openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
August 2023
- 3 participants
- 127 discussions
SUSE-SU-2023:3397-1: moderate: Security update for openssl-1_1
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for openssl-1_1
Announcement ID: SUSE-SU-2023:3397-1
Rating: moderate
References:
* #1213517
* #1213853
Cross-References:
* CVE-2023-3817
CVSS scores:
* CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability and has one fix can now be installed.
## Description:
This update for openssl-1_1 fixes the following issues:
* CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH
q parameter value. (bsc#1213853)
* Don't pass zero length input to EVP_Cipher because s390x assembler optimized
AES cannot handle zero size. (bsc#1213517)
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3397=1 openSUSE-SLE-15.4-2023-3397=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3397=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3397=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3397=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3397=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3397=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3397=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3397=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.53.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.53.1
* libopenssl1_1-32bit-1.1.1l-150400.7.53.1
* openSUSE Leap 15.4 (noarch)
* openssl-1_1-doc-1.1.1l-150400.7.53.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl-1_1-devel-64bit-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-64bit-1.1.1l-150400.7.53.1
* libopenssl1_1-64bit-1.1.1l-150400.7.53.1
* libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.53.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* openssl-1_1-debugsource-1.1.1l-150400.7.53.1
* libopenssl-1_1-devel-1.1.1l-150400.7.53.1
* openssl-1_1-1.1.1l-150400.7.53.1
* openssl-1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-1.1.1l-150400.7.53.1
* libopenssl1_1-1.1.1l-150400.7.53.1
* Basesystem Module 15-SP4 (x86_64)
* libopenssl-1_1-devel-32bit-1.1.1l-150400.7.53.1
* libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.53.1
* libopenssl1_1-hmac-32bit-1.1.1l-150400.7.53.1
* libopenssl1_1-32bit-1.1.1l-150400.7.53.1
## References:
* https://www.suse.com/security/cve/CVE-2023-3817.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213517
* https://bugzilla.suse.com/show_bug.cgi?id=1213853
1
0
SUSE-SU-2023:3244-2: moderate: Security update for openssl-3
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for openssl-3
Announcement ID: SUSE-SU-2023:3244-2
Rating: moderate
References:
* #1213853
Cross-References:
* CVE-2023-3817
CVSS scores:
* CVE-2023-3817 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-3817 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves one vulnerability can now be installed.
## Description:
This update for openssl-3 fixes the following issues:
* CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH
q parameter value. (bsc#1213853)
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3244=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3244=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3244=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3244=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3244=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3244=1
## Package List:
* openSUSE Leap Micro 5.4 (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.34.1
* libopenssl3-debuginfo-3.0.8-150400.4.34.1
* libopenssl3-3.0.8-150400.4.34.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.34.1
* libopenssl3-debuginfo-3.0.8-150400.4.34.1
* libopenssl3-3.0.8-150400.4.34.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.34.1
* libopenssl3-debuginfo-3.0.8-150400.4.34.1
* libopenssl3-3.0.8-150400.4.34.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.34.1
* libopenssl3-debuginfo-3.0.8-150400.4.34.1
* libopenssl3-3.0.8-150400.4.34.1
* SUSE Linux Enterprise Micro 5.4 (s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.34.1
* libopenssl3-debuginfo-3.0.8-150400.4.34.1
* libopenssl3-3.0.8-150400.4.34.1
* openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.34.1
* libopenssl3-debuginfo-3.0.8-150400.4.34.1
* libopenssl3-3.0.8-150400.4.34.1
## References:
* https://www.suse.com/security/cve/CVE-2023-3817.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213853
1
0
SUSE-SU-2023:3401-1: important: Security update for erlang
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for erlang
Announcement ID: SUSE-SU-2023:3401-1
Rating: important
References:
* #1205318
* #1207113
Cross-References:
* CVE-2022-37026
CVSS scores:
* CVE-2022-37026 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2022-37026 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Server Applications Module 15-SP4
* Server Applications Module 15-SP5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves one vulnerability and has one fix can now be installed.
## Description:
This update for erlang fixes the following issues:
* Replaced the CVE-2022-37026 patch with the one released by the upstream to
fix a regression in the previous one. (bsc#1205318)
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3401=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3401=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3401=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3401=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3401=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3401=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3401=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3401=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3401=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3401=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3401=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3401=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* erlang-debugger-22.3-150300.3.8.1
* erlang-wx-src-22.3-150300.3.8.1
* erlang-observer-src-22.3-150300.3.8.1
* erlang-jinterface-src-22.3-150300.3.8.1
* erlang-diameter-22.3-150300.3.8.1
* erlang-diameter-src-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-wx-debuginfo-22.3-150300.3.8.1
* erlang-wx-22.3-150300.3.8.1
* erlang-dialyzer-debuginfo-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* erlang-reltool-src-22.3-150300.3.8.1
* erlang-et-src-22.3-150300.3.8.1
* erlang-22.3-150300.3.8.1
* erlang-observer-22.3-150300.3.8.1
* erlang-src-22.3-150300.3.8.1
* erlang-dialyzer-22.3-150300.3.8.1
* erlang-debugger-src-22.3-150300.3.8.1
* erlang-reltool-22.3-150300.3.8.1
* erlang-jinterface-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-doc-22.3-150300.3.8.1
* erlang-dialyzer-src-22.3-150300.3.8.1
* erlang-et-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* erlang-debugger-22.3-150300.3.8.1
* erlang-wx-src-22.3-150300.3.8.1
* erlang-observer-src-22.3-150300.3.8.1
* erlang-jinterface-src-22.3-150300.3.8.1
* erlang-diameter-22.3-150300.3.8.1
* erlang-diameter-src-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-wx-debuginfo-22.3-150300.3.8.1
* erlang-wx-22.3-150300.3.8.1
* erlang-dialyzer-debuginfo-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* erlang-reltool-src-22.3-150300.3.8.1
* erlang-et-src-22.3-150300.3.8.1
* erlang-22.3-150300.3.8.1
* erlang-observer-22.3-150300.3.8.1
* erlang-src-22.3-150300.3.8.1
* erlang-dialyzer-22.3-150300.3.8.1
* erlang-debugger-src-22.3-150300.3.8.1
* erlang-reltool-22.3-150300.3.8.1
* erlang-jinterface-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-doc-22.3-150300.3.8.1
* erlang-dialyzer-src-22.3-150300.3.8.1
* erlang-et-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Manager Proxy 4.2 (x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* erlang-22.3-150300.3.8.1
* erlang-epmd-debuginfo-22.3-150300.3.8.1
* erlang-debugsource-22.3-150300.3.8.1
* erlang-epmd-22.3-150300.3.8.1
* erlang-debuginfo-22.3-150300.3.8.1
## References:
* https://www.suse.com/security/cve/CVE-2022-37026.html
* https://bugzilla.suse.com/show_bug.cgi?id=1205318
* https://bugzilla.suse.com/show_bug.cgi?id=1207113
1
0
SUSE-SU-2023:3408-1: important: Security update for nodejs14
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for nodejs14
Announcement ID: SUSE-SU-2023:3408-1
Rating: important
References:
* #1212574
* #1212582
* #1212583
* #1214150
* #1214154
* #1214156
Cross-References:
* CVE-2023-30581
* CVE-2023-30589
* CVE-2023-30590
* CVE-2023-32002
* CVE-2023-32006
* CVE-2023-32559
CVSS scores:
* CVE-2023-30581 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-30589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-30590 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H
* CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Server 4.2
An update that solves six vulnerabilities can now be installed.
## Description:
This update for nodejs14 fixes the following issues:
* CVE-2023-32002: Fixed permissions policies bypass via Module._load
(bsc#1214150).
* CVE-2023-32006: Fixed permissions policies impersonation using
module.constructor.createRequire() (bsc#1214156).
* CVE-2023-32559: Fixed permissions policies bypass via process.binding
(bsc#1214154).
* CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574).
* CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583).
* CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by
CR (bsc#1212582).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3408=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3408=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3408=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3408=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3408=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3408=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3408=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3408=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3408=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3408=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* corepack14-14.21.3-150200.15.49.1
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* openSUSE Leap 15.4 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Manager Server 4.2 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* nodejs14-devel-14.21.3-150200.15.49.1
* nodejs14-debugsource-14.21.3-150200.15.49.1
* npm14-14.21.3-150200.15.49.1
* nodejs14-14.21.3-150200.15.49.1
* nodejs14-debuginfo-14.21.3-150200.15.49.1
* SUSE Enterprise Storage 7.1 (noarch)
* nodejs14-docs-14.21.3-150200.15.49.1
## References:
* https://www.suse.com/security/cve/CVE-2023-30581.html
* https://www.suse.com/security/cve/CVE-2023-30589.html
* https://www.suse.com/security/cve/CVE-2023-30590.html
* https://www.suse.com/security/cve/CVE-2023-32002.html
* https://www.suse.com/security/cve/CVE-2023-32006.html
* https://www.suse.com/security/cve/CVE-2023-32559.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212574
* https://bugzilla.suse.com/show_bug.cgi?id=1212582
* https://bugzilla.suse.com/show_bug.cgi?id=1212583
* https://bugzilla.suse.com/show_bug.cgi?id=1214150
* https://bugzilla.suse.com/show_bug.cgi?id=1214154
* https://bugzilla.suse.com/show_bug.cgi?id=1214156
1
0
SUSE-SU-2023:3391-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3391-1
Rating: important
References:
* #1199304
* #1206418
* #1207270
* #1210584
* #1211131
* #1211738
* #1211867
* #1212301
* #1212741
* #1212835
* #1212846
* #1213059
* #1213061
* #1213167
* #1213245
* #1213286
* #1213287
* #1213354
* #1213543
* #1213585
* #1213586
* #1213588
* #1213653
* #1213868
* PED-4567
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-20593
* CVE-2023-2156
* CVE-2023-2985
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-3812
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves 15 vulnerabilities, contains one feature and has nine
fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
* arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
* block, bfq: fix division by zero error on zero wsum (bsc#1213653).
* get module prefix from kmod (bsc#1212835).
* init, x86: move mem_encrypt_init() into arch_cpu_finalize_init()
(bsc#1206418).
* init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
* init: provide arch_cpu_finalize_init() (bsc#1206418).
* init: remove check_bugs() leftovers (bsc#1206418).
* jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
* kernel-binary.spec.in: remove superfluous %% in supplements fixes:
02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
to in-tree kmps")
* kernel-docs: add buildrequires on python3-base when using python3 the
python3 binary is provided by python3-base.
* kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
* keys: do not cache key in task struct if key is requested from kernel thread
(bsc#1213354).
* lockdep: add preemption enabled/disabled assertion apis (bsc#1207270
jsc#ped-4567).
* locking/rwsem: add __always_inline annotation to __down_read_common() and
inlined callers (bsc#1207270 jsc#ped-4567).
* locking/rwsem: allow slowpath writer to ignore handoff bit if not set by
first waiter (bsc#1207270 jsc#ped-4567).
* locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270
jsc#ped-4567).
* locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270
jsc#ped-4567).
* locking/rwsem: conditionally wake waiters in reader/writer slowpaths
(bsc#1207270 jsc#ped-4567).
* locking/rwsem: disable preemption for spinning region (bsc#1207270
jsc#ped-4567).
* locking/rwsem: disable preemption in all down_read*() and up_read() code
paths (bsc#1207270 jsc#ped-4567).
* locking/rwsem: disable preemption in all down_write*() and up_write() code
paths (bsc#1207270 jsc#ped-4567).
* locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270
jsc#ped-4567).
* locking/rwsem: enable reader optimistic lock stealing (bsc#1207270
jsc#ped-4567).
* locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
* locking/rwsem: fix comments about reader optimistic lock stealing conditions
(bsc#1207270 jsc#ped-4567).
* locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
* locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
* locking/rwsem: make handoff bit handling more consistent (bsc#1207270
jsc#ped-4567).
* locking/rwsem: no need to check for handoff bit if wait queue empty
(bsc#1207270 jsc#ped-4567).
* locking/rwsem: optimize down_read_trylock() under highly contended case
(bsc#1207270 jsc#ped-4567).
* locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath()
(bsc#1207270 jsc#ped-4567).
* locking/rwsem: prevent non-first waiter from spinning in down_write()
slowpath (bsc#1207270 jsc#ped-4567).
* locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
* locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270
jsc#ped-4567).
* locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
* locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
* locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270
jsc#ped-4567).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net: mana: add support for vlan tagging (bsc#1212301).
* ocfs2: fix a deadlock when commit trans (bsc#1199304).
* ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
* ocfs2: fix race between searching chunks and release journal_head from
buffer_head (bsc#1199304).
* remove more packaging cruft for sle < 12 sp3
* rpm/check-for-config-changes: ignore also pahole_has_* we now also have
options like config_pahole_has_lang_exclude.
* rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
they depend on config_toolchain_has__.
* rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
* rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
* ubi: ensure that vid header offset + vid header size <= alloc, size
(bsc#1210584).
* ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* usrmerge: adjust module path in the kernel sources (bsc#1212835).
* x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
* x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
* x86/microcode/AMD: Make stub function static inline (bsc#1213868).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3391=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-3391=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-3391=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3391=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3391=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3391=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3391=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3391=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3391=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3391=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3391=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3391=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3391=1
## Package List:
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.3.18-150300.59.130.1
* openSUSE Leap 15.4 (aarch64)
* dtb-al-5.3.18-150300.59.130.1
* dtb-zte-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-default-livepatch-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-livepatch-devel-5.3.18-150300.59.130.1
* kernel-livepatch-5_3_18-150300_59_130-default-1-150300.7.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.130.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1
* cluster-md-kmp-default-5.3.18-150300.59.130.1
* gfs2-kmp-default-5.3.18-150300.59.130.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.130.1
* ocfs2-kmp-default-5.3.18-150300.59.130.1
* dlm-kmp-default-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
nosrc)
* kernel-64kb-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.130.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-64kb-devel-5.3.18-150300.59.130.1
* kernel-64kb-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-obs-build-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-5.3.18-150300.59.130.1
* kernel-syms-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-obs-build-5.3.18-150300.59.130.1
* kernel-preempt-devel-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-source-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.130.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-64kb-devel-5.3.18-150300.59.130.1
* kernel-64kb-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-obs-build-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-5.3.18-150300.59.130.1
* kernel-syms-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-obs-build-5.3.18-150300.59.130.1
* kernel-preempt-devel-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-source-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.130.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-64kb-devel-5.3.18-150300.59.130.1
* kernel-64kb-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* kernel-obs-build-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-5.3.18-150300.59.130.1
* kernel-syms-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-obs-build-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-source-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-preempt-devel-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-obs-build-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-5.3.18-150300.59.130.1
* kernel-syms-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-obs-build-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-source-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-preempt-devel-5.3.18-150300.59.130.1
* SUSE Manager Proxy 4.2 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* kernel-default-5.3.18-150300.59.130.1
* SUSE Manager Proxy 4.2 (x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* SUSE Manager Proxy 4.2 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Manager Retail Branch Server 4.2 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* kernel-default-5.3.18-150300.59.130.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* SUSE Manager Retail Branch Server 4.2 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.130.1
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* SUSE Manager Server 4.2 (x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.130.1
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.130.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-64kb-devel-5.3.18-150300.59.130.1
* kernel-64kb-debuginfo-5.3.18-150300.59.130.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.130.1
* kernel-default-5.3.18-150300.59.130.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-preempt-debugsource-5.3.18-150300.59.130.1
* kernel-obs-build-debugsource-5.3.18-150300.59.130.1
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-5.3.18-150300.59.130.1
* kernel-syms-5.3.18-150300.59.130.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.130.1
* kernel-obs-build-5.3.18-150300.59.130.1
* kernel-preempt-devel-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-preempt-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* kernel-default-devel-5.3.18-150300.59.130.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.130.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.130.1
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-macros-5.3.18-150300.59.130.1
* kernel-source-5.3.18-150300.59.130.1
* kernel-devel-5.3.18-150300.59.130.1
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.130.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.130.1.150300.18.76.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.130.1
* kernel-default-debugsource-5.3.18-150300.59.130.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://bugzilla.suse.com/show_bug.cgi?id=1199304
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207270
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212741
* https://bugzilla.suse.com/show_bug.cgi?id=1212835
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213354
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213868
* https://jira.suse.com/browse/PED-4567
1
0
SUSE-SU-2023:3392-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3392-1
Rating: important
References:
* #1206418
* #1207088
* #1210584
* #1211738
* #1211867
* #1212301
* #1212741
* #1212835
* #1213059
* #1213167
* #1213286
* #1213287
* #1213546
* #1213585
* #1213586
* #1213588
* #1213970
* #1214019
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-20593
* CVE-2023-2985
* CVE-2023-34319
* CVE-2023-35001
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-4133
* CVE-2023-4194
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Linux Enterprise High Availability Extension 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Live Patching 15-SP1
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Manager Proxy 4.0
* SUSE Manager Retail Branch Server 4.0
* SUSE Manager Server 4.0
An update that solves 13 vulnerabilities and has five fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
* CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in
xen/netback (XSA-432) (bsc#1213546).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-4133: Fixed use after free bugs caused by circular dependency
problem in cxgb4 (bsc#1213970).
* CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019).
The following non-security bugs were fixed:
* arm: spear: do not use timer namespace for timer_shutdown() function
(bsc#1213970).
* clocksource/drivers/arm_arch_timer: do not use timer namespace for
timer_shutdown() function (bsc#1213970).
* clocksource/drivers/sp804: do not use timer namespace for timer_shutdown()
function (bsc#1213970).
* cpufeatures: allow adding more cpuid words
* get module prefix from kmod (bsc#1212835).
* kernel-binary.spec.in: remove superfluous %% in supplements fixes:
02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
to in-tree kmps")
* kernel-docs: add buildrequires on python3-base when using python3 the
python3 binary is provided by python3-base.
* kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
* keys: change keyring_serialise_link_sem to a mutex (bsc#1207088).
* keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
* keys: hoist locking out of __key_link_begin() (bsc#1207088).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net: mana: add support for vlan tagging (bsc#1212301).
* readme.branch: add myself as co-maintainer
* remove more packaging cruft for sle < 12 sp3
* rpm/check-for-config-changes: ignore also pahole_has_* we now also have
options like config_pahole_has_lang_exclude.
* rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
they depend on config_toolchain_has__.
* timers: add shutdown mechanism to the internal functions (bsc#1213970).
* timers: provide timer_shutdown_sync (bsc#1213970).
* timers: rename del_timer() to timer_delete() (bsc#1213970).
* timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
* timers: replace bug_on()s (bsc#1213970).
* timers: silently ignore timers with a null function (bsc#1213970).
* timers: split [try_to_]del_timer_sync to prepare for shutdown mode
(bsc#1213970).
* timers: update kernel-doc for various functions (bsc#1213970).
* timers: use del_timer_sync() even on up (bsc#1213970).
* ubi: ensure that vid header offset + vid header size <= alloc, size
(bsc#1210584).
* ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* usrmerge: Adjust module path in the kernel sources (bsc#1212835).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3392=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3392=1
* SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-3392=1
* SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-3392=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3392=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3392=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3392=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (nosrc)
* kernel-kvmsmall-4.12.14-150100.197.154.1
* kernel-default-4.12.14-150100.197.154.1
* kernel-debug-4.12.14-150100.197.154.1
* kernel-zfcpdump-4.12.14-150100.197.154.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-base-debuginfo-4.12.14-150100.197.154.1
* kernel-debug-base-4.12.14-150100.197.154.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-vanilla-devel-4.12.14-150100.197.154.1
* kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1
* kernel-vanilla-debugsource-4.12.14-150100.197.154.1
* kernel-default-base-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-base-4.12.14-150100.197.154.1
* openSUSE Leap 15.4 (x86_64)
* kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.154.1
* kernel-kvmsmall-base-4.12.14-150100.197.154.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-vanilla-4.12.14-150100.197.154.1
* openSUSE Leap 15.4 (s390x)
* kernel-default-man-4.12.14-150100.197.154.1
* kernel-zfcpdump-man-4.12.14-150100.197.154.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-vanilla-4.12.14-150100.197.154.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-vanilla-devel-4.12.14-150100.197.154.1
* kernel-vanilla-base-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-livepatch-devel-4.12.14-150100.197.154.1
* kernel-vanilla-debugsource-4.12.14-150100.197.154.1
* kernel-vanilla-devel-debuginfo-4.12.14-150100.197.154.1
* kernel-vanilla-base-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
* kernel-default-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
* kernel-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debugsource-4.12.14-150100.197.154.1
* kernel-default-livepatch-4.12.14-150100.197.154.1
* kernel-default-livepatch-devel-4.12.14-150100.197.154.1
* kernel-livepatch-4_12_14-150100_197_154-default-1-150100.3.3.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debugsource-4.12.14-150100.197.154.1
* ocfs2-kmp-default-debuginfo-4.12.14-150100.197.154.1
* dlm-kmp-default-debuginfo-4.12.14-150100.197.154.1
* gfs2-kmp-default-4.12.14-150100.197.154.1
* cluster-md-kmp-default-4.12.14-150100.197.154.1
* ocfs2-kmp-default-4.12.14-150100.197.154.1
* cluster-md-kmp-default-debuginfo-4.12.14-150100.197.154.1
* dlm-kmp-default-4.12.14-150100.197.154.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
* kernel-default-4.12.14-150100.197.154.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
nosrc x86_64)
* kernel-default-4.12.14-150100.197.154.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* kernel-obs-build-debugsource-4.12.14-150100.197.154.1
* kernel-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debugsource-4.12.14-150100.197.154.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
* kernel-default-devel-4.12.14-150100.197.154.1
* kernel-default-base-debuginfo-4.12.14-150100.197.154.1
* kernel-syms-4.12.14-150100.197.154.1
* kernel-default-base-4.12.14-150100.197.154.1
* kernel-obs-build-4.12.14-150100.197.154.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* kernel-source-4.12.14-150100.197.154.1
* kernel-macros-4.12.14-150100.197.154.1
* kernel-devel-4.12.14-150100.197.154.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch
nosrc)
* kernel-docs-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* kernel-obs-build-debugsource-4.12.14-150100.197.154.1
* reiserfs-kmp-default-4.12.14-150100.197.154.1
* kernel-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debugsource-4.12.14-150100.197.154.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
* kernel-default-devel-4.12.14-150100.197.154.1
* kernel-default-base-debuginfo-4.12.14-150100.197.154.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1
* kernel-syms-4.12.14-150100.197.154.1
* kernel-default-base-4.12.14-150100.197.154.1
* kernel-obs-build-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* kernel-source-4.12.14-150100.197.154.1
* kernel-macros-4.12.14-150100.197.154.1
* kernel-devel-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
* kernel-default-man-4.12.14-150100.197.154.1
* kernel-zfcpdump-debugsource-4.12.14-150100.197.154.1
* kernel-zfcpdump-debuginfo-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
* kernel-zfcpdump-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le
x86_64)
* kernel-default-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* kernel-obs-build-debugsource-4.12.14-150100.197.154.1
* reiserfs-kmp-default-4.12.14-150100.197.154.1
* kernel-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debugsource-4.12.14-150100.197.154.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
* kernel-default-devel-4.12.14-150100.197.154.1
* kernel-default-base-debuginfo-4.12.14-150100.197.154.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1
* kernel-syms-4.12.14-150100.197.154.1
* kernel-default-base-4.12.14-150100.197.154.1
* kernel-obs-build-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* kernel-source-4.12.14-150100.197.154.1
* kernel-macros-4.12.14-150100.197.154.1
* kernel-devel-4.12.14-150100.197.154.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.154.1
* SUSE CaaS Platform 4.0 (nosrc x86_64)
* kernel-default-4.12.14-150100.197.154.1
* SUSE CaaS Platform 4.0 (x86_64)
* kernel-obs-build-debugsource-4.12.14-150100.197.154.1
* reiserfs-kmp-default-4.12.14-150100.197.154.1
* kernel-default-debuginfo-4.12.14-150100.197.154.1
* kernel-default-debugsource-4.12.14-150100.197.154.1
* kernel-default-devel-debuginfo-4.12.14-150100.197.154.1
* kernel-default-devel-4.12.14-150100.197.154.1
* kernel-default-base-debuginfo-4.12.14-150100.197.154.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.154.1
* kernel-syms-4.12.14-150100.197.154.1
* kernel-default-base-4.12.14-150100.197.154.1
* kernel-obs-build-4.12.14-150100.197.154.1
* SUSE CaaS Platform 4.0 (noarch)
* kernel-source-4.12.14-150100.197.154.1
* kernel-macros-4.12.14-150100.197.154.1
* kernel-devel-4.12.14-150100.197.154.1
* SUSE CaaS Platform 4.0 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.154.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-34319.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-4133.html
* https://www.suse.com/security/cve/CVE-2023-4194.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207088
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212741
* https://bugzilla.suse.com/show_bug.cgi?id=1212835
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213546
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213970
* https://bugzilla.suse.com/show_bug.cgi?id=1214019
1
0
SUSE-SU-2023:3384-1: moderate: Security update for postgresql15
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for postgresql15
Announcement ID: SUSE-SU-2023:3384-1
Rating: moderate
References:
* #1214059
Cross-References:
* CVE-2023-39417
CVSS scores:
* CVE-2023-39417 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-39417 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
An update that solves one vulnerability can now be installed.
## Description:
This update for postgresql15 fixes the following issues:
* Update to 12.16
* CVE-2023-39417: Fixed potential SQL injection for trusted extensions.
(bsc#1214059)
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3384=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3384=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* postgresql12-pltcl-debuginfo-12.16-150200.8.47.1
* postgresql12-plperl-debuginfo-12.16-150200.8.47.1
* postgresql12-devel-12.16-150200.8.47.1
* postgresql12-llvmjit-devel-12.16-150200.8.47.1
* postgresql12-plperl-12.16-150200.8.47.1
* postgresql12-llvmjit-debuginfo-12.16-150200.8.47.1
* postgresql12-plpython-12.16-150200.8.47.1
* postgresql12-llvmjit-12.16-150200.8.47.1
* postgresql12-12.16-150200.8.47.1
* postgresql12-devel-debuginfo-12.16-150200.8.47.1
* postgresql12-pltcl-12.16-150200.8.47.1
* postgresql12-contrib-debuginfo-12.16-150200.8.47.1
* postgresql12-server-devel-12.16-150200.8.47.1
* postgresql12-test-12.16-150200.8.47.1
* postgresql12-contrib-12.16-150200.8.47.1
* postgresql12-plpython-debuginfo-12.16-150200.8.47.1
* postgresql12-debuginfo-12.16-150200.8.47.1
* postgresql12-server-devel-debuginfo-12.16-150200.8.47.1
* postgresql12-server-12.16-150200.8.47.1
* postgresql12-debugsource-12.16-150200.8.47.1
* postgresql12-server-debuginfo-12.16-150200.8.47.1
* openSUSE Leap 15.4 (noarch)
* postgresql12-docs-12.16-150200.8.47.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* postgresql12-pltcl-debuginfo-12.16-150200.8.47.1
* postgresql12-plperl-debuginfo-12.16-150200.8.47.1
* postgresql12-devel-12.16-150200.8.47.1
* postgresql12-llvmjit-devel-12.16-150200.8.47.1
* postgresql12-plperl-12.16-150200.8.47.1
* postgresql12-llvmjit-debuginfo-12.16-150200.8.47.1
* postgresql12-plpython-12.16-150200.8.47.1
* postgresql12-llvmjit-12.16-150200.8.47.1
* postgresql12-12.16-150200.8.47.1
* postgresql12-devel-debuginfo-12.16-150200.8.47.1
* postgresql12-pltcl-12.16-150200.8.47.1
* postgresql12-contrib-debuginfo-12.16-150200.8.47.1
* postgresql12-server-devel-12.16-150200.8.47.1
* postgresql12-test-12.16-150200.8.47.1
* postgresql12-contrib-12.16-150200.8.47.1
* postgresql12-plpython-debuginfo-12.16-150200.8.47.1
* postgresql12-debuginfo-12.16-150200.8.47.1
* postgresql12-server-devel-debuginfo-12.16-150200.8.47.1
* postgresql12-server-12.16-150200.8.47.1
* postgresql12-debugsource-12.16-150200.8.47.1
* postgresql12-server-debuginfo-12.16-150200.8.47.1
* openSUSE Leap 15.5 (noarch)
* postgresql12-docs-12.16-150200.8.47.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39417.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214059
1
0
23 Aug '23
# Security update for janino
Announcement ID: SUSE-SU-2023:3385-1
Rating: low
References:
* #1211923
Cross-References:
* CVE-2023-33546
CVSS scores:
* CVE-2023-33546 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-33546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
An update that solves one vulnerability can now be installed.
## Description:
This update for janino fixes the following issues:
janino was upgraded to version 3.1.10:
* CVE-2023-33546: Fixed DoS due to missing error handling (bsc#1211923).
## Patch Instructions:
To install this SUSE Low update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3385=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3385=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* commons-compiler-3.1.10-150200.3.7.1
* janino-3.1.10-150200.3.7.1
* janino-javadoc-3.1.10-150200.3.7.1
* openSUSE Leap 15.5 (noarch)
* janino-javadoc-3.1.10-150200.3.7.1
* commons-compiler-3.1.10-150200.3.7.1
* janino-3.1.10-150200.3.7.1
* commons-compiler-jdk-3.1.10-150200.3.7.1
## References:
* https://www.suse.com/security/cve/CVE-2023-33546.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211923
1
0
SUSE-SU-2023:3383-1: important: Security update for ucode-intel
by security@lists.opensuse.org 23 Aug '23
by security@lists.opensuse.org 23 Aug '23
23 Aug '23
# Security update for ucode-intel
Announcement ID: SUSE-SU-2023:3383-1
Rating: important
References:
* #1206418
* #1214099
Cross-References:
* CVE-2022-40982
* CVE-2022-41804
* CVE-2023-23908
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2022-41804 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H
* CVE-2023-23908 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves three vulnerabilities can now be installed.
## Description:
This update for ucode-intel fixes the following issues:
* Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
* CVE-2022-40982: Fixed a potential security vulnerability in some Intel®
Processors which may allow information disclosure.
* CVE-2023-23908: Fixed a potential security vulnerability in some 3rd
Generation Intel® Xeon® Scalable processors which may allow information
disclosure.
* CVE-2022-41804: Fixed a potential security vulnerability in some Intel®
Xeon® Processors with Intel® Software Guard Extensions (SGX) which may allow
escalation of privilege.
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3383=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3383=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3383=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3383=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3383=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3383=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3383=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3383=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3383=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3383=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3383=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3383=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3383=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3383=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3383=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3383=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3383=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3383=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3383=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3383=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3383=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3383=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3383=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3383=1
## Package List:
* openSUSE Leap Micro 5.3 (x86_64)
* ucode-intel-20230808-150200.27.1
* openSUSE Leap Micro 5.4 (x86_64)
* ucode-intel-20230808-150200.27.1
* openSUSE Leap 15.4 (x86_64)
* ucode-intel-20230808-150200.27.1
* openSUSE Leap 15.5 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* ucode-intel-20230808-150200.27.1
* Basesystem Module 15-SP4 (x86_64)
* ucode-intel-20230808-150200.27.1
* Basesystem Module 15-SP5 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Manager Proxy 4.2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Manager Server 4.2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Enterprise Storage 7.1 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* ucode-intel-20230808-150200.27.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* ucode-intel-20230808-150200.27.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2022-41804.html
* https://www.suse.com/security/cve/CVE-2023-23908.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1214099
1
0
SUSE-SU-2023:3377-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 22 Aug '23
by security@lists.opensuse.org 22 Aug '23
22 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3377-1
Rating: important
References:
* #1206418
* #1207129
* #1210627
* #1210780
* #1211131
* #1211738
* #1212502
* #1212604
* #1212901
* #1213167
* #1213272
* #1213287
* #1213304
* #1213588
* #1213620
* #1213653
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-31083
* CVE-2023-3268
* CVE-2023-3567
* CVE-2023-3776
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 11 vulnerabilities and has 19 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* afs: adjust ack interpretation to try and cope with nat (git-fixes).
* afs: fix access after dec in put functions (git-fixes).
* afs: fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: fix dynamic root getattr (git-fixes).
* afs: fix fileserver probe rtt handling (git-fixes).
* afs: fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: fix lost servers_outstanding count (git-fixes).
* afs: fix server->active leak in afs_put_server (git-fixes).
* afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: fix updating of i_size with dv jump from server (git-fixes).
* afs: fix vlserver probe rtt handling (git-fixes).
* afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
* afs: use refcount_t rather than atomic_t (git-fixes).
* afs: use the operation issue time instead of the reply time for callbacks
(git-fixes).
* alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
* alsa: hda/realtek: support asus g713pv laptop (git-fixes).
* alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
* alsa: usb-audio: add quirk for microsoft modern wireless headset
(bsc#1207129).
* alsa: usb-audio: update for native dsd support quirks (git-fixes).
* asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
* asoc: codecs: es8316: fix dmic config (git-fixes).
* asoc: da7219: check for failure reading aad irq events (git-fixes).
* asoc: da7219: flush pending aad irq when suspending (git-fixes).
* asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
* asoc: fsl_spdif: silence output on stop (git-fixes).
* asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: fix division by zero error on zero wsum (bsc#1213653).
* block: fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* can: gs_usb: gs_can_close(): add missing set of can state to
can_state_stopped (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* coda: avoid partial allocation of sig_inputargs (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* drm/amd/display: disable mpc split by default on special asic (git-fixes).
* drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
* drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-
fixes).
* drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
* drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
* file: always lock position for fmode_atomic_pos (bsc#1213759).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -eagain or error returns (git-fixes).
* fs: dlm: return positive pid value for f_getlk (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
* fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
* fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
* gve: set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled
(git-fixes).
* iavf: fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: fix use-after-free in free_netdev (git-fixes).
* iavf: use internal state to free traffic irqs (git-fixes).
* igc: check if hardware tx timestamping is enabled earlier (git-fixes).
* igc: enable and fix rx hash usage by netstack (git-fixes).
* igc: fix inserting of empty frame for launchtime (git-fixes).
* igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
* igc: fix launchtime before start of cycle (git-fixes).
* igc: fix race condition in ptp tx code (git-fixes).
* igc: handle pps start time programming for past time values (git-fixes).
* igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
* igc: remove delay during tx ring configuration (git-fixes).
* igc: set tp bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* igc: work around hw bug causing missing timestamps (git-fixes).
* input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
* input: iqs269a - do not poll during ati (git-fixes).
* input: iqs269a - do not poll during suspend or resume (git-fixes).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
* kernel-binary.spec.in: remove superfluous %% in supplements fixes:
02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
to in-tree kmps")
* kvm: arm64: do not read a hw interrupt pending state in user context (git-
fixes)
* kvm: arm64: warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* kvm: do not null dereference ops->destroy (git-fixes)
* kvm: downgrade two bug_ons to warn_on_once (git-fixes)
* kvm: initialize debugfs_dentry when a vm is created to avoid null (git-
fixes)
* kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
* kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-
fixes).
* kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-
fixes).
* kvm: vmx: restore vmx_vmexit alignment (git-fixes).
* kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* media: staging: atomisp: select v4l2_fwnode (git-fixes).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: batch ringing rx queue doorbell on receiving packets
(bsc#1212901).
* net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: fix sparse warning (git-fixes).
* nfsd: remove open coding of string copy (git-fixes).
* nfsv4.1: always send a reclaim_complete after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-
fixes).
* nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: add additional check for mcam rules (git-fixes).
* phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* pinctrl: amd: do not show `invalid config param` errors (git-fixes).
* pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-
fixes).
* rdma/bnxt_re: fix hang during driver unload (git-fixes)
* rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
* rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
* rdma/irdma: add missing read barriers (git-fixes)
* rdma/irdma: fix data race on cqp completion stats (git-fixes)
* rdma/irdma: fix data race on cqp request done (git-fixes)
* rdma/irdma: fix op_type reporting in cqes (git-fixes)
* rdma/irdma: report correct wc error (git-fixes)
* rdma/mlx4: make check for invalid flags stricter (git-fixes)
* rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
* regmap: account for register length in smbus i/o limits (git-fixes).
* regmap: drop initial version of maximum transfer length fixes (git-fixes).
* revert "debugfs, coccinelle: check for obsolete define_simple_attribute()
usage" (git-fixes).
* revert "nfsv4: retry lock on old_stateid during delegation return" (git-
fixes).
* revert "usb: dwc3: core: enable autoretry feature in the controller" (git-
fixes).
* revert "usb: gadget: tegra-xudc: fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* revert "usb: xhci: tegra: fix error check" (git-fixes).
* rpm: update dependency to match current kmod.
* rxrpc, afs: fix selection of abort codes (git-fixes).
* s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under kasan (git-fixes
bsc#1213715).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* scftorture: count reschedule ipis (git-fixes).
* scsi: lpfc: abort outstanding els cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths
(bsc#1213756).
* scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: make fabric zone discovery more robust when handling unsolicited
logo (bsc#1213756).
* scsi: lpfc: pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
* scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: set establish image pair service parameter only for target
functions (bsc#1213756).
* scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
* scsi: qla2xxx: array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: correct the index of array (bsc#1213747).
* scsi: qla2xxx: drop useless list_head (bsc#1213747).
* scsi: qla2xxx: fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
* scsi: qla2xxx: fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: fix end of loop test (bsc#1213747).
* scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
* scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
* scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: fix tmf leak through (bsc#1213747).
* scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
* scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: replace one-element array with declare_flex_array() helper
(bsc#1213747).
* scsi: qla2xxx: silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* sunrpc: always free ctxt when freeing deferred request (git-fixes).
* sunrpc: double free xprt_ctxt while still in use (git-fixes).
* sunrpc: fix trace_svc_register() call site (git-fixes).
* sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
* sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
* sunrpc: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: prevent page release when nothing was received (git-fixes).
* tpm_tis: explicitly check for error code (git-fixes).
* tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
* ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: fix build errors as symbol undefined (git-fixes).
* ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: fix memory leak in do_rename (git-fixes).
* ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: fix to add refcount once page is set private (git-fixes).
* ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: free memory for tmpfile name (git-fixes).
* ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: rename whiteout atomically (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
* ubifs: reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-
fixes).
* update patches.suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps.
(git-fixes bsc#1212604). added bug reference.
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost: support packed when setting-getting vring_base (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* virtio-net: maintain reverse cleanup order (git-fixes).
* virtio_net: fix error unwinding of xdp initialization (git-fixes).
* x86/pvh: obtain vga console info in dom0 (git-fixes).
* xen/blkfront: only check req_fua for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3377=1 openSUSE-SLE-15.4-2023-3377=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3377=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* gfs2-kmp-azure-5.14.21-150400.14.63.1
* kernel-syms-azure-5.14.21-150400.14.63.1
* kselftests-kmp-azure-5.14.21-150400.14.63.1
* reiserfs-kmp-azure-5.14.21-150400.14.63.1
* kernel-azure-optional-5.14.21-150400.14.63.1
* kernel-azure-debuginfo-5.14.21-150400.14.63.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.63.1
* cluster-md-kmp-azure-5.14.21-150400.14.63.1
* dlm-kmp-azure-5.14.21-150400.14.63.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.63.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.63.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.63.1
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-extra-5.14.21-150400.14.63.1
* ocfs2-kmp-azure-5.14.21-150400.14.63.1
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.63.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-devel-5.14.21-150400.14.63.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-debugsource-5.14.21-150400.14.63.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.63.1
* openSUSE Leap 15.4 (noarch)
* kernel-source-azure-5.14.21-150400.14.63.1
* kernel-devel-azure-5.14.21-150400.14.63.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.63.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-azure-devel-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-debuginfo-5.14.21-150400.14.63.1
* kernel-azure-devel-5.14.21-150400.14.63.1
* kernel-syms-azure-5.14.21-150400.14.63.1
* kernel-azure-debugsource-5.14.21-150400.14.63.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-source-azure-5.14.21-150400.14.63.1
* kernel-devel-azure-5.14.21-150400.14.63.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
1
0