openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
September 2023
- 2 participants
- 127 discussions
20 Sep '23
# Security update for cups
Announcement ID: SUSE-SU-2023:3707-1
Rating: important
References:
* #1214254
* #1215204
Cross-References:
* CVE-2023-32360
* CVE-2023-4504
CVSS scores:
* CVE-2023-32360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-32360 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-4504 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP5
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves two vulnerabilities can now be installed.
## Description:
This update for cups fixes the following issues:
* CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing
(bsc#1215204).
* CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation
(bsc#1214254).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3707=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3707=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3707=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3707=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3707=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3707=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3707=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3707=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3707=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3707=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3707=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3707=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3707=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3707=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3707=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3707=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3707=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3707=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3707=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3707=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3707=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3707=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3707=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3707=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3707=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3707=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3707=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* openSUSE Leap 15.4 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-32bit-2.2.7-150000.3.51.2
* libcupsppdc1-32bit-2.2.7-150000.3.51.2
* libcupscgi1-32bit-debuginfo-2.2.7-150000.3.51.2
* cups-devel-32bit-2.2.7-150000.3.51.2
* libcupsimage2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-32bit-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* libcupsmime1-32bit-2.2.7-150000.3.51.2
* libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-32bit-debuginfo-2.2.7-150000.3.51.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* openSUSE Leap 15.5 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-32bit-2.2.7-150000.3.51.2
* libcupsppdc1-32bit-2.2.7-150000.3.51.2
* libcupscgi1-32bit-debuginfo-2.2.7-150000.3.51.2
* cups-devel-32bit-2.2.7-150000.3.51.2
* libcupsimage2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-32bit-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* libcupsmime1-32bit-2.2.7-150000.3.51.2
* libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-32bit-debuginfo-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcups2-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libcups2-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libcups2-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libcups2-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* Basesystem Module 15-SP4 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* Desktop Applications Module 15-SP5 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* cups-debugsource-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Manager Proxy 4.2 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* SUSE Manager Server 4.2 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* cups-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* SUSE Enterprise Storage 7.1 (x86_64)
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* SUSE CaaS Platform 4.0 (x86_64)
* libcupsmime1-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* libcupscgi1-debuginfo-2.2.7-150000.3.51.2
* cups-ddk-debuginfo-2.2.7-150000.3.51.2
* cups-client-2.2.7-150000.3.51.2
* libcupsimage2-2.2.7-150000.3.51.2
* cups-client-debuginfo-2.2.7-150000.3.51.2
* libcupsppdc1-debuginfo-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcupsmime1-2.2.7-150000.3.51.2
* libcupsimage2-debuginfo-2.2.7-150000.3.51.2
* libcupscgi1-2.2.7-150000.3.51.2
* libcups2-32bit-debuginfo-2.2.7-150000.3.51.2
* cups-2.2.7-150000.3.51.2
* libcups2-2.2.7-150000.3.51.2
* libcups2-32bit-2.2.7-150000.3.51.2
* libcupsppdc1-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* cups-ddk-2.2.7-150000.3.51.2
* cups-devel-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libcups2-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libcups2-2.2.7-150000.3.51.2
* cups-debuginfo-2.2.7-150000.3.51.2
* libcups2-debuginfo-2.2.7-150000.3.51.2
* cups-debugsource-2.2.7-150000.3.51.2
* cups-config-2.2.7-150000.3.51.2
## References:
* https://www.suse.com/security/cve/CVE-2023-32360.html
* https://www.suse.com/security/cve/CVE-2023-4504.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214254
* https://bugzilla.suse.com/show_bug.cgi?id=1215204
1
0
SUSE-SU-2023:3708-1: important: Security update for python39
by security@lists.opensuse.org 20 Sep '23
by security@lists.opensuse.org 20 Sep '23
20 Sep '23
# Security update for python39
Announcement ID: SUSE-SU-2023:3708-1
Rating: important
References:
* #1211765
* #1213463
* #1214692
Cross-References:
* CVE-2023-40217
CVSS scores:
* CVE-2023-40217 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-40217 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves one vulnerability and has two security fixes can now be
installed.
## Description:
This update for python39 fixes the following issues:
* Update to 3.9.18:
* CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
The following non-security bugs were fixed:
* making marshalling of `set` and `frozenset` deterministic (bsc#1211765).
* stabilizing FLAG_REF usage (required for reproduceability (bsc#1213463).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3708=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3708=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3708=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3708=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3708=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3708=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3708=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3708=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3708=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3708=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* python39-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-doc-devhelp-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-testsuite-debuginfo-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-doc-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* python39-testsuite-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-tk-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* openSUSE Leap 15.4 (x86_64)
* python39-base-32bit-3.9.18-150300.4.33.1
* libpython3_9-1_0-32bit-3.9.18-150300.4.33.1
* python39-base-32bit-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-32bit-debuginfo-3.9.18-150300.4.33.1
* python39-32bit-debuginfo-3.9.18-150300.4.33.1
* python39-32bit-3.9.18-150300.4.33.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python39-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-doc-devhelp-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-testsuite-debuginfo-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-doc-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* python39-testsuite-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-tk-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* openSUSE Leap 15.5 (x86_64)
* python39-base-32bit-3.9.18-150300.4.33.1
* libpython3_9-1_0-32bit-3.9.18-150300.4.33.1
* python39-base-32bit-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-32bit-debuginfo-3.9.18-150300.4.33.1
* python39-32bit-debuginfo-3.9.18-150300.4.33.1
* python39-32bit-3.9.18-150300.4.33.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Manager Proxy 4.2 (x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* python39-tk-3.9.18-150300.4.33.1
* libpython3_9-1_0-3.9.18-150300.4.33.1
* python39-curses-3.9.18-150300.4.33.1
* python39-devel-3.9.18-150300.4.33.1
* python39-core-debugsource-3.9.18-150300.4.33.1
* python39-tools-3.9.18-150300.4.33.1
* python39-debuginfo-3.9.18-150300.4.33.1
* python39-3.9.18-150300.4.33.1
* python39-curses-debuginfo-3.9.18-150300.4.33.1
* python39-idle-3.9.18-150300.4.33.1
* python39-debugsource-3.9.18-150300.4.33.1
* python39-tk-debuginfo-3.9.18-150300.4.33.1
* python39-base-debuginfo-3.9.18-150300.4.33.1
* python39-base-3.9.18-150300.4.33.1
* python39-dbm-debuginfo-3.9.18-150300.4.33.1
* libpython3_9-1_0-debuginfo-3.9.18-150300.4.33.1
* python39-dbm-3.9.18-150300.4.33.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40217.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211765
* https://bugzilla.suse.com/show_bug.cgi?id=1213463
* https://bugzilla.suse.com/show_bug.cgi?id=1214692
1
0
SUSE-SU-2023:3698-1: important: Security update for libxml2
by security@lists.opensuse.org 20 Sep '23
by security@lists.opensuse.org 20 Sep '23
20 Sep '23
# Security update for libxml2
Announcement ID: SUSE-SU-2023:3698-1
Rating: important
References:
* #1214768
Cross-References:
* CVE-2023-39615
CVSS scores:
* CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves one vulnerability can now be installed.
## Description:
This update for libxml2 fixes the following issues:
* CVE-2023-39615: Fixed crafted xml can cause global buffer overflow
(bsc#1214768).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3698=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3698=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3698=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3698=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3698=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3698=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3698=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3698=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3698=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3698=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3698=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3698=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3698=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3698=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3698=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3698=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3698=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3698=1
* SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-3698=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3698=1
## Package List:
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Manager Proxy 4.2 (x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Manager Server 4.2 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Enterprise Storage 7.1 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE Enterprise Storage 7 (aarch64 x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Enterprise Storage 7 (x86_64)
* libxml2-2-32bit-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* SUSE CaaS Platform 4.0 (x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* python3-libxml2-python-2.9.7-150000.3.60.1
* libxml2-2-32bit-2.9.7-150000.3.60.1
* python-libxml2-python-debugsource-2.9.7-150000.3.60.1
* python2-libxml2-python-2.9.7-150000.3.60.1
* libxml2-2-32bit-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-devel-2.9.7-150000.3.60.1
* python2-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* python3-libxml2-python-debuginfo-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libxml2-debugsource-2.9.7-150000.3.60.1
* libxml2-tools-debuginfo-2.9.7-150000.3.60.1
* libxml2-tools-2.9.7-150000.3.60.1
* libxml2-2-2.9.7-150000.3.60.1
* libxml2-2-debuginfo-2.9.7-150000.3.60.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39615.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214768
1
0
SUSE-SU-2023:3699-1: important: Security update for libxml2
by security@lists.opensuse.org 20 Sep '23
by security@lists.opensuse.org 20 Sep '23
20 Sep '23
# Security update for libxml2
Announcement ID: SUSE-SU-2023:3699-1
Rating: important
References:
* #1214768
Cross-References:
* CVE-2023-39615
CVSS scores:
* CVE-2023-39615 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-39615 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* Python 3 Module 15-SP4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for libxml2 fixes the following issues:
* CVE-2023-39615: Fixed crafted xml can cause global buffer overflow
(bsc#1214768).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3699=1 openSUSE-SLE-15.4-2023-3699=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3699=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3699=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3699=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3699=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3699=1
* Python 3 Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-3699=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libxml2-tools-debuginfo-2.9.14-150400.5.22.1
* python311-libxml2-debuginfo-2.9.14-150400.5.22.1
* libxml2-debugsource-2.9.14-150400.5.22.1
* libxml2-2-2.9.14-150400.5.22.1
* libxml2-python-debugsource-2.9.14-150400.5.22.1
* python3-libxml2-debuginfo-2.9.14-150400.5.22.1
* python311-libxml2-2.9.14-150400.5.22.1
* libxml2-tools-2.9.14-150400.5.22.1
* libxml2-devel-2.9.14-150400.5.22.1
* python3-libxml2-2.9.14-150400.5.22.1
* libxml2-2-debuginfo-2.9.14-150400.5.22.1
* openSUSE Leap 15.4 (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.22.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.22.1
* libxml2-devel-32bit-2.9.14-150400.5.22.1
* openSUSE Leap 15.4 (noarch)
* libxml2-doc-2.9.14-150400.5.22.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libxml2-2-64bit-2.9.14-150400.5.22.1
* libxml2-devel-64bit-2.9.14-150400.5.22.1
* libxml2-2-64bit-debuginfo-2.9.14-150400.5.22.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libxml2-tools-debuginfo-2.9.14-150400.5.22.1
* libxml2-python-debugsource-2.9.14-150400.5.22.1
* libxml2-debugsource-2.9.14-150400.5.22.1
* libxml2-2-2.9.14-150400.5.22.1
* python3-libxml2-debuginfo-2.9.14-150400.5.22.1
* libxml2-tools-2.9.14-150400.5.22.1
* python3-libxml2-2.9.14-150400.5.22.1
* libxml2-2-debuginfo-2.9.14-150400.5.22.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libxml2-tools-debuginfo-2.9.14-150400.5.22.1
* libxml2-python-debugsource-2.9.14-150400.5.22.1
* libxml2-debugsource-2.9.14-150400.5.22.1
* libxml2-2-2.9.14-150400.5.22.1
* python3-libxml2-debuginfo-2.9.14-150400.5.22.1
* libxml2-tools-2.9.14-150400.5.22.1
* python3-libxml2-2.9.14-150400.5.22.1
* libxml2-2-debuginfo-2.9.14-150400.5.22.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libxml2-tools-debuginfo-2.9.14-150400.5.22.1
* libxml2-python-debugsource-2.9.14-150400.5.22.1
* libxml2-debugsource-2.9.14-150400.5.22.1
* libxml2-2-2.9.14-150400.5.22.1
* python3-libxml2-debuginfo-2.9.14-150400.5.22.1
* libxml2-tools-2.9.14-150400.5.22.1
* python3-libxml2-2.9.14-150400.5.22.1
* libxml2-2-debuginfo-2.9.14-150400.5.22.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libxml2-tools-debuginfo-2.9.14-150400.5.22.1
* libxml2-python-debugsource-2.9.14-150400.5.22.1
* libxml2-debugsource-2.9.14-150400.5.22.1
* libxml2-2-2.9.14-150400.5.22.1
* python3-libxml2-debuginfo-2.9.14-150400.5.22.1
* libxml2-tools-2.9.14-150400.5.22.1
* python3-libxml2-2.9.14-150400.5.22.1
* libxml2-2-debuginfo-2.9.14-150400.5.22.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libxml2-tools-debuginfo-2.9.14-150400.5.22.1
* libxml2-debugsource-2.9.14-150400.5.22.1
* libxml2-2-2.9.14-150400.5.22.1
* python3-libxml2-debuginfo-2.9.14-150400.5.22.1
* libxml2-tools-2.9.14-150400.5.22.1
* libxml2-devel-2.9.14-150400.5.22.1
* python3-libxml2-2.9.14-150400.5.22.1
* libxml2-2-debuginfo-2.9.14-150400.5.22.1
* Basesystem Module 15-SP4 (x86_64)
* libxml2-2-32bit-2.9.14-150400.5.22.1
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.22.1
* Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python311-libxml2-2.9.14-150400.5.22.1
* python311-libxml2-debuginfo-2.9.14-150400.5.22.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39615.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214768
1
0
SUSE-SU-2023:3700-1: important: Security update for go1.20
by security@lists.opensuse.org 20 Sep '23
by security@lists.opensuse.org 20 Sep '23
20 Sep '23
# Security update for go1.20
Announcement ID: SUSE-SU-2023:3700-1
Rating: important
References:
* #1206346
* #1215084
* #1215085
* #1215090
Cross-References:
* CVE-2023-39318
* CVE-2023-39319
CVSS scores:
* CVE-2023-39318 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-39318 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2023-39319 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-39319 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves two vulnerabilities and has two security fixes can now be
installed.
## Description:
This update for go1.20 fixes the following issues:
Update to go1.20.8 (bsc#1206346).
* CVE-2023-39318: Fixed improper handling of HTML-like comments within script
contexts in html/template (bsc#1215084).
* CVE-2023-39319: Fixed improper handling of special tags within script
contexts in html/template (bsc#1215085).
The following non-security bug was fixed:
* Add missing directory pprof html asset directory to package (bsc#1215090).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3700=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3700=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3700=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3700=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.20-debuginfo-1.20.8-150000.1.23.1
* go1.20-1.20.8-150000.1.23.1
* go1.20-race-1.20.8-150000.1.23.1
* go1.20-doc-1.20.8-150000.1.23.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.20-debuginfo-1.20.8-150000.1.23.1
* go1.20-1.20.8-150000.1.23.1
* go1.20-race-1.20.8-150000.1.23.1
* go1.20-doc-1.20.8-150000.1.23.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.20-1.20.8-150000.1.23.1
* go1.20-doc-1.20.8-150000.1.23.1
* Development Tools Module 15-SP4 (aarch64 x86_64)
* go1.20-race-1.20.8-150000.1.23.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.20-debuginfo-1.20.8-150000.1.23.1
* go1.20-1.20.8-150000.1.23.1
* go1.20-race-1.20.8-150000.1.23.1
* go1.20-doc-1.20.8-150000.1.23.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39318.html
* https://www.suse.com/security/cve/CVE-2023-39319.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206346
* https://bugzilla.suse.com/show_bug.cgi?id=1215084
* https://bugzilla.suse.com/show_bug.cgi?id=1215085
* https://bugzilla.suse.com/show_bug.cgi?id=1215090
1
0
SUSE-SU-2023:3701-1: important: Security update for go1.21
by security@lists.opensuse.org 20 Sep '23
by security@lists.opensuse.org 20 Sep '23
20 Sep '23
# Security update for go1.21
Announcement ID: SUSE-SU-2023:3701-1
Rating: important
References:
* #1212475
* #1215084
* #1215085
* #1215086
* #1215087
* #1215090
Cross-References:
* CVE-2023-39318
* CVE-2023-39319
* CVE-2023-39320
* CVE-2023-39321
* CVE-2023-39322
CVSS scores:
* CVE-2023-39318 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-39318 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2023-39319 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-39319 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2023-39320 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-39320 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39321 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39322 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39322 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves five vulnerabilities and has one security fix can now be
installed.
## Description:
This update for go1.21 fixes the following issues:
Update to go1.21.1 (bsc#1212475).
* CVE-2023-39318: Fixed improper handling of HTML-like comments within script
contexts in html/template (bsc#1215084).
* CVE-2023-39319: Fixed improper handling of special tags within script
contexts in html/template (bsc#1215085).
* CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive
(bsc#1215086).
* CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake
message on QUIC connections in crypto/tls (bsc#1215087).
The following non-security bug was fixed:
* Add missing directory pprof html asset directory to package (bsc#1215090).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3701=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3701=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3701=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3701=1
## Package List:
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.1-150000.1.6.1
* go1.21-race-1.21.1-150000.1.6.1
* go1.21-1.21.1-150000.1.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.1-150000.1.6.1
* go1.21-race-1.21.1-150000.1.6.1
* go1.21-1.21.1-150000.1.6.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.1-150000.1.6.1
* go1.21-race-1.21.1-150000.1.6.1
* go1.21-1.21.1-150000.1.6.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.1-150000.1.6.1
* go1.21-1.21.1-150000.1.6.1
* Development Tools Module 15-SP4 (aarch64 x86_64)
* go1.21-race-1.21.1-150000.1.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39318.html
* https://www.suse.com/security/cve/CVE-2023-39319.html
* https://www.suse.com/security/cve/CVE-2023-39320.html
* https://www.suse.com/security/cve/CVE-2023-39321.html
* https://www.suse.com/security/cve/CVE-2023-39322.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212475
* https://bugzilla.suse.com/show_bug.cgi?id=1215084
* https://bugzilla.suse.com/show_bug.cgi?id=1215085
* https://bugzilla.suse.com/show_bug.cgi?id=1215086
* https://bugzilla.suse.com/show_bug.cgi?id=1215087
* https://bugzilla.suse.com/show_bug.cgi?id=1215090
1
0
SUSE-SU-2023:3704-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 20 Sep '23
by security@lists.opensuse.org 20 Sep '23
20 Sep '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3704-1
Rating: important
References:
* #1023051
* #1120059
* #1177719
* #1188885
* #1193629
* #1194869
* #1203329
* #1203330
* #1205462
* #1206453
* #1208902
* #1208949
* #1209284
* #1209799
* #1210048
* #1210448
* #1211220
* #1212091
* #1212142
* #1212423
* #1212526
* #1212857
* #1212873
* #1213026
* #1213123
* #1213546
* #1213580
* #1213601
* #1213666
* #1213733
* #1213757
* #1213759
* #1213916
* #1213921
* #1213927
* #1213946
* #1213949
* #1213968
* #1213970
* #1213971
* #1214000
* #1214019
* #1214073
* #1214120
* #1214149
* #1214180
* #1214233
* #1214238
* #1214285
* #1214297
* #1214299
* #1214305
* #1214350
* #1214368
* #1214370
* #1214371
* #1214372
* #1214380
* #1214386
* #1214392
* #1214393
* #1214397
* #1214404
* #1214428
* #1214451
* #1214659
* #1214661
* #1214727
* #1214729
* #1214742
* #1214743
* #1214756
* #1214976
* PED-3924
* PED-4579
* PED-4759
* PED-4927
* PED-4929
* PED-5738
* PED-6003
* PED-6004
Cross-References:
* CVE-2022-38457
* CVE-2022-40133
* CVE-2023-2007
* CVE-2023-20588
* CVE-2023-34319
* CVE-2023-3610
* CVE-2023-37453
* CVE-2023-3772
* CVE-2023-3863
* CVE-2023-40283
* CVE-2023-4128
* CVE-2023-4133
* CVE-2023-4134
* CVE-2023-4147
* CVE-2023-4194
* CVE-2023-4273
* CVE-2023-4387
* CVE-2023-4459
* CVE-2023-4563
* CVE-2023-4569
CVSS scores:
* CVE-2022-38457 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-38457 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
* CVE-2022-40133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-40133 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
* CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves 20 vulnerabilities, contains eight features and has 53
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that
allowed a local attacker to cause a denial of service (bsc#1203330).
* CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that
allowed a local attacker to cause a denial of service (bsc#1203329).
* CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could
allow an attacker to escalate privileges and execute arbitrary code in the
context of the kernel (bsc#1210448).
* CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be
exploited to achieve local privilege escalation (bsc#1213580).
* CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a
malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL
pointer leading to a possible kernel crash and denial of service
(bsc#1213666).
* CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local
that allowed a local user with special privileges to impact a kernel
information leak issue (bsc#1213601).
* CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that
allowed a local attacker to perform a local privilege escalation due to
incorrect handling of the existing filter, leading to a kernel information
leak issue (bsc#1214149).
* CVE-2023-4133: Fixed use after free bugs caused by circular dependency
problem in cxgb4 (bsc#1213970).
* CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work()
(bsc#1213971).
* CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
* CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
* CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that
alloawed a local privileged attacker to overflow the kernel stack
(bsc#1214120).
* CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that
could allow a local attacker to crash the system due to a double-free
(bsc#1214350).
* CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup
that may have allowed a local attacker with normal user privilege to cause a
denial of service (bsc#1214451).
* CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race
between set GC and transaction (bsc#1214727).
* CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in
net/netfilter/nf_tables_api.c (bsc#1214729).
* CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that
can potentially return speculative data resulting in loss of confidentiality
(bsc#1213927).
* CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in
xen/netback (XSA-432) (bsc#1213546).
* CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
* CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
The following non-security bugs were fixed:
* ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
* ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-
fixes).
* ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes).
* ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-
fixes).
* ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
* ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
* ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
* ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-
fixes).
* ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-
fixes).
* ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
* ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
* ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
* ALSA: usb-audio: Add support for Mythware XA001AU capture and playback
interfaces (git-fixes).
* ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
* ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-
fixes).
* ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings
(git-fixes).
* ARM: dts: imx6sll: fixup of operating points (git-fixes).
* ARM: spear: Do not use timer namespace for timer_shutdown() function
(bsc#1213970).
* ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
* ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
* ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes).
* ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
* ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
* ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
* ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
* Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
* Bluetooth: L2CAP: Fix use-after-free (git-fixes).
* Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
* Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
* Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
* Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-
fixes).
* Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-
fixes).
* CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
* CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
* Created new preempt kernel flavor Configs are cloned from the respective
$arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are
a result of dependencies, namely many lock/unlock primitives are no longer
inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU
which is the default implementation for PREEMPT kernel.
* Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
* Documentation: devices.txt: Remove ttyIOC* (git-fixes).
* Documentation: devices.txt: Remove ttySIOC* (git-fixes).
* Drivers: hv: Do not remap addresses that are above shared_gpa_boundary
(bsc#1206453).
* Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
* Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
* Drivers: hv: Setup synic registers in case of nested root partition
(bsc#1206453).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
(bsc#1206453).
* Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages
(bsc#1206453).
* Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
* Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
* Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
* Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
* Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
* HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
* HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
(git-fixes).
* HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL
Keyboard (git-fixes).
* HID: multitouch: Correct devm device reference for hidinput input_dev name
(git-fixes).
* HID: wacom: remove the battery when the EKR is off (git-fixes).
* HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
* IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
* IB/uverbs: Fix an potential error pointer dereference (git-fixes)
* Input: exc3000 - properly stop timer on shutdown (git-fixes).
* KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
* Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
* Kbuild: move to -std=gnu11 (bsc#1214756).
* PCI/ASPM: Avoid link retraining race (git-fixes).
* PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
* PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
* PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
* PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
* PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root
bus (git-fixes).
* PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
* PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
* PCI: meson: Remove cast between incompatible function type (git-fixes).
* PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
* PCI: microchip: Remove cast between incompatible function type (git-fixes).
* PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
* PCI: rockchip: Remove writes to unused registers (git-fixes).
* PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
(git-fixes).
* PCI: tegra194: Fix possible array out of bounds access (git-fixes).
* PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
* RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
* RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
* RDMA/efa: Fix wrong resources deallocation order (git-fixes)
* RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
* RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
* RDMA/hns: Fix port active speed (git-fixes)
* RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
* RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
* RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
* RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
* RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
* RDMA/siw: Correct wrong debug message (git-fixes)
* RDMA/umem: Set iova in ODP flow (git-fixes)
* README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
* Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
* Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes).
* SMB3: Do not send lease break acknowledgment if all file handles have been
closed (git-fixes).
* Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-
initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
* amba: bus: fix refcount leak (git-fixes).
* arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux
(git-fixes).
* arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
* arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
* audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
* backlight/bd6107: Compare against struct fb_info.device (git-fixes).
* backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
* backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
* batman-adv: Do not get eth header before batadv_check_management_packet
(git-fixes).
* batman-adv: Do not increase MTU when set by user (git-fixes).
* batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
* batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
* batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
* batman-adv: Trigger events for auto adjusted MTU (git-fixes).
* bnx2x: fix page fault following EEH recovery (bsc#1214299).
* bpf: Disable preemption in bpf_event_output (git-fixes).
* bpftool: Print newline before '}' for struct with padding only fields
(bsc#1211220 jsc#PED-3924).
* bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
* bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
* bus: ti-sysc: Fix cast to enum warning (git-fixes).
* bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
* can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also
in case of OOM (git-fixes).
* ceph: defer stopping mdsc delayed_work (bsc#1214392).
* ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
* ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
* check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC
(bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
* cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
* cifs: allow dumping keys for directories too (bsc#1193629).
* cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
* cifs: if deferred close is disabled then close files immediately (git-
fixes).
* cifs: is_network_name_deleted should return a bool (bsc#1193629).
* cifs: update internal module version number for cifs.ko (bsc#1193629).
* clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
* clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
* clk: imx8mp: fix sai4 clock (git-fixes).
* clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
(git-fixes).
* clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-
fixes).
* clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
* clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
* clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: sunxi-ng: Modify mismatched function name (git-fixes).
* clocksource/drivers/arm_arch_timer: Do not use timer namespace for
timer_shutdown() function (bsc#1213970).
* clocksource/drivers/hyper-v: Rework clocksource and sched clock setup
(bsc#1206453).
* clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown()
function (bsc#1213970).
* clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
* clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
* clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
* clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
* clocksource: hyper-v: make sure Invariant-TSC is used if it is
(bsc#1206453).
* cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588).
* cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161
ltc#200588).
* cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpufreq: Fix the race condition while updating the transition_task of policy
(git-fixes).
* cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids
(bsc#1214659).
* cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949
jsc#PED-6003 jsc#PED-6004).
* cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled
E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
* cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526
bsc#1214368 jsc#PED-4927 jsc#PED-4929).
* cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526
bsc#1214368 jsc#PED-4927 jsc#PED-4929).
* cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
(bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
* crypto: caam - fix unchecked return value error (git-fixes).
* crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
* define more Hyper-V related constants (bsc#1206453).
* dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
* dma-buf/sync_file: Fix docs syntax (git-fixes).
* dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-
fixes).
* dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
* dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
* dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
* docs/process/howto: Replace C89 with C11 (bsc#1214756).
* docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
* docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
* docs: printk-formats: Fix hex printing of signed values (git-fixes).
* driver core: test_async: fix an error code (git-fixes).
* drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-
fixes).
* drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-
fixes).
* drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
* drm/amd/display: Disable phantom OTG after enable for plane disable (git-
fixes).
* drm/amd/display: Do not set drr on pipe commit (git-fixes).
* drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
* drm/amd/display: Ensure that planes are in the same order (git-fixes).
* drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV
register (git-fixes).
* drm/amd/display: Retain phantom plane/stream if validation fails (git-
fixes).
* drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
* drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
* drm/amd/display: check TG is non-null before checking if enabled (git-
fixes).
* drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-
fixes).
* drm/amd/display: disable RCO for DCN314 (git-fixes).
* drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
* drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
* drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
* drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
* drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
* drm/amd/display: save restore hdcp state when display is unplugged from mst
hub (git-fixes).
* drm/amd/display: trigger timing sync only if TG is running (git-fixes).
* drm/amd/pm/smu7: move variables to where they are used (git-fixes).
* drm/amd/pm: avoid unintentional shutdown due to temperature momentary
fluctuation (git-fixes).
* drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
* drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create()
(git-fixes).
* drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock
settings (git-fixes).
* drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings
(git-fixes).
* drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-
fixes).
* drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
* drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
* drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
* drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
* drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
* drm/amdgpu: Remove unnecessary domain argument (git-fixes).
* drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
* drm/amdgpu: add S/G display parameter (git-fixes).
* drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-
fixes).
* drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
(git-fixes).
* drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
* drm/amdgpu: fix memory leak in mes self test (git-fixes).
* drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
* drm/amdgpu: install stub fence into potential unused fence pointers (git-
fixes).
* drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
* drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
* drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-
fixes).
* drm/ast: Fix DRAM init on AST2200 (git-fixes).
* drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-
fixes).
* drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event()
(git-fixes).
* drm/bridge: anx7625: Use common macros for DP power sequencing commands
(git-fixes).
* drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
* drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
* drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
* drm/etnaviv: fix dumping of active MMU context (git-fixes).
* drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-
fixes).
* drm/i915/sdvo: fix panel_type initialization (git-fixes).
* drm/i915: Fix premature release of request's reusable memory (git-fixes).
* drm/mediatek: Fix dereference before null check (git-fixes).
* drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
* drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
* drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
* drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done
(git-fixes).
* drm/msm/mdp5: Do not leak some plane state (git-fixes).
* drm/msm: Update dev core dump to not print backwards (git-fixes).
* drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
(git-fixes).
* drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
(git-fixes).
* drm/nouveau/disp: fix use-after-free in error handling of
nouveau_connector_create (bsc#1214073).
* drm/nouveau/gr: enable memory loads on helper invocation on all channels
(git-fixes).
* drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
* drm/panel: simple: Add missing connector type and pixel format for AUO
T215HVN01 (git-fixes).
* drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs
(git-fixes).
* drm/qxl: fix UAF on handle creation (git-fixes).
* drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
* drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
* drm/rockchip: Do not spam logs in atomic check (git-fixes).
* drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-
fixes).
* drm/stm: ltdc: fix late dereference check (git-fixes).
* drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-
fixes).
* drm/ttm: check null pointer before accessing when swapping (git-fixes).
* drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
* drm/vmwgfx: Fix shader stage validation (git-fixes).
* drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
* drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
* drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
* dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
* dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
* dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
* e1000: Fix typos in comments (jsc#PED-5738).
* e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
* e1000: switch to napi_build_skb() (jsc#PED-5738).
* e1000: switch to napi_consume_skb() (jsc#PED-5738).
* exfat: fix unexpected EOF while reading dir (bsc#1214000).
* exfat: release s_lock before calling dir_emit() (bsc#1214000).
* exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
* fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
* fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
* fbdev: Improve performance of sys_imageblit() (git-fixes).
* fbdev: Update fbdev source file paths (git-fixes).
* fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
* fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
* file: reinstate f_pos locking optimization for regular files (bsc#1213759).
* firmware: arm_scmi: Drop OF node reference in the transport channel setup
(git-fixes).
* firmware: cs_dsp: Fix new control name check (git-fixes).
* firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-
fixes).
* firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
* fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
* fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-
fixes).
* fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
* fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
* fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
* ftrace: Fix possible warning on checking all pages used in
ftrace_process_locs() (git-fixes).
* gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
* gpio: mvebu: fix irq domain leak (git-fixes).
* gpio: tps68470: Make tps68470_gpio_output() always set the initial value
(git-fixes).
* hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
* hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-
fixes).
* hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
* hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
* hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
* hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
* i2c: Delete error messages for failed memory allocations (git-fixes).
* i2c: Improve size determinations (git-fixes).
* i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
* i2c: designware: Correct length byte validation logic (git-fixes).
* i2c: designware: Handle invalid SMBus block data response length value (git-
fixes).
* i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
* i2c: nomadik: Remove a useless call in the remove function (git-fixes).
* i2c: nomadik: Remove unnecessary goto label (git-fixes).
* i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
* i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
* iavf: fix potential races for FDIR filters (git-fixes).
* ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
* ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
* ice: Fix max_rate check while configuring TX rate limits (git-fixes).
* ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
* iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-
fixes).
* iio: adc: stx104: Implement and utilize register structures (git-fixes).
* iio: adc: stx104: Utilize iomap interface (git-fixes).
* iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
* intel/e1000:fix repeated words in comments (jsc#PED-5738).
* intel: remove unused macros (jsc#PED-5738).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/amd: Do not identity map v2 capable device when snp is enabled (git-
fixes).
* iommu/amd: Fix compile warning in init code (git-fixes).
* iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
(git-fixes).
* iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
* iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
* iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
* iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to
identity (git-fixes).
* iommu/arm-smmu-v3: check return value after calling platform_get_resource()
(git-fixes).
* iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
* iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-
fixes).
* iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
* iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
* iommu/dma: Fix iova map result check bug (git-fixes).
* iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
* iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
* iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-
fixes).
* iommu/iova: Fix module config properly (git-fixes).
* iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
* iommu/mediatek: Add platform_device_put for recovering the device refcnt
(git-fixes).
* iommu/mediatek: Check return value after calling platform_get_resource()
(git-fixes).
* iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
* iommu/mediatek: Use component_match_add (git-fixes).
* iommu/mediatek: Validate number of phandles associated with "mediatek,larbs"
(git-fixes).
* iommu/omap: Fix buffer overflow in debugfs (git-fixes).
* iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
* iommu/s390: Fix duplicate domain attachments (git-fixes).
* iommu/sun50i: Consider all fault sources for reset (git-fixes).
* iommu/sun50i: Fix R/W permission check (git-fixes).
* iommu/sun50i: Fix flush size (git-fixes).
* iommu/sun50i: Fix reset release (git-fixes).
* iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
* iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
* iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
* iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
* iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
* iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
* iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-
fixes).
* iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
* iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
* iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-
fixes).
* iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
* ipmi:ssif: Add check for kstrdup (git-fixes).
* ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
* ipmi_si: fix a memleak in try_smi_init() (git-fixes).
* jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
* kabi/severities: Ignore newly added SRSO mitigation functions
* kabi: Allow extra bugsints (bsc#1213927).
* kernel-binary: Common dependencies cleanup Common dependencies are copied to
a subpackage, there is no need for copying defines or build dependencies
there.
* kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific
feature dropped before SLE 12.
* kunit: make kunit_test_timeout compatible with comment (git-fixes).
* leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-
fixes).
* leds: multicolor: Use rounded division when calculating color components
(git-fixes).
* leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
* leds: trigger: tty: Do not use LED_ON/OFF constants, use
led_blink_set_oneshot instead (git-fixes).
* leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
* lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
* lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
* libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
* libbpf: Fix btf_dump's packed struct determination (bsc#1211220
jsc#PED-3924).
* libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220
jsc#PED-3924).
* libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
* md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
* md/raid0: Fix performance regression for large sequential writes
(bsc#1213916).
* media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables
(git-fixes).
* media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
* media: dib7000p: Fix potential division by zero (git-fixes).
* media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-
fixes).
* media: go7007: Remove redundant if statement (git-fixes).
* media: i2c: ccs: Check rules is non-NULL (git-fixes).
* media: i2c: rdacm21: Fix uninitialized value (git-fixes).
* media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
* media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
* media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
* media: ov2680: Fix ov2680_bayer_order() (git-fixes).
* media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not
working (git-fixes).
* media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
(git-fixes).
* media: ov2680: Fix vflip / hflip set functions (git-fixes).
* media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
* media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
* media: rkvdec: increase max supported height for H.264 (git-fixes).
* media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
(git-fixes).
* media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
* media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
* media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts
(git-fixes).
* misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
* mkspec: Allow unsupported KMPs (bsc#1214386)
* mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
* mmc: block: Fix in_flight[issue_type] value error (git-fixes).
* mmc: moxart: read scr register without changing byte order (git-fixes).
* mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
* module: avoid allocation if module is already present and ready
(bsc#1213921).
* module: extract patient module check into helper (bsc#1213921).
* module: move check_modinfo() early to early_mod_check() (bsc#1213921).
* module: move early sanity checks into a helper (bsc#1213921).
* mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
* mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
* mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
* mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
(git-fixes).
* mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
* mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-
fixes).
* mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
* mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
* mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
* mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
* mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
* n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
* net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
* net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
* net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
* net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
* net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
* net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
* net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
* net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
* net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
* netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock
(bsc#1214742).
* netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946
bsc#1214404).
* netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
* netfs: fix parameter of cleanup() (bsc#1214743).
* nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
* nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-
fixes).
* nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-
fixes).
* nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
* nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
* objtool/x86: Fix SRSO mess (git-fixes).
* objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
* objtool: Union instruction::{call_dest,jump_table} (git-fixes).
* old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from
them is no longer suported.
* pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
(git-fixes).
* phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-
fixes).
* phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-
fixes).
* phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
* phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
(git-fixes).
* phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
* phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
* phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
* pinctrl: amd: Mask wake bits on probe again (git-fixes).
* pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe"
(git-fixes).
* pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
* pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
* pinctrl: renesas: rza2: Add lock around
pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
* platform/x86: dell-sysman: Fix reference leak (git-fixes).
* powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
* powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
(bsc#1212091 ltc#199106).
* powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device
(bsc#1212091 ltc#199106).
* powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of
memory (bsc#1212091 ltc#199106).
* powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR
(bsc#1212091 ltc#199106).
* powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
ltc#199106).
* powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091
ltc#199106).
* powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091
ltc#199106).
* powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
* powerpc/pseries/ddw: Do not try direct mapping with persistent memory and
one window (bsc#1212091 ltc#199106).
* powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw()
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Check if the default window in use before removing it
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Find existing DDW with given property name
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: Update remove_dma_window() to accept property name
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091
ltc#199106).
* powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091
ltc#199106).
* powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
* powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588).
* powerpc/rtas: block error injection when locked down (bsc#1023051).
* powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
* powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
* powerpc/rtas_flash: allow user copy to flash block cache objects
(bsc#1194869).
* powerpc/security: Fix Speculation_Store_Bypass reporting on Power10
(bsc#1188885 ltc#193722 git-fixes).
* powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161
ltc#200588). Update config files.
* powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
* powerpc: fix typos in comments (bsc#1212091 ltc#199106).
* pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window
(bsc#1214297 ltc#197503).
* pstore/ram: Check start of empty przs during init (git-fixes).
* pwm: Add a stub for devm_pwmchip_add() (git-fixes).
* pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
* pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-
fixes).
* qed: Fix scheduling in a tasklet while getting stats (git-fixes).
* regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
* ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
* ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
* ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
* rpm/mkspec-dtb: support for nested subdirs
* rpmsg: glink: Add check for kstrdup (git-fixes).
* s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
(bsc#1214976).
* s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
* s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
* sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
* sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
* sched/psi: use kernfs polling functions for PSI trigger polling
(bsc#1209799).
* scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
(git-fixes).
* scsi: 53c700: Check that command slot is not NULL (git-fixes).
* scsi: RDMA/srp: Fix residual handling (git-fixes)
* scsi: bsg: Increase number of devices (bsc#1210048).
* scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
* scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
* scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
* scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
* scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
* scsi: core: Merge scsi_internal_device_block() and device_block()
(bsc#1209284).
* scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
* scsi: qedf: Fix NULL dereference in error handling (git-fixes).
* scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
* scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
* scsi: scsi_debug: Remove dead code (git-fixes).
* scsi: sg: Increase number of devices (bsc#1210048).
* scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
* scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
* scsi: storvsc: Always set no_report_opcodes (git-fixes).
* scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
* scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
* scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-
fixes).
* scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes
bsc#1214371).
* selftests/bpf: Test btf dump for struct with padding only fields
(bsc#1211220 jsc#PED-3924).
* selftests/futex: Order calls to futex_lock_pi (git-fixes).
* selftests/harness: Actually report SKIP for signal tests (git-fixes).
* selftests/resctrl: Close perf value read fd on errors (git-fixes).
* selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
* selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-
fixes).
* selftests/rseq: check if libc rseq support is registered (git-fixes).
* selftests: forwarding: Add a helper to skip test when using veth pairs (git-
fixes).
* selftests: forwarding: Skip test when no interfaces are specified (git-
fixes).
* selftests: forwarding: Switch off timeout (git-fixes).
* selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
* selftests: forwarding: ethtool_extended_state: Skip when using veth pairs
(git-fixes).
* selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
* selftests: forwarding: tc_actions: cleanup temporary files when test is
aborted (git-fixes).
* selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
* selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
* serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
* serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
* serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-
fixes).
* serial: sprd: Fix DMA buffer leak issue (git-fixes).
* serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
* sfc: fix crash when reading stats while NIC is resetting (git-fixes).
* smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request
(bsc#1193629).
* smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
* smb: client: fix dfs link mount against w2k8 (bsc#1212142).
* smb: client: fix null auth (git-fixes).
* soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
* soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-
fixes).
* soundwire: fix enumeration completion (git-fixes).
* spi: tegra20-sflash: fix to check return value of platform_get_irq() in
tegra_sflash_probe() (git-fixes).
* supported.conf: fix typos for -!optional markers
* swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
* target: compare and write backend driver sense handling (bsc#1177719
bsc#1213026).
* target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
* target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
* target_core_rbd: remove snapshot existence validation code (bsc#1212857).
* thunderbolt: Read retimer NVM authentication status prior
tb_retimer_set_inbound_sbtx() (git-fixes).
* timers: Add shutdown mechanism to the internal functions (bsc#1213970).
* timers: Provide timer_shutdown_sync (bsc#1213970).
* timers: Rename del_timer() to timer_delete() (bsc#1213970).
* timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
* timers: Replace BUG_ON()s (bsc#1213970).
* timers: Silently ignore timers with a NULL function (bsc#1213970).
* timers: Split [try_to_]del_timer_sync to prepare for shutdown mode
(bsc#1213970).
* timers: Update kernel-doc for various functions (bsc#1213970).
* timers: Use del_timer_sync() even on UP (bsc#1213970).
* tracing/histograms: Add histograms to hist_vars if they have referenced
variables (git-fixes).
* tracing/histograms: Return an error if we fail to add histogram to hist_vars
list (git-fixes).
* tracing/probes: Fix not to count error code to total length (git-fixes).
* tracing/probes: Fix to avoid double count of the string length on the array
(git-fixes).
* tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if
fails (git-fixes).
* tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-
fixes).
* tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-
fixes).
* tracing: Fix memleak due to race between current_tracer and trace (git-
fixes).
* tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
* tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
* tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
* tty: fix hang on tty device with no_room set (git-fixes).
* tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-
fixes).
* tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
* tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32
platforms (git-fixes).
* tty: serial: fsl_lpuart: make rx_watermark configurable for different
platforms (git-fixes).
* tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
* ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
* usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
* usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
* usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
* usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-
fixes).
* usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
(git-fixes).
* usb: dwc3: Fix typos in gadget.c (git-fixes).
* usb: dwc3: Properly handle processing of pending events (git-fixes).
* usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-
fixes).
* usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
* usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
* usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-
fixes).
* usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
* usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-
fixes).
* usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
* usb: serial: option: add Quectel EC200A module support (git-fixes).
* usb: serial: option: support Quectel EM060K_128 (git-fixes).
* usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
* usb: serial: simple: sort driver entries (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment
(git-fixes).
* usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
* usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
* usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
* watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-
fixes).
* wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
* wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
* wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-
fixes).
* wifi: ath9k: protect WMI command response buffer replacement with a lock
(git-fixes).
* wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
* wifi: cfg80211: Fix return value in scan logic (git-fixes).
* wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
* wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
(git-fixes).
* wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
* wifi: mt76: mt7921: do not support one stream on secondary antenna only
(git-fixes).
* wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
* wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
* wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
* wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
* wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
* wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-
fixes).
* wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
* wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute
(git-fixes).
* wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
* wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set()
(git-fixes).
* x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
* x86/alternative: Make custom return thunk unconditional (git-fixes).
* x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
* x86/cpu: Clean up SRSO return thunk mess (git-fixes).
* x86/cpu: Cleanup the untrain mess (git-fixes).
* x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
* x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
* x86/cpu: Rename original retbleed methods (git-fixes).
* x86/cpu: Rename srso_(.*) _alias to srso_alias_ \1 (git-fixes).
* x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
* x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
* x86/hyperv: Change vTOM handling to use standard coco mechanisms
(bsc#1206453).
* x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
* x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
* x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
* x86/ioremap: Add hypervisor callback for private MMIO mapping in coco
(bsc#1206453).
* x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
* x86/mm: Handle decryption/re-encryption of bss_decrypted consistently
(bsc#1206453).
* x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG
(git-fixes).
* x86/retpoline,kprobes: Skip optprobe check for indirect jumps with
retpolines and IBT (git-fixes).
* x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
* x86/speculation: Add cpu_show_gds() prototype (git-fixes).
* x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
* x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
* x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
* x86/srso: Explain the untraining sequences a bit more (git-fixes).
* x86/srso: Fix build breakage with the LLVM linker (git-fixes).
* x86/srso: Fix return thunks in generated code (git-fixes).
* x86/static_call: Fix __static_call_fixup() (git-fixes).
* x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
* x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
* x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
* x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
* x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments
(bsc#1206453).
* xfs: fix sb write verify for lazysbcount (bsc#1214661).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-3704=1 openSUSE-SLE-15.5-2023-3704=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3704=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3704=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3704=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3704=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3704=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3704=1
## Package List:
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (noarch)
* kernel-docs-html-5.14.21-150500.55.22.1
* kernel-source-5.14.21-150500.55.22.1
* kernel-devel-5.14.21-150500.55.22.1
* kernel-source-vanilla-5.14.21-150500.55.22.1
* kernel-macros-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.14.21-150500.55.22.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.22.1
* kernel-debug-devel-5.14.21-150500.55.22.1
* kernel-debug-debugsource-5.14.21-150500.55.22.1
* kernel-debug-debuginfo-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (x86_64)
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.22.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.22.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.22.1
* kernel-default-vdso-5.14.21-150500.55.22.1
* kernel-debug-vdso-5.14.21-150500.55.22.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150500.55.22.1.150500.6.8.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.22.1
* kernel-kvmsmall-devel-5.14.21-150500.55.22.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.22.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.22.1
* kernel-default-base-5.14.21-150500.55.22.1.150500.6.8.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-5.14.21-150500.55.22.1
* kernel-default-debuginfo-5.14.21-150500.55.22.1
* ocfs2-kmp-default-5.14.21-150500.55.22.1
* cluster-md-kmp-default-5.14.21-150500.55.22.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.22.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.22.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.22.1
* kernel-default-livepatch-5.14.21-150500.55.22.1
* kernel-default-extra-5.14.21-150500.55.22.1
* kernel-default-debugsource-5.14.21-150500.55.22.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.22.1
* dlm-kmp-default-5.14.21-150500.55.22.1
* kernel-obs-build-debugsource-5.14.21-150500.55.22.1
* kernel-default-devel-5.14.21-150500.55.22.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.22.1
* gfs2-kmp-default-5.14.21-150500.55.22.1
* kernel-default-optional-5.14.21-150500.55.22.1
* kernel-default-livepatch-devel-5.14.21-150500.55.22.1
* kernel-obs-qa-5.14.21-150500.55.22.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1
* kernel-syms-5.14.21-150500.55.22.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.22.1
* reiserfs-kmp-default-5.14.21-150500.55.22.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.22.1
* kselftests-kmp-default-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_22-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_4-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_22-default-debuginfo-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.22.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (aarch64)
* dtb-allwinner-5.14.21-150500.55.22.1
* dtb-arm-5.14.21-150500.55.22.1
* kernel-64kb-debugsource-5.14.21-150500.55.22.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.22.1
* dtb-apple-5.14.21-150500.55.22.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.22.1
* dtb-rockchip-5.14.21-150500.55.22.1
* kernel-64kb-debuginfo-5.14.21-150500.55.22.1
* dtb-mediatek-5.14.21-150500.55.22.1
* dtb-nvidia-5.14.21-150500.55.22.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.22.1
* dtb-exynos-5.14.21-150500.55.22.1
* dtb-sprd-5.14.21-150500.55.22.1
* ocfs2-kmp-64kb-5.14.21-150500.55.22.1
* dtb-apm-5.14.21-150500.55.22.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.22.1
* dtb-broadcom-5.14.21-150500.55.22.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.22.1
* dtb-freescale-5.14.21-150500.55.22.1
* cluster-md-kmp-64kb-5.14.21-150500.55.22.1
* kselftests-kmp-64kb-5.14.21-150500.55.22.1
* dtb-lg-5.14.21-150500.55.22.1
* dtb-renesas-5.14.21-150500.55.22.1
* dtb-socionext-5.14.21-150500.55.22.1
* dtb-amd-5.14.21-150500.55.22.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.22.1
* dtb-xilinx-5.14.21-150500.55.22.1
* dtb-amlogic-5.14.21-150500.55.22.1
* dtb-amazon-5.14.21-150500.55.22.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.22.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.22.1
* reiserfs-kmp-64kb-5.14.21-150500.55.22.1
* dtb-qcom-5.14.21-150500.55.22.1
* dtb-altera-5.14.21-150500.55.22.1
* gfs2-kmp-64kb-5.14.21-150500.55.22.1
* kernel-64kb-devel-5.14.21-150500.55.22.1
* kernel-64kb-optional-5.14.21-150500.55.22.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.22.1
* dlm-kmp-64kb-5.14.21-150500.55.22.1
* kernel-64kb-extra-5.14.21-150500.55.22.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.22.1
* dtb-hisilicon-5.14.21-150500.55.22.1
* dtb-marvell-5.14.21-150500.55.22.1
* dtb-cavium-5.14.21-150500.55.22.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150500.55.22.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.22.1
* kernel-64kb-debugsource-5.14.21-150500.55.22.1
* kernel-64kb-devel-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.22.1.150500.6.8.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150500.55.22.1
* kernel-default-debugsource-5.14.21-150500.55.22.1
* kernel-default-debuginfo-5.14.21-150500.55.22.1
* kernel-default-devel-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (noarch)
* kernel-macros-5.14.21-150500.55.22.1
* kernel-devel-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.22.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.22.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.22.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.22.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-5.14.21-150500.55.22.1
* kernel-obs-build-debugsource-5.14.21-150500.55.22.1
* kernel-syms-5.14.21-150500.55.22.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.22.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.22.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.22.1
* reiserfs-kmp-default-5.14.21-150500.55.22.1
* kernel-default-debugsource-5.14.21-150500.55.22.1
* kernel-default-debuginfo-5.14.21-150500.55.22.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.22.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.14.21-150500.55.22.1
* kernel-default-debuginfo-5.14.21-150500.55.22.1
* kernel-default-livepatch-5.14.21-150500.55.22.1
* kernel-livepatch-5_14_21-150500_55_22-default-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5_Update_4-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_55_22-default-debuginfo-1-150500.11.3.1
* kernel-default-debugsource-5.14.21-150500.55.22.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1
* kernel-default-debuginfo-5.14.21-150500.55.22.1
* ocfs2-kmp-default-5.14.21-150500.55.22.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.22.1
* kernel-default-debugsource-5.14.21-150500.55.22.1
* cluster-md-kmp-default-5.14.21-150500.55.22.1
* dlm-kmp-default-5.14.21-150500.55.22.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.22.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.22.1
* gfs2-kmp-default-5.14.21-150500.55.22.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.22.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.22.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-5.14.21-150500.55.22.1
* kernel-default-debugsource-5.14.21-150500.55.22.1
* kernel-default-debuginfo-5.14.21-150500.55.22.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.22.1
## References:
* https://www.suse.com/security/cve/CVE-2022-38457.html
* https://www.suse.com/security/cve/CVE-2022-40133.html
* https://www.suse.com/security/cve/CVE-2023-2007.html
* https://www.suse.com/security/cve/CVE-2023-20588.html
* https://www.suse.com/security/cve/CVE-2023-34319.html
* https://www.suse.com/security/cve/CVE-2023-3610.html
* https://www.suse.com/security/cve/CVE-2023-37453.html
* https://www.suse.com/security/cve/CVE-2023-3772.html
* https://www.suse.com/security/cve/CVE-2023-3863.html
* https://www.suse.com/security/cve/CVE-2023-40283.html
* https://www.suse.com/security/cve/CVE-2023-4128.html
* https://www.suse.com/security/cve/CVE-2023-4133.html
* https://www.suse.com/security/cve/CVE-2023-4134.html
* https://www.suse.com/security/cve/CVE-2023-4147.html
* https://www.suse.com/security/cve/CVE-2023-4194.html
* https://www.suse.com/security/cve/CVE-2023-4273.html
* https://www.suse.com/security/cve/CVE-2023-4387.html
* https://www.suse.com/security/cve/CVE-2023-4459.html
* https://www.suse.com/security/cve/CVE-2023-4563.html
* https://www.suse.com/security/cve/CVE-2023-4569.html
* https://bugzilla.suse.com/show_bug.cgi?id=1023051
* https://bugzilla.suse.com/show_bug.cgi?id=1120059
* https://bugzilla.suse.com/show_bug.cgi?id=1177719
* https://bugzilla.suse.com/show_bug.cgi?id=1188885
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1203329
* https://bugzilla.suse.com/show_bug.cgi?id=1203330
* https://bugzilla.suse.com/show_bug.cgi?id=1205462
* https://bugzilla.suse.com/show_bug.cgi?id=1206453
* https://bugzilla.suse.com/show_bug.cgi?id=1208902
* https://bugzilla.suse.com/show_bug.cgi?id=1208949
* https://bugzilla.suse.com/show_bug.cgi?id=1209284
* https://bugzilla.suse.com/show_bug.cgi?id=1209799
* https://bugzilla.suse.com/show_bug.cgi?id=1210048
* https://bugzilla.suse.com/show_bug.cgi?id=1210448
* https://bugzilla.suse.com/show_bug.cgi?id=1211220
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1212142
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212526
* https://bugzilla.suse.com/show_bug.cgi?id=1212857
* https://bugzilla.suse.com/show_bug.cgi?id=1212873
* https://bugzilla.suse.com/show_bug.cgi?id=1213026
* https://bugzilla.suse.com/show_bug.cgi?id=1213123
* https://bugzilla.suse.com/show_bug.cgi?id=1213546
* https://bugzilla.suse.com/show_bug.cgi?id=1213580
* https://bugzilla.suse.com/show_bug.cgi?id=1213601
* https://bugzilla.suse.com/show_bug.cgi?id=1213666
* https://bugzilla.suse.com/show_bug.cgi?id=1213733
* https://bugzilla.suse.com/show_bug.cgi?id=1213757
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213916
* https://bugzilla.suse.com/show_bug.cgi?id=1213921
* https://bugzilla.suse.com/show_bug.cgi?id=1213927
* https://bugzilla.suse.com/show_bug.cgi?id=1213946
* https://bugzilla.suse.com/show_bug.cgi?id=1213949
* https://bugzilla.suse.com/show_bug.cgi?id=1213968
* https://bugzilla.suse.com/show_bug.cgi?id=1213970
* https://bugzilla.suse.com/show_bug.cgi?id=1213971
* https://bugzilla.suse.com/show_bug.cgi?id=1214000
* https://bugzilla.suse.com/show_bug.cgi?id=1214019
* https://bugzilla.suse.com/show_bug.cgi?id=1214073
* https://bugzilla.suse.com/show_bug.cgi?id=1214120
* https://bugzilla.suse.com/show_bug.cgi?id=1214149
* https://bugzilla.suse.com/show_bug.cgi?id=1214180
* https://bugzilla.suse.com/show_bug.cgi?id=1214233
* https://bugzilla.suse.com/show_bug.cgi?id=1214238
* https://bugzilla.suse.com/show_bug.cgi?id=1214285
* https://bugzilla.suse.com/show_bug.cgi?id=1214297
* https://bugzilla.suse.com/show_bug.cgi?id=1214299
* https://bugzilla.suse.com/show_bug.cgi?id=1214305
* https://bugzilla.suse.com/show_bug.cgi?id=1214350
* https://bugzilla.suse.com/show_bug.cgi?id=1214368
* https://bugzilla.suse.com/show_bug.cgi?id=1214370
* https://bugzilla.suse.com/show_bug.cgi?id=1214371
* https://bugzilla.suse.com/show_bug.cgi?id=1214372
* https://bugzilla.suse.com/show_bug.cgi?id=1214380
* https://bugzilla.suse.com/show_bug.cgi?id=1214386
* https://bugzilla.suse.com/show_bug.cgi?id=1214392
* https://bugzilla.suse.com/show_bug.cgi?id=1214393
* https://bugzilla.suse.com/show_bug.cgi?id=1214397
* https://bugzilla.suse.com/show_bug.cgi?id=1214404
* https://bugzilla.suse.com/show_bug.cgi?id=1214428
* https://bugzilla.suse.com/show_bug.cgi?id=1214451
* https://bugzilla.suse.com/show_bug.cgi?id=1214659
* https://bugzilla.suse.com/show_bug.cgi?id=1214661
* https://bugzilla.suse.com/show_bug.cgi?id=1214727
* https://bugzilla.suse.com/show_bug.cgi?id=1214729
* https://bugzilla.suse.com/show_bug.cgi?id=1214742
* https://bugzilla.suse.com/show_bug.cgi?id=1214743
* https://bugzilla.suse.com/show_bug.cgi?id=1214756
* https://bugzilla.suse.com/show_bug.cgi?id=1214976
* https://jira.suse.com/browse/PED-3924
* https://jira.suse.com/browse/PED-4579
* https://jira.suse.com/browse/PED-4759
* https://jira.suse.com/browse/PED-4927
* https://jira.suse.com/browse/PED-4929
* https://jira.suse.com/browse/PED-5738
* https://jira.suse.com/browse/PED-6003
* https://jira.suse.com/browse/PED-6004
1
0
SUSE-SU-2023:3671-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5)
by security@lists.opensuse.org 19 Sep '23
by security@lists.opensuse.org 19 Sep '23
19 Sep '23
# Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5)
Announcement ID: SUSE-SU-2023:3671-1
Rating: important
References:
* #1208839
* #1210630
* #1211187
* #1211395
* #1212849
* #1213063
* #1213244
Cross-References:
* CVE-2023-1077
* CVE-2023-2156
* CVE-2023-2176
* CVE-2023-3090
* CVE-2023-32233
* CVE-2023-35001
* CVE-2023-3567
CVSS scores:
* CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_11 fixes several issues.
The following security issues were fixed:
* CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when
processing batch requests (bsc#1211187).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211395).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213244).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213063).
* CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could
cause memory corruption (bsc#1208839).
* CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in
drivers/infiniband/core/cma.c in RDMA (bsc#1210630).
* CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver
(bsc#1212849).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3671=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2023-3672=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2023-3673=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-3678=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3678=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-9-150400.2.2
* kernel-livepatch-5_14_21-150400_15_5-rt-9-150400.2.2
* kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-7-150400.2.2
* kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-8-150400.2.2
* kernel-livepatch-5_14_21-150400_15_8-rt-8-150400.2.2
* kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-8-150400.2.2
* kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-9-150400.2.2
* kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-7-150400.2.2
* kernel-livepatch-5_14_21-150400_15_11-rt-7-150400.2.2
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_11-rt-debuginfo-3-150500.6.2
* kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-3-150500.6.2
* kernel-livepatch-5_14_21-150500_11-rt-3-150500.6.2
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_11-rt-debuginfo-3-150500.6.2
* kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-3-150500.6.2
* kernel-livepatch-5_14_21-150500_11-rt-3-150500.6.2
## References:
* https://www.suse.com/security/cve/CVE-2023-1077.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2176.html
* https://www.suse.com/security/cve/CVE-2023-3090.html
* https://www.suse.com/security/cve/CVE-2023-32233.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208839
* https://bugzilla.suse.com/show_bug.cgi?id=1210630
* https://bugzilla.suse.com/show_bug.cgi?id=1211187
* https://bugzilla.suse.com/show_bug.cgi?id=1211395
* https://bugzilla.suse.com/show_bug.cgi?id=1212849
* https://bugzilla.suse.com/show_bug.cgi?id=1213063
* https://bugzilla.suse.com/show_bug.cgi?id=1213244
1
0
SUSE-SU-2023:3676-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)
by security@lists.opensuse.org 19 Sep '23
by security@lists.opensuse.org 19 Sep '23
19 Sep '23
# Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)
Announcement ID: SUSE-SU-2023:3676-1
Rating: important
References:
* #1211395
* #1212849
* #1213063
Cross-References:
* CVE-2023-2156
* CVE-2023-3090
* CVE-2023-35001
CVSS scores:
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves three vulnerabilities can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues.
The following security issues were fixed:
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211395).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213063).
* CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver
(bsc#1212849).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3676=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-3679=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3679=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_8-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1
* kernel-livepatch-5_14_21-150400_15_37-rt-debuginfo-2-150400.2.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1
* kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-2-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1
* kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-2-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-2-150500.2.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-3090.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211395
* https://bugzilla.suse.com/show_bug.cgi?id=1212849
* https://bugzilla.suse.com/show_bug.cgi?id=1213063
1
0
SUSE-SU-2023:3682-1: important: Security update for the Linux Kernel
by security@lists.opensuse.org 19 Sep '23
by security@lists.opensuse.org 19 Sep '23
19 Sep '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3682-1
Rating: important
References:
* #1023051
* #1120059
* #1177719
* #1188885
* #1193629
* #1194869
* #1205462
* #1208902
* #1208949
* #1209284
* #1209799
* #1210048
* #1210448
* #1212091
* #1212142
* #1212526
* #1212857
* #1212873
* #1213026
* #1213123
* #1213546
* #1213580
* #1213601
* #1213666
* #1213757
* #1213759
* #1213916
* #1213921
* #1213927
* #1213946
* #1213968
* #1213970
* #1213971
* #1214000
* #1214019
* #1214120
* #1214149
* #1214180
* #1214238
* #1214285
* #1214297
* #1214299
* #1214350
* #1214368
* #1214370
* #1214371
* #1214372
* #1214380
* #1214386
* #1214392
* #1214393
* #1214397
* #1214428
* #1214451
* #1214659
* #1214661
* #1214729
* #1214742
* #1214743
* #1214756
* #1214760
* PED-4579
* PED-4759
* PED-4927
* PED-4929
* PED-5738
* PED-6003
* PED-6004
Cross-References:
* CVE-2023-2007
* CVE-2023-20588
* CVE-2023-34319
* CVE-2023-3610
* CVE-2023-37453
* CVE-2023-3772
* CVE-2023-3863
* CVE-2023-4128
* CVE-2023-4133
* CVE-2023-4134
* CVE-2023-4147
* CVE-2023-4194
* CVE-2023-4273
* CVE-2023-4387
* CVE-2023-4459
* CVE-2023-4569
CVSS scores:
* CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-34319 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-3610 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3610 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3772 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4128 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4128 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4133 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4134 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4147 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4147 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-4194 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-4273 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4273 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-4387 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4387 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-4459 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-4569 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 16 vulnerabilities, contains seven features and has 45
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could
allow an attacker to escalate privileges and execute arbitrary code in the
context of the kernel (bsc#1210448).
* CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that
can potentially return speculative data resulting in loss of confidentiality
(bsc#1213927).
* CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in
xen/netback (XSA-432) (bsc#1213546).
* CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be
exploited to achieve local privilege escalation (bsc#1213580).
* CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
* CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a
malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL
pointer leading to a possible kernel crash and denial of service
(bsc#1213666).
* CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local
that allowed a local user with special privileges to impact a kernel
information leak issue (bsc#1213601).
* CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that
allowed a local attacker to perform a local privilege escalation due to
incorrect handling of the existing filter, leading to a kernel information
leak issue (bsc#1214149).
* CVE-2023-4133: Fixed use after free bugs caused by circular dependency
problem in cxgb4 (bsc#1213970).
* CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work()
(bsc#1213971).
* CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
* CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
* CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that
alloawed a local privileged attacker to overflow the kernel stack
(bsc#1214120).
* CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that
could allow a local attacker to crash the system due to a double-free
(bsc#1214350).
* CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup
that may have allowed a local attacker with normal user privilege to cause a
denial of service (bsc#1214451).
* CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in
net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
* acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-
fixes).
* acpi: processor: perflib: use the "no limit" frequency qos (git-fixes).
* acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-
fixes).
* alsa: ac97: fix possible error value of *rac97 (git-fixes).
* alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
* alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
* alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-
fixes).
* alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-
fixes).
* alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
* alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
* alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
* alsa: usb-audio: add support for mythware xa001au capture and playback
interfaces (git-fixes).
* alsa: usb-audio: fix init call orders for uac1 (git-fixes).
* alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-
fixes).
* amba: bus: fix refcount leak (git-fixes).
* arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux
(git-fixes).
* arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
* arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
* arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings
(git-fixes).
* arm: dts: imx6sll: fixup of operating points (git-fixes).
* arm: spear: do not use timer namespace for timer_shutdown() function
(bsc#1213970).
* asoc: lower "no backend dais enabled for ... port" log severity (git-fixes).
* asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
* asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
* asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
* asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
* asoc: tegra: fix sfc conversion for few rates (git-fixes).
* audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
* backlight/bd6107: compare against struct fb_info.device (git-fixes).
* backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
* backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
* batman-adv: do not get eth header before batadv_check_management_packet
(git-fixes).
* batman-adv: do not increase mtu when set by user (git-fixes).
* batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
* batman-adv: fix tt global entry leak when client roamed back (git-fixes).
* batman-adv: hold rtnl lock during mtu update via netlink (git-fixes).
* batman-adv: trigger events for auto adjusted mtu (git-fixes).
* bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
* bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-
fixes).
* bluetooth: fix potential use-after-free when clear keys (git-fixes).
* bluetooth: l2cap: fix use-after-free (git-fixes).
* bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
* bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-
fixes).
* bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
* bnx2x: fix page fault following eeh recovery (bsc#1214299).
* bpf: disable preemption in bpf_event_output (git-fixes).
* bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
* bus: ti-sysc: fix cast to enum warning (git-fixes).
* bus: ti-sysc: flush posted write on enable before reset (git-fixes).
* can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also
in case of oom (git-fixes).
* ceph: defer stopping mdsc delayed_work (bsc#1214392).
* ceph: do not check for quotas on mds stray dirs (bsc#1214238).
* ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
* check-for-config-changes: ignore builtin_return_address_strips_pac
(bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
* cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
* cifs: allow dumping keys for directories too (bsc#1193629).
* cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
* cifs: if deferred close is disabled then close files immediately (git-
fixes).
* cifs: is_network_name_deleted should return a bool (bsc#1193629).
* cifs: update internal module version number for cifs.ko (bsc#1193629).
* clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
* clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
* clk: imx8mp: fix sai4 clock (git-fixes).
* clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
(git-fixes).
* clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-
fixes).
* clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
* clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
* clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
* clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
* clk: sunxi-ng: modify mismatched function name (git-fixes).
* clocksource/drivers/arm_arch_timer: do not use timer namespace for
timer_shutdown() function (bsc#1213970).
* clocksource/drivers/sp804: do not use timer namespace for timer_shutdown()
function (bsc#1213970).
* config_nvme_verbose_errors=y gone with a82baa8083b
* config_printk_safe_log_buf_shift=13 gone with 7e152d55123
* cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588).
* cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161
ltc#200588).
* cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462
ltc#200161 ltc#200588).
* cpufreq: fix the race condition while updating the transition_task of policy
(git-fixes).
* cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids
(bsc#1214659).
* cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949
jsc#ped-6003 jsc#ped-6004).
* cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled
e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
* cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526
bsc#1214368 jsc#ped-4927 jsc#ped-4929).
* cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores
(bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
* cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526
bsc#1214368 jsc#ped-4927 jsc#ped-4929).
* created new preempt kernel flavor configs are cloned from the respective
$arch/default configs. all changed configs appart from config_preempt->y are
a result of dependencies, namely many lock/unlock primitives are no longer
inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu
which is the default implementation for preempt kernel.
* crypto: caam - fix unchecked return value error (git-fixes).
* crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
* dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
* dma-buf/sync_file: fix docs syntax (git-fixes).
* dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-
fixes).
* dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
* dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
* dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
* docs/process/howto: replace c89 with c11 (bsc#1214756).
* docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
* docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
* docs: printk-formats: fix hex printing of signed values (git-fixes).
* documentation: devices.txt: fix minors for ttycpm* (git-fixes).
* documentation: devices.txt: remove ttyioc* (git-fixes).
* documentation: devices.txt: remove ttysioc* (git-fixes).
* driver core: test_async: fix an error code (git-fixes).
* drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-
fixes).
* drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-
fixes).
* drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-
fixes).
* drm/amd/display: check tg is non-null before checking if enabled (git-
fixes).
* drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
* drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
* drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
* drm/amd/display: save restore hdcp state when display is unplugged from mst
hub (git-fixes).
* drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create()
(git-fixes).
* drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
* drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
(git-fixes).
* drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
* drm/amdgpu: install stub fence into potential unused fence pointers (git-
fixes).
* drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
* drm/armada: fix off-by-one error in armada_overlay_get_property() (git-
fixes).
* drm/ast: fix dram init on ast2200 (git-fixes).
* drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-
fixes).
* drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event()
(git-fixes).
* drm/bridge: fix -wunused-const-variable= warning (git-fixes).
* drm/bridge: tc358764: fix debug print parameter order (git-fixes).
* drm/etnaviv: fix dumping of active mmu context (git-fixes).
* drm/mediatek: fix dereference before null check (git-fixes).
* drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
* drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
* drm/msm/mdp5: do not leak some plane state (git-fixes).
* drm/msm: update dev core dump to not print backwards (git-fixes).
* drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes
(git-fixes).
* drm/nouveau/gr: enable memory loads on helper invocation on all channels
(git-fixes).
* drm/panel: simple: add missing connector type and pixel format for auo
t215hvn01 (git-fixes).
* drm/panel: simple: fix auo g121ean01 panel timings according to the docs
(git-fixes).
* drm/qxl: fix uaf on handle creation (git-fixes).
* drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
* drm/rockchip: do not spam logs in atomic check (git-fixes).
* drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-
fixes).
* drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-
fixes).
* drm/ttm: check null pointer before accessing when swapping (git-fixes).
* drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
* drm/vmwgfx: fix shader stage validation (git-fixes).
* drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes).
* drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
* drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
* drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
* dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
* dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
* dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
* e1000: fix typos in comments (jsc#ped-5738).
* e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
* e1000: switch to napi_build_skb() (jsc#ped-5738).
* e1000: switch to napi_consume_skb() (jsc#ped-5738).
* enable analog devices industrial ethernet phy driver (jsc#ped-4759)
* enable tpm in azure (bsc#1214760)
* exfat: fix unexpected eof while reading dir (bsc#1214000).
* exfat: release s_lock before calling dir_emit() (bsc#1214000).
* exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
* fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
* fbdev: fix potential oob read in fast_imageblit() (git-fixes).
* fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
* fbdev: improve performance of sys_imageblit() (git-fixes).
* fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
* file: reinstate f_pos locking optimization for regular files (bsc#1213759).
* firmware: arm_scmi: drop of node reference in the transport channel setup
(git-fixes).
* firmware: cs_dsp: fix new control name check (git-fixes).
* firmware: meson_sm: fix to avoid potential null pointer dereference (git-
fixes).
* firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
* fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
* ftrace: fix possible warning on checking all pages used in
ftrace_process_locs() (git-fixes).
* gpio: mvebu: fix irq domain leak (git-fixes).
* gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
* gpio: tps68470: make tps68470_gpio_output() always set the initial value
(git-fixes).
* hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
* hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode()
(git-fixes).
* hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl
keyboard (git-fixes).
* hid: multitouch: correct devm device reference for hidinput input_dev name
(git-fixes).
* hid: wacom: remove the battery when the ekr is off (git-fixes).
* hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-
fixes).
* hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
* hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
* hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
* hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
* hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
* i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
* i2c: delete error messages for failed memory allocations (git-fixes).
* i2c: designware: correct length byte validation logic (git-fixes).
* i2c: designware: handle invalid smbus block data response length value (git-
fixes).
* i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
* i2c: improve size determinations (git-fixes).
* i2c: nomadik: remove a useless call in the remove function (git-fixes).
* i2c: nomadik: remove unnecessary goto label (git-fixes).
* i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
* i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
* iavf: fix potential races for fdir filters (git-fixes).
* ib/hfi1: fix possible panic during hotplug remove (git-fixes)
* ib/uverbs: fix an potential error pointer dereference (git-fixes)
* ice: fix crash by keep old cfg when update tcs more than queues (git-fixes).
* ice: fix max_rate check while configuring tx rate limits (git-fixes).
* ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
* ice: fix rdma vsi removal during queue rebuild (git-fixes).
* iio: adc: ina2xx: avoid null pointer dereference on of device match (git-
fixes).
* iio: adc: stx104: implement and utilize register structures (git-fixes).
* iio: adc: stx104: utilize iomap interface (git-fixes).
* iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
* input: exc3000 - properly stop timer on shutdown (git-fixes).
* intel/e1000:fix repeated words in comments (jsc#ped-5738).
* intel: remove unused macros (jsc#ped-5738).
* iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
* iommu/amd: fix compile warning in init code (git-fixes).
* iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options
(git-fixes).
* iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
* iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
* iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
* iommu/arm-smmu-v3: check return value after calling platform_get_resource()
(git-fixes).
* iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
* iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to
identity (git-fixes).
* iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-
fixes).
* iommu/dart: initialize dart_streams_enable (git-fixes).
* iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
* iommu/dma: fix iova map result check bug (git-fixes).
* iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
* iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
* iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-
fixes).
* iommu/iova: fix module config properly (git-fixes).
* iommu/omap: fix buffer overflow in debugfs (git-fixes).
* iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
* iommu/sun50i: consider all fault sources for reset (git-fixes).
* iommu/sun50i: fix flush size (git-fixes).
* iommu/sun50i: fix r/w permission check (git-fixes).
* iommu/sun50i: fix reset release (git-fixes).
* iommu/sun50i: implement .iotlb_sync_map (git-fixes).
* iommu/sun50i: remove iommu_domain_identity (git-fixes).
* iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
* iommu/vt-d: check correct capability for sagaw determination (git-fixes).
* iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
* iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
* iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
* iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-
fixes).
* iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
* iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-
fixes).
* iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
* ipmi:ssif: add check for kstrdup (git-fixes).
* ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
* ipmi_si: fix a memleak in try_smi_init() (git-fixes).
* jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
* kabi/severities: ignore newly added srso mitigation functions
* kabi: allow extra bugsints (bsc#1213927).
* kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
* kbuild: move to -std=gnu11 (bsc#1214756).
* kernel-binary: common dependencies cleanup common dependencies are copied to
a subpackage, there is no need for copying defines or build dependencies
there.
* kernel-binary: drop code for kerntypes support kerntypes was a suse-specific
feature dropped before sle 12.
* kunit: make kunit_test_timeout compatible with comment (git-fixes).
* kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
* leds: fix bug_on check for led_color_id_multi that is always false (git-
fixes).
* leds: multicolor: use rounded division when calculating color components
(git-fixes).
* leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
* leds: trigger: tty: do not use led_on/off constants, use
led_blink_set_oneshot instead (git-fixes).
* leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
* lib/test_meminit: allocate pages up to order max_order (git-fixes).
* lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
* libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
* md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
* md/raid0: fix performance regression for large sequential writes
(bsc#1213916).
* media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables
(git-fixes).
* media: cx24120: add retval check for cx24120_message_send() (git-fixes).
* media: dib7000p: fix potential division by zero (git-fixes).
* media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-
fixes).
* media: go7007: remove redundant if statement (git-fixes).
* media: i2c: ccs: check rules is non-null (git-fixes).
* media: i2c: rdacm21: fix uninitialized value (git-fixes).
* media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
* media: ov2680: add ov2680_fill_format() helper function (git-fixes).
* media: ov2680: do not take the lock for try_fmt calls (git-fixes).
* media: ov2680: fix ov2680_bayer_order() (git-fixes).
* media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not
working (git-fixes).
* media: ov2680: fix regulators being left enabled on ov2680_power_on() errors
(git-fixes).
* media: ov2680: fix vflip / hflip set functions (git-fixes).
* media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
* media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
* media: rkvdec: increase max supported height for h.264 (git-fixes).
* media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link()
(git-fixes).
* media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
* media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
* media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts
(git-fixes).
* misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
* mkspec: allow unsupported kmps (bsc#1214386)
* mlxsw: pci: add shutdown method in pci driver (git-fixes).
* mmc: block: fix in_flight[issue_type] value error (git-fixes).
* mmc: moxart: read scr register without changing byte order (git-fixes).
* mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
* module: avoid allocation if module is already present and ready
(bsc#1213921).
* module: extract patient module check into helper (bsc#1213921).
* module: move check_modinfo() early to early_mod_check() (bsc#1213921).
* module: move early sanity checks into a helper (bsc#1213921).
* move upstreamed powerpc patches into sorted section
* mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
* mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
* mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
* mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write
(git-fixes).
* mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
* mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-
fixes).
* mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
* mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
* mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
* mtd: spi-nor: check bus width while setting qe bit (git-fixes).
* mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
* n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
* net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
* net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
* net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
* net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
* net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
* net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
* net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
* net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
* netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock
(bsc#1214742).
* netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
* netfs: fix parameter of cleanup() (bsc#1214743).
* nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
* nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-
fixes).
* nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-
fixes).
* nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
* nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
* objtool/x86: fix srso mess (git-fixes).
* objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
* objtool: union instruction::{call_dest,jump_table} (git-fixes).
* old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from
them is no longer suported.
* pci/aspm: avoid link retraining race (git-fixes).
* pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
* pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
* pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
* pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root
bus (git-fixes).
* pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
* pci: meson: remove cast between incompatible function type (git-fixes).
* pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
* pci: microchip: remove cast between incompatible function type (git-fixes).
* pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
* pci: rockchip: remove writes to unused registers (git-fixes).
* pci: s390: fix use-after-free of pci resources with per-function hotplug
(git-fixes).
* pci: tegra194: fix possible array out of bounds access (git-fixes).
* pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db()
(git-fixes).
* phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-
fixes).
* phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-
fixes).
* phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
* phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend
(git-fixes).
* phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
* phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
* phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
* pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
* pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
* pinctrl: renesas: rza2: add lock around
pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
* platform/x86: dell-sysman: fix reference leak (git-fixes).
* pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
* powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
* powerpc/iommu: do not set failed sg dma_address to dma_mapping_error
(bsc#1212091 ltc#199106).
* powerpc/iommu: fix iommu_table_in_use for a small default dma window case
(bsc#1212091 ltc#199106).
* powerpc/iommu: incorrect ddw table is referenced for sr-iov device
(bsc#1212091 ltc#199106).
* powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
ltc#199106).
* powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of
memory (bsc#1212091 ltc#199106).
* powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091
ltc#199106).
* powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091
ltc#199106).
* powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
* powerpc/pseries/ddw: do not try direct mapping with persistent memory and
one window (bsc#1212091 ltc#199106).
* powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw()
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: check if the default window in use before removing it
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: create huge dma window if no mmio32 is present
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: find existing ddw with given property name
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091
ltc#199106).
* powerpc/pseries/iommu: update remove_dma_window() to accept property name
(bsc#1212091 ltc#199106).
* powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091
ltc#199106).
* powerpc/pseries: add __init attribute to eligible functions (bsc#1212091
ltc#199106).
* powerpc/pseries: honour current smt state when dlpar onlining cpus
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
* powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588).
* powerpc/rtas: block error injection when locked down (bsc#1023051).
* powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
* powerpc/rtas_flash: allow user copy to flash block cache objects
(bsc#1194869).
* powerpc/security: fix speculation_store_bypass reporting on power10
(bsc#1188885 ltc#193722 git-fixes).
* powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161
ltc#200588). update config files.
* powerpc: fix typos in comments (bsc#1212091 ltc#199106).
* powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
* pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window
(bsc#1214297 ltc#197503).
* pstore/ram: check start of empty przs during init (git-fixes).
* pwm: add a stub for devm_pwmchip_add() (git-fixes).
* pwm: meson: fix handling of period/duty if greater than uint_max (git-
fixes).
* pwm: meson: simplify duplicated per-channel tracking (git-fixes).
* qed: fix scheduling in a tasklet while getting stats (git-fixes).
* rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
* rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
* rdma/efa: fix wrong resources deallocation order (git-fixes)
* rdma/hns: fix cq and qp cache affinity (git-fixes)
* rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
* rdma/hns: fix port active speed (git-fixes)
* rdma/irdma: prevent zero-length stag registration (git-fixes)
* rdma/irdma: replace one-element array with flexible-array member (git-fixes)
* rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
* rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
* rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
* rdma/siw: correct wrong debug message (git-fixes)
* rdma/umem: set iova in odp flow (git-fixes)
* readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
* regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
* revert "ib/isert: fix incorrect release of isert connection" (git-fixes)
* revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes).
* ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
* ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
* ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
* rpmsg: glink: add check for kstrdup (git-fixes).
* s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
* sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
* sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
* sched/psi: use kernfs polling functions for psi trigger polling
(bsc#1209799).
* scsi: bsg: increase number of devices (bsc#1210048).
* scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
* scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
* scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
* scsi: core: merge scsi_internal_device_block() and device_block()
(bsc#1209284).
* scsi: rdma/srp: fix residual handling (git-fixes)
* scsi: sg: increase number of devices (bsc#1210048).
* scsi: storvsc: always set no_report_opcodes (git-fixes).
* scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
* scsi: storvsc: handle srb status value 0x30 (git-fixes).
* scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-
fixes).
* scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes
bsc#1214371).
* selftests/futex: order calls to futex_lock_pi (git-fixes).
* selftests/harness: actually report skip for signal tests (git-fixes).
* selftests/resctrl: close perf value read fd on errors (git-fixes).
* selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
* selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-
fixes).
* selftests/rseq: check if libc rseq support is registered (git-fixes).
* selftests: forwarding: add a helper to skip test when using veth pairs (git-
fixes).
* selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
* selftests: forwarding: ethtool_extended_state: skip when using veth pairs
(git-fixes).
* selftests: forwarding: skip test when no interfaces are specified (git-
fixes).
* selftests: forwarding: switch off timeout (git-fixes).
* selftests: forwarding: tc_actions: cleanup temporary files when test is
aborted (git-fixes).
* selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
* selftests: forwarding: tc_flower: relax success criterion (git-fixes).
* selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
* serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
* serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
* serial: sprd: assign sprd_port after initialized to avoid wrong access (git-
fixes).
* serial: sprd: fix dma buffer leak issue (git-fixes).
* serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
* sfc: fix crash when reading stats while nic is resetting (git-fixes).
* smb3: do not send lease break acknowledgment if all file handles have been
closed (git-fixes).
* smb3: do not set ntlmssp_version flag for negotiate not auth request
(bsc#1193629).
* smb: client: fix -wstringop-overflow issues (bsc#1193629).
* smb: client: fix dfs link mount against w2k8 (bsc#1212142).
* smb: client: fix null auth (git-fixes).
* soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
* soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-
fixes).
* soundwire: fix enumeration completion (git-fixes).
* spi: tegra20-sflash: fix to check return value of platform_get_irq() in
tegra_sflash_probe() (git-fixes).
* supported.conf: fix typos for -!optional markers
* target: compare and write backend driver sense handling (bsc#1177719
bsc#1213026).
* target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
* target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
* target_core_rbd: remove snapshot existence validation code (bsc#1212857).
* thunderbolt: read retimer nvm authentication status prior
tb_retimer_set_inbound_sbtx() (git-fixes).
* timers: add shutdown mechanism to the internal functions (bsc#1213970).
* timers: provide timer_shutdown_sync (bsc#1213970).
* timers: rename del_timer() to timer_delete() (bsc#1213970).
* timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
* timers: replace bug_on()s (bsc#1213970).
* timers: silently ignore timers with a null function (bsc#1213970).
* timers: split [try_to_]del_timer_sync to prepare for shutdown mode
(bsc#1213970).
* timers: update kernel-doc for various functions (bsc#1213970).
* timers: use del_timer_sync() even on up (bsc#1213970).
* tracing/histograms: add histograms to hist_vars if they have referenced
variables (git-fixes).
* tracing/histograms: return an error if we fail to add histogram to hist_vars
list (git-fixes).
* tracing/probes: fix not to count error code to total length (git-fixes).
* tracing/probes: fix to avoid double count of the string length on the array
(git-fixes).
* tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if
fails (git-fixes).
* tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-
fixes).
* tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-
fixes).
* tracing: fix memleak due to race between current_tracer and trace (git-
fixes).
* tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
* tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
* tracing: fix warning in trace_buffered_event_disable() (git-fixes).
* tty: fix hang on tty device with no_room set (git-fixes).
* tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-
fixes).
* tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
* tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32
platforms (git-fixes).
* tty: serial: fsl_lpuart: make rx_watermark configurable for different
platforms (git-fixes).
* tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
* ubifs: fix memleak when insert_old_idx() failed (git-fixes).
* update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi
(git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
* usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
* usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
* usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
* usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-
fixes).
* usb: common: usb-conn-gpio: prevent bailing out if initial role is none
(git-fixes).
* usb: dwc3: fix typos in gadget.c (git-fixes).
* usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-
fixes).
* usb: dwc3: properly handle processing of pending events (git-fixes).
* usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
* usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
* usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-
fixes).
* usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
* usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-
fixes).
* usb: quirks: add quirk for focusrite scarlett (git-fixes).
* usb: serial: option: add quectel ec200a module support (git-fixes).
* usb: serial: option: support quectel em060k_128 (git-fixes).
* usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
* usb: serial: simple: sort driver entries (git-fixes).
* usb: typec: altmodes/displayport: signal hpd when configuring pin assignment
(git-fixes).
* usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
* usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
* usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
* watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-
fixes).
* wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
* wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
* wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-
fixes).
* wifi: ath9k: protect wmi command response buffer replacement with a lock
(git-fixes).
* wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
* wifi: cfg80211: fix return value in scan logic (git-fixes).
* wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
* wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc)
(git-fixes).
* wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
* wifi: mt76: mt7921: do not support one stream on secondary antenna only
(git-fixes).
* wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
* wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
* wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-
fixes).
* wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
* wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
* wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
* wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute
(git-fixes).
* wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
* wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set()
(git-fixes).
* x86/alternative: make custom return thunk unconditional (git-fixes).
* x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
* x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
* x86/cpu: clean up srso return thunk mess (git-fixes).
* x86/cpu: cleanup the untrain mess (git-fixes).
* x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
* x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
* x86/cpu: rename original retbleed methods (git-fixes).
* x86/cpu: rename srso_(.*) _alias to srso_alias_ \1 (git-fixes).
* x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
* x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang
(git-fixes).
* x86/retpoline,kprobes: skip optprobe check for indirect jumps with
retpolines and ibt (git-fixes).
* x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
* x86/speculation: add cpu_show_gds() prototype (git-fixes).
* x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
* x86/srso: correct the mitigation status when smt is disabled (git-fixes).
* x86/srso: disable the mitigation on unaffected configurations (git-fixes).
* x86/srso: explain the untraining sequences a bit more (git-fixes).
* x86/srso: fix build breakage with the llvm linker (git-fixes).
* x86/srso: fix return thunks in generated code (git-fixes).
* x86/static_call: fix __static_call_fixup() (git-fixes).
* xfs: fix sb write verify for lazysbcount (bsc#1214661).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3682=1 SUSE-2023-3682=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-3682=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.66.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.66.1
* kselftests-kmp-azure-5.14.21-150400.14.66.1
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.66.1
* cluster-md-kmp-azure-5.14.21-150400.14.66.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.66.1
* kernel-azure-devel-5.14.21-150400.14.66.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.66.1
* kernel-azure-debugsource-5.14.21-150400.14.66.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.66.1
* dlm-kmp-azure-5.14.21-150400.14.66.1
* ocfs2-kmp-azure-5.14.21-150400.14.66.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.66.1
* kernel-syms-azure-5.14.21-150400.14.66.1
* reiserfs-kmp-azure-5.14.21-150400.14.66.1
* kernel-azure-optional-5.14.21-150400.14.66.1
* kernel-azure-extra-5.14.21-150400.14.66.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.66.1
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.66.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.66.1
* kernel-azure-debuginfo-5.14.21-150400.14.66.1
* gfs2-kmp-azure-5.14.21-150400.14.66.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.66.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.66.1
* kernel-source-azure-5.14.21-150400.14.66.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.66.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-azure-devel-debuginfo-5.14.21-150400.14.66.1
* kernel-azure-debuginfo-5.14.21-150400.14.66.1
* kernel-azure-devel-5.14.21-150400.14.66.1
* kernel-syms-azure-5.14.21-150400.14.66.1
* kernel-azure-debugsource-5.14.21-150400.14.66.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.66.1
* kernel-source-azure-5.14.21-150400.14.66.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2007.html
* https://www.suse.com/security/cve/CVE-2023-20588.html
* https://www.suse.com/security/cve/CVE-2023-34319.html
* https://www.suse.com/security/cve/CVE-2023-3610.html
* https://www.suse.com/security/cve/CVE-2023-37453.html
* https://www.suse.com/security/cve/CVE-2023-3772.html
* https://www.suse.com/security/cve/CVE-2023-3863.html
* https://www.suse.com/security/cve/CVE-2023-4128.html
* https://www.suse.com/security/cve/CVE-2023-4133.html
* https://www.suse.com/security/cve/CVE-2023-4134.html
* https://www.suse.com/security/cve/CVE-2023-4147.html
* https://www.suse.com/security/cve/CVE-2023-4194.html
* https://www.suse.com/security/cve/CVE-2023-4273.html
* https://www.suse.com/security/cve/CVE-2023-4387.html
* https://www.suse.com/security/cve/CVE-2023-4459.html
* https://www.suse.com/security/cve/CVE-2023-4569.html
* https://bugzilla.suse.com/show_bug.cgi?id=1023051
* https://bugzilla.suse.com/show_bug.cgi?id=1120059
* https://bugzilla.suse.com/show_bug.cgi?id=1177719
* https://bugzilla.suse.com/show_bug.cgi?id=1188885
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1205462
* https://bugzilla.suse.com/show_bug.cgi?id=1208902
* https://bugzilla.suse.com/show_bug.cgi?id=1208949
* https://bugzilla.suse.com/show_bug.cgi?id=1209284
* https://bugzilla.suse.com/show_bug.cgi?id=1209799
* https://bugzilla.suse.com/show_bug.cgi?id=1210048
* https://bugzilla.suse.com/show_bug.cgi?id=1210448
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1212142
* https://bugzilla.suse.com/show_bug.cgi?id=1212526
* https://bugzilla.suse.com/show_bug.cgi?id=1212857
* https://bugzilla.suse.com/show_bug.cgi?id=1212873
* https://bugzilla.suse.com/show_bug.cgi?id=1213026
* https://bugzilla.suse.com/show_bug.cgi?id=1213123
* https://bugzilla.suse.com/show_bug.cgi?id=1213546
* https://bugzilla.suse.com/show_bug.cgi?id=1213580
* https://bugzilla.suse.com/show_bug.cgi?id=1213601
* https://bugzilla.suse.com/show_bug.cgi?id=1213666
* https://bugzilla.suse.com/show_bug.cgi?id=1213757
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213916
* https://bugzilla.suse.com/show_bug.cgi?id=1213921
* https://bugzilla.suse.com/show_bug.cgi?id=1213927
* https://bugzilla.suse.com/show_bug.cgi?id=1213946
* https://bugzilla.suse.com/show_bug.cgi?id=1213968
* https://bugzilla.suse.com/show_bug.cgi?id=1213970
* https://bugzilla.suse.com/show_bug.cgi?id=1213971
* https://bugzilla.suse.com/show_bug.cgi?id=1214000
* https://bugzilla.suse.com/show_bug.cgi?id=1214019
* https://bugzilla.suse.com/show_bug.cgi?id=1214120
* https://bugzilla.suse.com/show_bug.cgi?id=1214149
* https://bugzilla.suse.com/show_bug.cgi?id=1214180
* https://bugzilla.suse.com/show_bug.cgi?id=1214238
* https://bugzilla.suse.com/show_bug.cgi?id=1214285
* https://bugzilla.suse.com/show_bug.cgi?id=1214297
* https://bugzilla.suse.com/show_bug.cgi?id=1214299
* https://bugzilla.suse.com/show_bug.cgi?id=1214350
* https://bugzilla.suse.com/show_bug.cgi?id=1214368
* https://bugzilla.suse.com/show_bug.cgi?id=1214370
* https://bugzilla.suse.com/show_bug.cgi?id=1214371
* https://bugzilla.suse.com/show_bug.cgi?id=1214372
* https://bugzilla.suse.com/show_bug.cgi?id=1214380
* https://bugzilla.suse.com/show_bug.cgi?id=1214386
* https://bugzilla.suse.com/show_bug.cgi?id=1214392
* https://bugzilla.suse.com/show_bug.cgi?id=1214393
* https://bugzilla.suse.com/show_bug.cgi?id=1214397
* https://bugzilla.suse.com/show_bug.cgi?id=1214428
* https://bugzilla.suse.com/show_bug.cgi?id=1214451
* https://bugzilla.suse.com/show_bug.cgi?id=1214659
* https://bugzilla.suse.com/show_bug.cgi?id=1214661
* https://bugzilla.suse.com/show_bug.cgi?id=1214729
* https://bugzilla.suse.com/show_bug.cgi?id=1214742
* https://bugzilla.suse.com/show_bug.cgi?id=1214743
* https://bugzilla.suse.com/show_bug.cgi?id=1214756
* https://bugzilla.suse.com/show_bug.cgi?id=1214760
* https://jira.suse.com/browse/PED-4579
* https://jira.suse.com/browse/PED-4759
* https://jira.suse.com/browse/PED-4927
* https://jira.suse.com/browse/PED-4929
* https://jira.suse.com/browse/PED-5738
* https://jira.suse.com/browse/PED-6003
* https://jira.suse.com/browse/PED-6004
1
0