* #1210584
* #1210853
* #1211243
* #1211811
* #1211867
* #1212301
* #1212846
* #1212905
* #1213010
* #1213011
* #1213012
* #1213013
* #1213014
* #1213015
* #1213016
* #1213017
* #1213018
* #1213019
* #1213020
* #1213021
* #1213024
* #1213025
* #1213032
* #1213034
* #1213035
* #1213036
* #1213037
* #1213038
* #1213039
* #1213040
* #1213041
* #1213059
* #1213061
* #1213087
* #1213088
* #1213089
* #1213090
* #1213092
* #1213093
* #1213094
* #1213095
* #1213096
* #1213098
* #1213099
* #1213100
* #1213102
* #1213103
* #1213104
* #1213105
* #1213106
* #1213107
* #1213108
* #1213109
* #1213110
* #1213111
* #1213112
* #1213113
* #1213114
* #1213134
* #1213245
* #1213247
* #1213252
* #1213258
* #1213259
* #1213263
* #1213264
* #1213286
* #1213523
* #1213524
* #1213543
* #1213585
* #1213586
* #1213705
Cross-References:
* CVE-2023-20593
* CVE-2023-2985
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3812
CVSS scores:
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves nine vulnerabilities, contains one feature and has 70
fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3609: Fixed an use-after-free vulnerability in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write vulnerability in net/sched
(bsc#1213585).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
The following non-security bugs were fixed:
* Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
* Drop patch that caused issues with k3s (bsc#1213705).
* Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
* Fix documentation of panic_on_warn (git-fixes).
* Fixed launch issue on 15-SP5 (git-fixes, bsc#1210853).
* Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-
fixes)
* Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
* acpi: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* alsa: fireface: make read-only const array for model names static (git-
fixes).
* alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
* alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
* alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
* alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
* alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
* alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
* alsa: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
* alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
* alsa: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
* alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
* alsa: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
* alsa: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
* alsa: hda/realtek: Whitespace fix (git-fixes).
* alsa: hda: fix a possible null-pointer dereference due to data race in
snd_hdac_regmap_sync() (git-fixes).
* alsa: oxfw: make read-only const array models static (git-fixes).
* alsa: pcm: Fix potential data race at PCM memory allocation helpers (git-
fixes).
* apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
* arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
* arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-
fixes)
* arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
* arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
* asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
* asoc: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
* asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* asoc: tegra: Fix ADX byte map (git-fixes).
* asoc: tegra: Fix AMX byte map (git-fixes).
* can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
* cifs: add a warning when the in-flight count goes negative (bsc#1193629).
* cifs: address unused variable warning (bsc#1193629).
* cifs: do all necessary checks for credits within or before locking
(bsc#1193629).
* cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
* cifs: fix max_credits implementation (bsc#1193629).
* cifs: fix session state check in reconnect to avoid use-after-free issue
(bsc#1193629).
* cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
* cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
* cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
* cifs: fix status checks in cifs_tree_connect (bsc#1193629).
* cifs: log session id when a matching ses is not found (bsc#1193629).
* cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
* cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
* cifs: print all credit counters in DebugData (bsc#1193629).
* cifs: print client_guid in DebugData (bsc#1193629).
* cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
* cifs: print nosharesock value while dumping mount options (bsc#1193629).
* clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-
fixes).
* clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
* codel: fix kernel-doc notation warnings (git-fixes).
* crypto: kpp - Add helper to set reqsize (git-fixes).
* crypto: qat - Use helper to set reqsize (git-fixes).
* devlink: fix kernel-doc notation warnings (git-fixes).
* docs: networking: Update codeaurora references for rmnet (git-fixes).
* documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
* documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
* drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
* drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
* drm/amdgpu: Validate VM ioctl flags (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-
fixes).
* drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes).
* drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
* drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
* drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-
fixes).
* drm/i915: Fix one wrong caching mode enum usage (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
* drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-
fixes).
* drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
* drm/ttm: Do not leak a resource on swapout move error (git-fixes).
* dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible"
conditional schema (git-fixes).
* ext4: Fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
* ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
* ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
(bsc#1213088).
* ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
* ext4: add strict range checks while freeing blocks (bsc#1213089).
* ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
* ext4: block range must be validated before use in ext4_mb_clear_bb()
(bsc#1213090).
* ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
* ext4: disallow ea_inodes with extended attributes (bsc#1213108).
* ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
* ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
* ext4: fix WARNING in mb_find_extent (bsc#1213099).
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
* ext4: fix data races when using cached status extents (bsc#1213102).
* ext4: fix deadlock when converting an inline directory in nojournal mode
(bsc#1213105).
* ext4: fix i_disksize exceeding i_size problem in paritally written case
(bsc#1213015).
* ext4: fix lockdep warning when enabling MMP (bsc#1213100).
* ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
(bsc#1213021).
* ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
(bsc#1213098).
* ext4: improve error handling from ext4_dirhash() (bsc#1213104).
* ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
* ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
* ext4: only update i_reserved_data_blocks on successful block allocation
(bsc#1213019).
* ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
* ext4: refuse to create ea block when umounted (bsc#1213093).
* ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
(bsc#1213107).
* ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
* ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
* ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
* ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
* fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
* fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
* hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
* hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
* hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
* hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134
ltc#202861).
* hvcs: Use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
* hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
* hwmon: (adm1275) Allow setting sample averaging (git-fixes).
* hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
(git-fixes).
* i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: Do not try to handle more interrupt events after error (git-
fixes).
* ib/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
* inotify: Avoid reporting event with invalid wd (bsc#1213025).
* jbd2: fix data missing when reusing bh which is ready to be checkpointed
(bsc#1213095).
* jdb2: Do not refuse invalidation of already invalidated buffers
(bsc#1213014).
* kABI: do not check external trampolines for signature (kabi bsc#1207894
bsc#1211243).
* kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators
are directly tied to the architecture, there is no reason to have out-of-
tree production drivers
* kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
is undefined (git-fixes).
* leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-
fixes).
* media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
(git-fixes).
* media: cec: i2c: ch7322: also select REGMAP (git-fixes).
* media: i2c: Correct format propagation for st-mipid02 (git-fixes).
* media: usb: Check az6007_read() return value (git-fixes).
* media: usb: siano: Fix warning due to null work_func_t function pointer
(git-fixes).
* media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
* media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
* memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
* mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
* mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
used (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
* net: mana: Add support for vlan tagging (bsc#1212301).
* net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
* ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
* ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
* ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
* ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
* ntb: ntb_transport: fix possible memory leak while device_register() fails
(git-fixes).
* nvme-multipath: support io stats on the mpath device (bsc#1210565).
* nvme: introduce nvme_start_request (bsc#1210565).
* ocfs2: Switch to security_inode_init_security() (git-fixes).
* ocfs2: check new file size on fallocate call (git-fixes).
* ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
* opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
* pci/pm: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
* pci: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
* phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git-
fixes).
* phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
* phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
* pie: fix kernel-doc notation warning (git-fixes).
* pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
* pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
* powerpc/64: Only WARN if __pa()/__va() called with bad addresses
(bsc#1194869).
* powerpc/64s: Fix VAS mm use after free (bsc#1194869).
* powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
* powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
* powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
(bsc#1194869).
* powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare()
(bsc#1194869).
* powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
boundary (bsc#1150305 ltc#176097 git-fixes).
* powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
* powerpc/powernv/sriov: perform null check on iov before dereferencing iov
(bsc#1194869).
* powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
(bsc#1194869).
* powerpc/prom_init: Fix kernel config grep (bsc#1194869).
* powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
* powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
* powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
* powerpc: define get_cycles macro for arch-override (bsc#1194869).
* powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
* pwm: ab8500: Fix error code in probe() (git-fixes).
* pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
* pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
* rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
* rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME
They depend on CONFIG_TOOLCHAIN_HAS__.
* rsi: remove kernel-doc comment marker (git-fixes).
* s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
* s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
* s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
* s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes
bsc#1213252).
* s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
(git-fixes bsc#1213264).
* s390: discard .interp section (git-fixes bsc#1213247).
* sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
* sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
* security: keys: Modify mismatched function name (git-fixes).
* selftests: mptcp: depend on SYN_COOKIES (git-fixes).
* selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* selftests: tc: add 'ct' action kconfig dep (git-fixes).
* selftests: tc: add ConnTrack procfs kconfig (git-fixes).
* selftests: tc: set timeout to 15 minutes (git-fixes).
* signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
* signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
(bsc#1194869).
* smb3: do not reserve too many oplock credits (bsc#1193629).
* smb3: missing null check in SMB2_change_notify (bsc#1193629).
* smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
* smb: client: fix missed ses refcounting (git-fixes).
* smb: client: fix parsing of source mount option (bsc#1193629).
* smb: client: fix shared DFS root mounts with different prefixes
(bsc#1193629).
* smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
* smb: client: fix warning in CIFSFindNext() (bsc#1193629).
* smb: client: fix warning in cifs_match_super() (bsc#1193629).
* smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
* smb: client: fix warning in generic_ip_connect() (bsc#1193629).
* smb: client: improve DFS mount check (bsc#1193629).
* smb: client: remove redundant pointer 'server' (bsc#1193629).
* smb: delete an unnecessary statement (bsc#1193629).
* smb: move client and server files to common directory fs/smb (bsc#1193629).
* smb: remove obsolete comment (bsc#1193629).
* soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
* spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-
fixes).
* spi: bcm63xx: fix max prepend length (git-fixes).
* tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* ubi: ensure that VID header offset + VID header size <= alloc, size
(bsc#1210584).
* udf: Avoid double brelse() in udf_rename() (bsc#1213032).
* udf: Define EFSCORRUPTED error code (bsc#1213038).
* udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
* udf: Discard preallocation before extending file with a hole (bsc#1213036).
* udf: Do not bother looking for prealloc extents if i_lenExtents matches
i_size (bsc#1213035).
* udf: Do not bother merging very long extents (bsc#1213040).
* udf: Do not update file length for failed writes to inline files
(bsc#1213041).
* udf: Fix error handling in udf_new_inode() (bsc#1213112).
* udf: Fix extending file within last block (bsc#1213037).
* udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
* udf: Preserve link count of system files (bsc#1213113).
* udf: Truncate added extents on failed expansion (bsc#1213039).
* usb: dwc2: Fix some error handling paths (git-fixes).
* usb: dwc2: platform: Improve error reporting for problems during .remove()
(git-fixes).
* usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
* usb: serial: option: add LARA-R6 01B PIDs (git-fixes).
* wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
* wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
* wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* writeback: fix call of incorrect macro (bsc#1213024).
* x86: Fix .brk attribute in linker script (git-fixes).
* xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
* xfs: CIL work is serialised, not pipelined (bsc#1211811).
* xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
* xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: clean up the rtbitmap fsmap backend (git-fixes).
* xfs: do not deplete the reserve pool when trying to shrink the fs (git-
fixes).
* xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from CIL commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: fix getfsmap reporting past the last rt extent (git-fixes).
* xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
fixes).
* xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
* xfs: fix logdev fsmap query result filtering (git-fixes).
* xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
* xfs: fix uninitialized variable access (git-fixes).
* xfs: make fsmap backend function key parameters const (git-fixes).
* xfs: make the record pointer passed to query_range functions const (git-
fixes).
* xfs: move the CIL workqueue to the CIL (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order CIL checkpoint start records (bsc#1211811).
* xfs: pass a CIL context to xlog_write() (bsc#1211811).
* xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down AIL (bsc#1211811).
* xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
* xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
* xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3182=1 openSUSE-SLE-15.4-2023-3182=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3182=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* kernel-azure-extra-5.14.21-150400.14.60.1
* kernel-azure-debugsource-5.14.21-150400.14.60.1
* kernel-syms-azure-5.14.21-150400.14.60.1
* kernel-azure-devel-5.14.21-150400.14.60.1
* cluster-md-kmp-azure-5.14.21-150400.14.60.1
* dlm-kmp-azure-5.14.21-150400.14.60.1
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.60.1
* kernel-azure-optional-5.14.21-150400.14.60.1
* kselftests-kmp-azure-5.14.21-150400.14.60.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.60.1
* ocfs2-kmp-azure-5.14.21-150400.14.60.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.60.1
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.60.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.60.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.60.1
* reiserfs-kmp-azure-5.14.21-150400.14.60.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.60.1
* kernel-azure-debuginfo-5.14.21-150400.14.60.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.60.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.60.1
* gfs2-kmp-azure-5.14.21-150400.14.60.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.60.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.60.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.60.1
* kernel-source-azure-5.14.21-150400.14.60.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.60.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-azure-debuginfo-5.14.21-150400.14.60.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.60.1
* kernel-syms-azure-5.14.21-150400.14.60.1
* kernel-azure-debugsource-5.14.21-150400.14.60.1
* kernel-azure-devel-5.14.21-150400.14.60.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.60.1
* kernel-source-azure-5.14.21-150400.14.60.1
## References:
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://bugzilla.suse.com/show_bug.cgi?id=1150305
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1207894
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210565
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1211243
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1212905
* https://bugzilla.suse.com/show_bug.cgi?id=1213010
* https://bugzilla.suse.com/show_bug.cgi?id=1213011
* https://bugzilla.suse.com/show_bug.cgi?id=1213012
* https://bugzilla.suse.com/show_bug.cgi?id=1213013
* https://bugzilla.suse.com/show_bug.cgi?id=1213014
* https://bugzilla.suse.com/show_bug.cgi?id=1213015
* https://bugzilla.suse.com/show_bug.cgi?id=1213016
* https://bugzilla.suse.com/show_bug.cgi?id=1213017
* https://bugzilla.suse.com/show_bug.cgi?id=1213018
* https://bugzilla.suse.com/show_bug.cgi?id=1213019
* https://bugzilla.suse.com/show_bug.cgi?id=1213020
* https://bugzilla.suse.com/show_bug.cgi?id=1213021
* https://bugzilla.suse.com/show_bug.cgi?id=1213024
* https://bugzilla.suse.com/show_bug.cgi?id=1213025
* https://bugzilla.suse.com/show_bug.cgi?id=1213032
* https://bugzilla.suse.com/show_bug.cgi?id=1213034
* https://bugzilla.suse.com/show_bug.cgi?id=1213035
* https://bugzilla.suse.com/show_bug.cgi?id=1213036
* https://bugzilla.suse.com/show_bug.cgi?id=1213037
* https://bugzilla.suse.com/show_bug.cgi?id=1213038
* https://bugzilla.suse.com/show_bug.cgi?id=1213039
* https://bugzilla.suse.com/show_bug.cgi?id=1213040
* https://bugzilla.suse.com/show_bug.cgi?id=1213041
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213087
* https://bugzilla.suse.com/show_bug.cgi?id=1213088
* https://bugzilla.suse.com/show_bug.cgi?id=1213089
* https://bugzilla.suse.com/show_bug.cgi?id=1213090
* https://bugzilla.suse.com/show_bug.cgi?id=1213092
* https://bugzilla.suse.com/show_bug.cgi?id=1213093
* https://bugzilla.suse.com/show_bug.cgi?id=1213094
* https://bugzilla.suse.com/show_bug.cgi?id=1213095
* https://bugzilla.suse.com/show_bug.cgi?id=1213096
* https://bugzilla.suse.com/show_bug.cgi?id=1213098
* https://bugzilla.suse.com/show_bug.cgi?id=1213099
* https://bugzilla.suse.com/show_bug.cgi?id=1213100
* https://bugzilla.suse.com/show_bug.cgi?id=1213102
* https://bugzilla.suse.com/show_bug.cgi?id=1213103
* https://bugzilla.suse.com/show_bug.cgi?id=1213104
* https://bugzilla.suse.com/show_bug.cgi?id=1213105
* https://bugzilla.suse.com/show_bug.cgi?id=1213106
* https://bugzilla.suse.com/show_bug.cgi?id=1213107
* https://bugzilla.suse.com/show_bug.cgi?id=1213108
* https://bugzilla.suse.com/show_bug.cgi?id=1213109
* https://bugzilla.suse.com/show_bug.cgi?id=1213110
* https://bugzilla.suse.com/show_bug.cgi?id=1213111
* https://bugzilla.suse.com/show_bug.cgi?id=1213112
* https://bugzilla.suse.com/show_bug.cgi?id=1213113
* https://bugzilla.suse.com/show_bug.cgi?id=1213114
* https://bugzilla.suse.com/show_bug.cgi?id=1213134
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213247
* https://bugzilla.suse.com/show_bug.cgi?id=1213252
* https://bugzilla.suse.com/show_bug.cgi?id=1213258
* https://bugzilla.suse.com/show_bug.cgi?id=1213259
* https://bugzilla.suse.com/show_bug.cgi?id=1213263
* https://bugzilla.suse.com/show_bug.cgi?id=1213264
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213523
* https://bugzilla.suse.com/show_bug.cgi?id=1213524
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://jira.suse.com/browse/PED-4758
1
0
SUSE-SU-2023:3185-1: moderate: Security update for pipewire
by security@lists.opensuse.org 03 Aug '23
by security@lists.opensuse.org 03 Aug '23
03 Aug '23
# Security update for pipewire
Announcement ID: SUSE-SU-2023:3185-1
Rating: moderate
References:
* #1213682
Affected Products:
* openSUSE Leap 15.4
An update that has one fix can now be installed.
## Description:
This update for pipewire fixes the following security issues:
* Fixed issue where an app which only has permission to access one stream can
also access other streams (bsc#1213682).
Bugfixes: \- Fixed division by 0 and other issues with invalid values
(glfo#pipewire/pipewire#2953) \- Fixed an overflow resulting in choppy sound in
some cases (glfo#pipewire/pipewire#2680)
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3185=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* pipewire-modules-0.3.24-150300.4.6.1
* pipewire-modules-debuginfo-0.3.24-150300.4.6.1
* openSUSE Leap 15.4 (x86_64)
* pipewire-modules-32bit-debuginfo-0.3.24-150300.4.6.1
* pipewire-modules-32bit-0.3.24-150300.4.6.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1213682
1
0
03 Aug '23
# Security update for ImageMagick
Announcement ID: SUSE-SU-2023:3186-1
Rating: low
References:
* #1213624
Cross-References:
* CVE-2023-3745
CVSS scores:
* CVE-2023-3745 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-3745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
An update that solves one vulnerability can now be installed.
## Description:
This update for ImageMagick fixes the following issues:
* CVE-2023-3745: Fixed heap out of bounds read in PushCharPixel() in quantum-
private.h (bsc#1213624).
## Patch Instructions:
To install this SUSE Low update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3186=1
## Package List:
* openSUSE Leap 15.4 (x86_64)
* libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.51.1
* libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1
* libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.51.1
* libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.51.1
* libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.51.1
* libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.51.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.51.1
* libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.51.1
* libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.51.1
* libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.51.1
* libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.51.1
* libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.51.1
## References:
* https://www.suse.com/security/cve/CVE-2023-3745.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213624
1
0
SUSE-SU-2023:3171-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 03 Aug '23
by security@lists.opensuse.org 03 Aug '23
03 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3171-1
Rating: important
References:
* #1150305
* #1193629
* #1194869
* #1207894
* #1208788
* #1210565
* #1210584
* #1210853
* #1211243
* #1211811
* #1211867
* #1212301
* #1212846
* #1212905
* #1213010
* #1213011
* #1213012
* #1213013
* #1213014
* #1213015
* #1213016
* #1213017
* #1213018
* #1213019
* #1213020
* #1213021
* #1213024
* #1213025
* #1213032
* #1213034
* #1213035
* #1213036
* #1213037
* #1213038
* #1213039
* #1213040
* #1213041
* #1213059
* #1213061
* #1213087
* #1213088
* #1213089
* #1213090
* #1213092
* #1213093
* #1213094
* #1213095
* #1213096
* #1213098
* #1213099
* #1213100
* #1213102
* #1213103
* #1213104
* #1213105
* #1213106
* #1213107
* #1213108
* #1213109
* #1213110
* #1213111
* #1213112
* #1213113
* #1213114
* #1213134
* #1213245
* #1213247
* #1213252
* #1213258
* #1213259
* #1213263
* #1213264
* #1213286
* #1213523
* #1213524
* #1213543
* #1213705
Cross-References:
* CVE-2023-20593
* CVE-2023-2985
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3812
CVSS scores:
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* Legacy Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves seven vulnerabilities and has 70 fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
* ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* ALSA: fireface: make read-only const array for model names static (git-
fixes).
* ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
* ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
* ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
* ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
* ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
* ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
* ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
* ALSA: hda/realtek: Whitespace fix (git-fixes).
* ALSA: hda: fix a possible null-pointer dereference due to data race in
snd_hdac_regmap_sync() (git-fixes).
* ALSA: oxfw: make read-only const array models static (git-fixes).
* ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-
fixes).
* ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
* ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
* ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* ASoC: tegra: Fix ADX byte map (git-fixes).
* ASoC: tegra: Fix AMX byte map (git-fixes).
* Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
* Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-
fixes).
* Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
* Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
* Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
* Fix documentation of panic_on_warn (git-fixes).
* IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
* PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
* RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
* Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-
fixes)
* Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
* USB: dwc2: Fix some error handling paths (git-fixes).
* USB: dwc2: platform: Improve error reporting for problems during .remove()
(git-fixes).
* USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
* USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
* USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
* Update config and supported.conf files due to renaming.
* apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
* arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
* arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-
fixes)
* arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
* arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
* can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
* cifs: add a warning when the in-flight count goes negative (bsc#1193629).
* cifs: address unused variable warning (bsc#1193629).
* cifs: do all necessary checks for credits within or before locking
(bsc#1193629).
* cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
* cifs: fix max_credits implementation (bsc#1193629).
* cifs: fix session state check in reconnect to avoid use-after-free issue
(bsc#1193629).
* cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
* cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
* cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
* cifs: fix status checks in cifs_tree_connect (bsc#1193629).
* cifs: log session id when a matching ses is not found (bsc#1193629).
* cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
* cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
* cifs: print all credit counters in DebugData (bsc#1193629).
* cifs: print client_guid in DebugData (bsc#1193629).
* cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
* cifs: print nosharesock value while dumping mount options (bsc#1193629).
* clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-
fixes).
* clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
* codel: fix kernel-doc notation warnings (git-fixes).
* crypto: kpp - Add helper to set reqsize (git-fixes).
* crypto: qat - Use helper to set reqsize (git-fixes).
* devlink: fix kernel-doc notation warnings (git-fixes).
* docs: networking: Update codeaurora references for rmnet (git-fixes).
* drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
* drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
* drm/amdgpu: Validate VM ioctl flags (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-
fixes).
* drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes).
* drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
* drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
* drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-
fixes).
* drm/i915: Fix one wrong caching mode enum usage (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
* drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-
fixes).
* drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
* drm/ttm: Do not leak a resource on swapout move error (git-fixes).
* dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible"
conditional schema (git-fixes).
* ext4: Fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
* ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
* ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
(bsc#1213088).
* ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
* ext4: add strict range checks while freeing blocks (bsc#1213089).
* ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
* ext4: block range must be validated before use in ext4_mb_clear_bb()
(bsc#1213090).
* ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
* ext4: disallow ea_inodes with extended attributes (bsc#1213108).
* ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
* ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
* ext4: fix WARNING in mb_find_extent (bsc#1213099).
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
* ext4: fix data races when using cached status extents (bsc#1213102).
* ext4: fix deadlock when converting an inline directory in nojournal mode
(bsc#1213105).
* ext4: fix i_disksize exceeding i_size problem in paritally written case
(bsc#1213015).
* ext4: fix lockdep warning when enabling MMP (bsc#1213100).
* ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
(bsc#1213021).
* ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
(bsc#1213098).
* ext4: improve error handling from ext4_dirhash() (bsc#1213104).
* ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
* ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
* ext4: only update i_reserved_data_blocks on successful block allocation
(bsc#1213019).
* ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
* ext4: refuse to create ea block when umounted (bsc#1213093).
* ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
(bsc#1213107).
* ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
* ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
* ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
* ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
* fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
* fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
* hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
* hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
* hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
* hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134
ltc#202861).
* hvcs: Use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
* hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
* hwmon: (adm1275) Allow setting sample averaging (git-fixes).
* hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
(git-fixes).
* i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: Do not try to handle more interrupt events after error (git-
fixes).
* inotify: Avoid reporting event with invalid wd (bsc#1213025).
* jbd2: fix data missing when reusing bh which is ready to be checkpointed
(bsc#1213095).
* jdb2: Do not refuse invalidation of already invalidated buffers
(bsc#1213014).
* kABI: do not check external trampolines for signature (kabi bsc#1207894
bsc#1211243).
* kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators
are directly tied to the architecture, there is no reason to have out-of-
tree production drivers
* kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
is undefined (git-fixes).
* leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-
fixes).
* media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
(git-fixes).
* media: cec: i2c: ch7322: also select REGMAP (git-fixes).
* media: i2c: Correct format propagation for st-mipid02 (git-fixes).
* media: usb: Check az6007_read() return value (git-fixes).
* media: usb: siano: Fix warning due to null work_func_t function pointer
(git-fixes).
* media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
* media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
* memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
* mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
* mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
used (git-fixes).
* net: mana: Add support for vlan tagging (bsc#1212301).
* net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
* ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
* ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
* ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
* ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
* ntb: ntb_transport: fix possible memory leak while device_register() fails
(git-fixes).
* nvme-multipath: support io stats on the mpath device (bsc#1210565).
* nvme: introduce nvme_start_request (bsc#1210565).
* ocfs2: Switch to security_inode_init_security() (git-fixes).
* ocfs2: check new file size on fallocate call (git-fixes).
* ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
* opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
* phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git-
fixes).
* phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
* phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
* pie: fix kernel-doc notation warning (git-fixes).
* pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
* pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
* powerpc/64: Only WARN if __pa()/__va() called with bad addresses
(bsc#1194869).
* powerpc/64s: Fix VAS mm use after free (bsc#1194869).
* powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
* powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
* powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
(bsc#1194869).
* powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare()
(bsc#1194869).
* powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-
boundary (bsc#1150305 ltc#176097 git-fixes).
* powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
* powerpc/powernv/sriov: perform null check on iov before dereferencing iov
(bsc#1194869).
* powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
(bsc#1194869).
* powerpc/prom_init: Fix kernel config grep (bsc#1194869).
* powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
* powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
* powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
* powerpc: define get_cycles macro for arch-override (bsc#1194869).
* powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
* pwm: ab8500: Fix error code in probe() (git-fixes).
* pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
* pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
* rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME
They depend on CONFIG_TOOLCHAIN_HAS__.
* rsi: remove kernel-doc comment marker (git-fixes).
* s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
* s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
* s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
* s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes
bsc#1213252).
* s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36
(git-fixes bsc#1213264).
* s390: discard .interp section (git-fixes bsc#1213247).
* sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
* sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
* security: keys: Modify mismatched function name (git-fixes).
* selftests: mptcp: depend on SYN_COOKIES (git-fixes).
* selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* selftests: tc: add 'ct' action kconfig dep (git-fixes).
* selftests: tc: add ConnTrack procfs kconfig (git-fixes).
* selftests: tc: set timeout to 15 minutes (git-fixes).
* signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
* signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
(bsc#1194869).
* smb3: do not reserve too many oplock credits (bsc#1193629).
* smb3: missing null check in SMB2_change_notify (bsc#1193629).
* smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
* smb: client: fix missed ses refcounting (git-fixes).
* smb: client: fix parsing of source mount option (bsc#1193629).
* smb: client: fix shared DFS root mounts with different prefixes
(bsc#1193629).
* smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
* smb: client: fix warning in CIFSFindNext() (bsc#1193629).
* smb: client: fix warning in cifs_match_super() (bsc#1193629).
* smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
* smb: client: fix warning in generic_ip_connect() (bsc#1193629).
* smb: client: improve DFS mount check (bsc#1193629).
* smb: client: remove redundant pointer 'server' (bsc#1193629).
* smb: delete an unnecessary statement (bsc#1193629).
* smb: move client and server files to common directory fs/smb (bsc#1193629).
* smb: remove obsolete comment (bsc#1193629).
* soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
* spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-
fixes).
* spi: bcm63xx: fix max prepend length (git-fixes).
* tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* ubi: ensure that VID header offset + VID header size <= alloc, size
(bsc#1210584).
* udf: Avoid double brelse() in udf_rename() (bsc#1213032).
* udf: Define EFSCORRUPTED error code (bsc#1213038).
* udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
* udf: Discard preallocation before extending file with a hole (bsc#1213036).
* udf: Do not bother looking for prealloc extents if i_lenExtents matches
i_size (bsc#1213035).
* udf: Do not bother merging very long extents (bsc#1213040).
* udf: Do not update file length for failed writes to inline files
(bsc#1213041).
* udf: Fix error handling in udf_new_inode() (bsc#1213112).
* udf: Fix extending file within last block (bsc#1213037).
* udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
* udf: Preserve link count of system files (bsc#1213113).
* udf: Truncate added extents on failed expansion (bsc#1213039).
* wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
* wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
* wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* writeback: fix call of incorrect macro (bsc#1213024).
* x86: Fix .brk attribute in linker script (git-fixes).
* xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
* xfs: CIL work is serialised, not pipelined (bsc#1211811).
* xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
* xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: clean up the rtbitmap fsmap backend (git-fixes).
* xfs: do not deplete the reserve pool when trying to shrink the fs (git-
fixes).
* xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from CIL commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: fix getfsmap reporting past the last rt extent (git-fixes).
* xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
fixes).
* xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
* xfs: fix logdev fsmap query result filtering (git-fixes).
* xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
* xfs: fix uninitialized variable access (git-fixes).
* xfs: make fsmap backend function key parameters const (git-fixes).
* xfs: make the record pointer passed to query_range functions const (git-
fixes).
* xfs: move the CIL workqueue to the CIL (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order CIL checkpoint start records (bsc#1211811).
* xfs: pass a CIL context to xlog_write() (bsc#1211811).
* xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down AIL (bsc#1211811).
* xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
* xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
* xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3171=1 openSUSE-SLE-15.4-2023-3171=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3171=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3171=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3171=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3171=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3171=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3171=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3171=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3171=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3171=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3171=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3171=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3171=1
## Package List:
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-5.14.21-150400.24.74.1
* kernel-source-vanilla-5.14.21-150400.24.74.1
* kernel-macros-5.14.21-150400.24.74.1
* kernel-docs-html-5.14.21-150400.24.74.1
* kernel-source-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150400.24.74.1
* kernel-debug-debuginfo-5.14.21-150400.24.74.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.74.1
* kernel-debug-devel-5.14.21-150400.24.74.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-5.14.21-150400.24.74.1
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* kernel-default-base-rebuild-5.14.21-150400.24.74.1.150400.24.33.3
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.74.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.74.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.74.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.74.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.74.1
* kselftests-kmp-default-5.14.21-150400.24.74.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.74.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.74.1
* kernel-default-livepatch-5.14.21-150400.24.74.1
* gfs2-kmp-default-5.14.21-150400.24.74.1
* kernel-default-livepatch-devel-5.14.21-150400.24.74.1
* kernel-obs-build-debugsource-5.14.21-150400.24.74.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.74.1
* ocfs2-kmp-default-5.14.21-150400.24.74.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.74.1
* kernel-obs-qa-5.14.21-150400.24.74.1
* dlm-kmp-default-5.14.21-150400.24.74.1
* kernel-default-devel-5.14.21-150400.24.74.1
* reiserfs-kmp-default-5.14.21-150400.24.74.1
* kernel-syms-5.14.21-150400.24.74.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1
* cluster-md-kmp-default-5.14.21-150400.24.74.1
* kernel-default-extra-5.14.21-150400.24.74.1
* kernel-default-optional-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* kernel-obs-build-5.14.21-150400.24.74.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-1-150400.9.3.3
* kernel-livepatch-SLE15-SP4_Update_15-debugsource-1-150400.9.3.3
* kernel-livepatch-5_14_21-150400_24_74-default-1-150400.9.3.3
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.74.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.74.1
* dtb-exynos-5.14.21-150400.24.74.1
* kselftests-kmp-64kb-5.14.21-150400.24.74.1
* kernel-64kb-debuginfo-5.14.21-150400.24.74.1
* kernel-64kb-debugsource-5.14.21-150400.24.74.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.74.1
* reiserfs-kmp-64kb-5.14.21-150400.24.74.1
* ocfs2-kmp-64kb-5.14.21-150400.24.74.1
* dtb-arm-5.14.21-150400.24.74.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.74.1
* cluster-md-kmp-64kb-5.14.21-150400.24.74.1
* dtb-sprd-5.14.21-150400.24.74.1
* dtb-qcom-5.14.21-150400.24.74.1
* dtb-allwinner-5.14.21-150400.24.74.1
* dtb-nvidia-5.14.21-150400.24.74.1
* dtb-lg-5.14.21-150400.24.74.1
* dtb-hisilicon-5.14.21-150400.24.74.1
* kernel-64kb-extra-5.14.21-150400.24.74.1
* dtb-rockchip-5.14.21-150400.24.74.1
* dtb-cavium-5.14.21-150400.24.74.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.74.1
* kernel-64kb-optional-5.14.21-150400.24.74.1
* dtb-apm-5.14.21-150400.24.74.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.74.1
* dtb-socionext-5.14.21-150400.24.74.1
* dtb-amlogic-5.14.21-150400.24.74.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.74.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.74.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.74.1
* dtb-marvell-5.14.21-150400.24.74.1
* dtb-amazon-5.14.21-150400.24.74.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.74.1
* dtb-freescale-5.14.21-150400.24.74.1
* dtb-mediatek-5.14.21-150400.24.74.1
* dtb-apple-5.14.21-150400.24.74.1
* gfs2-kmp-64kb-5.14.21-150400.24.74.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.74.1
* dtb-xilinx-5.14.21-150400.24.74.1
* dlm-kmp-64kb-5.14.21-150400.24.74.1
* dtb-amd-5.14.21-150400.24.74.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.74.1
* dtb-renesas-5.14.21-150400.24.74.1
* dtb-broadcom-5.14.21-150400.24.74.1
* dtb-altera-5.14.21-150400.24.74.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.74.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.74.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.74.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150400.24.74.1
* kernel-64kb-debugsource-5.14.21-150400.24.74.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.74.1
* kernel-64kb-devel-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150400.24.74.1
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (noarch)
* kernel-macros-5.14.21-150400.24.74.1
* kernel-devel-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.74.1
* Basesystem Module 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.74.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.74.1
* Development Tools Module 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.74.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-syms-5.14.21-150400.24.74.1
* kernel-obs-build-debugsource-5.14.21-150400.24.74.1
* kernel-obs-build-5.14.21-150400.24.74.1
* Development Tools Module 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.74.1
* Legacy Module 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.74.1
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.74.1
* reiserfs-kmp-default-5.14.21-150400.24.74.1
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-livepatch-5_14_21-150400_24_74-default-1-150400.9.3.3
* kernel-livepatch-SLE15-SP4_Update_15-debugsource-1-150400.9.3.3
* kernel-default-livepatch-devel-5.14.21-150400.24.74.1
* kernel-default-livepatch-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-1-150400.9.3.3
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* cluster-md-kmp-default-5.14.21-150400.24.74.1
* kernel-default-debugsource-5.14.21-150400.24.74.1
* dlm-kmp-default-5.14.21-150400.24.74.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.74.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1
* ocfs2-kmp-default-5.14.21-150400.24.74.1
* gfs2-kmp-default-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.74.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.74.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.74.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* kernel-default-extra-debuginfo-5.14.21-150400.24.74.1
* kernel-default-debugsource-5.14.21-150400.24.74.1
* kernel-default-debuginfo-5.14.21-150400.24.74.1
* kernel-default-extra-5.14.21-150400.24.74.1
## References:
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://bugzilla.suse.com/show_bug.cgi?id=1150305
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1207894
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210565
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1211243
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1212905
* https://bugzilla.suse.com/show_bug.cgi?id=1213010
* https://bugzilla.suse.com/show_bug.cgi?id=1213011
* https://bugzilla.suse.com/show_bug.cgi?id=1213012
* https://bugzilla.suse.com/show_bug.cgi?id=1213013
* https://bugzilla.suse.com/show_bug.cgi?id=1213014
* https://bugzilla.suse.com/show_bug.cgi?id=1213015
* https://bugzilla.suse.com/show_bug.cgi?id=1213016
* https://bugzilla.suse.com/show_bug.cgi?id=1213017
* https://bugzilla.suse.com/show_bug.cgi?id=1213018
* https://bugzilla.suse.com/show_bug.cgi?id=1213019
* https://bugzilla.suse.com/show_bug.cgi?id=1213020
* https://bugzilla.suse.com/show_bug.cgi?id=1213021
* https://bugzilla.suse.com/show_bug.cgi?id=1213024
* https://bugzilla.suse.com/show_bug.cgi?id=1213025
* https://bugzilla.suse.com/show_bug.cgi?id=1213032
* https://bugzilla.suse.com/show_bug.cgi?id=1213034
* https://bugzilla.suse.com/show_bug.cgi?id=1213035
* https://bugzilla.suse.com/show_bug.cgi?id=1213036
* https://bugzilla.suse.com/show_bug.cgi?id=1213037
* https://bugzilla.suse.com/show_bug.cgi?id=1213038
* https://bugzilla.suse.com/show_bug.cgi?id=1213039
* https://bugzilla.suse.com/show_bug.cgi?id=1213040
* https://bugzilla.suse.com/show_bug.cgi?id=1213041
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213087
* https://bugzilla.suse.com/show_bug.cgi?id=1213088
* https://bugzilla.suse.com/show_bug.cgi?id=1213089
* https://bugzilla.suse.com/show_bug.cgi?id=1213090
* https://bugzilla.suse.com/show_bug.cgi?id=1213092
* https://bugzilla.suse.com/show_bug.cgi?id=1213093
* https://bugzilla.suse.com/show_bug.cgi?id=1213094
* https://bugzilla.suse.com/show_bug.cgi?id=1213095
* https://bugzilla.suse.com/show_bug.cgi?id=1213096
* https://bugzilla.suse.com/show_bug.cgi?id=1213098
* https://bugzilla.suse.com/show_bug.cgi?id=1213099
* https://bugzilla.suse.com/show_bug.cgi?id=1213100
* https://bugzilla.suse.com/show_bug.cgi?id=1213102
* https://bugzilla.suse.com/show_bug.cgi?id=1213103
* https://bugzilla.suse.com/show_bug.cgi?id=1213104
* https://bugzilla.suse.com/show_bug.cgi?id=1213105
* https://bugzilla.suse.com/show_bug.cgi?id=1213106
* https://bugzilla.suse.com/show_bug.cgi?id=1213107
* https://bugzilla.suse.com/show_bug.cgi?id=1213108
* https://bugzilla.suse.com/show_bug.cgi?id=1213109
* https://bugzilla.suse.com/show_bug.cgi?id=1213110
* https://bugzilla.suse.com/show_bug.cgi?id=1213111
* https://bugzilla.suse.com/show_bug.cgi?id=1213112
* https://bugzilla.suse.com/show_bug.cgi?id=1213113
* https://bugzilla.suse.com/show_bug.cgi?id=1213114
* https://bugzilla.suse.com/show_bug.cgi?id=1213134
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213247
* https://bugzilla.suse.com/show_bug.cgi?id=1213252
* https://bugzilla.suse.com/show_bug.cgi?id=1213258
* https://bugzilla.suse.com/show_bug.cgi?id=1213259
* https://bugzilla.suse.com/show_bug.cgi?id=1213263
* https://bugzilla.suse.com/show_bug.cgi?id=1213264
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213523
* https://bugzilla.suse.com/show_bug.cgi?id=1213524
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
1
0