openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
February 2024
- 2 participants
- 60 discussions
15 Feb '24
# Security update for salt
Announcement ID: SUSE-SU-2024:0510-1
Rating: important
References:
* bsc#1193948
* bsc#1211649
* bsc#1215963
* bsc#1216284
* bsc#1219430
* bsc#1219431
* jsc#MSQA-719
Cross-References:
* CVE-2024-22231
* CVE-2024-22232
CVSS scores:
* CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Transactional Server Module 15-SP5
An update that solves two vulnerabilities, contains one feature and has four
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2024-22231: Prevent directory traversal when creating syndic cache
directory on the master (bsc#1219430)
* CVE-2024-22232: Prevent directory traversal attacks in the master's
serve_file method (bsc#1219431)
Bugs fixed:
* Ensure that pillar refresh loads beacons from pillar without restart
* Fix the aptpkg.py unit test failure
* Prefer unittest.mock to python-mock in test suite
* Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
* Revert changes to set Salt configured user early in the stack (bsc#1216284)
* Align behavior of some modules when using salt-call via symlink
(bsc#1215963)
* Fix gitfs " **env** " and improve cache cleaning (bsc#1193948)
* Remove python-boto dependency for the python3-salt-testsuite package for
Tumbleweed
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-510=1 openSUSE-SLE-15.5-2024-510=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-510=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-510=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-510=1
* Transactional Server Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2024-510=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* salt-ssh-3006.0-150500.4.29.1
* salt-cloud-3006.0-150500.4.29.1
* python3-salt-testsuite-3006.0-150500.4.29.1
* salt-3006.0-150500.4.29.1
* salt-doc-3006.0-150500.4.29.1
* python3-salt-3006.0-150500.4.29.1
* salt-proxy-3006.0-150500.4.29.1
* salt-syndic-3006.0-150500.4.29.1
* salt-master-3006.0-150500.4.29.1
* salt-minion-3006.0-150500.4.29.1
* salt-transactional-update-3006.0-150500.4.29.1
* salt-api-3006.0-150500.4.29.1
* salt-standalone-formulas-configuration-3006.0-150500.4.29.1
* openSUSE Leap 15.5 (noarch)
* salt-bash-completion-3006.0-150500.4.29.1
* salt-fish-completion-3006.0-150500.4.29.1
* salt-zsh-completion-3006.0-150500.4.29.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* salt-minion-3006.0-150500.4.29.1
* salt-3006.0-150500.4.29.1
* python3-salt-3006.0-150500.4.29.1
* salt-transactional-update-3006.0-150500.4.29.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.29.1
* salt-3006.0-150500.4.29.1
* salt-doc-3006.0-150500.4.29.1
* python3-salt-3006.0-150500.4.29.1
* Basesystem Module 15-SP5 (noarch)
* salt-bash-completion-3006.0-150500.4.29.1
* salt-zsh-completion-3006.0-150500.4.29.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-ssh-3006.0-150500.4.29.1
* salt-cloud-3006.0-150500.4.29.1
* salt-proxy-3006.0-150500.4.29.1
* salt-syndic-3006.0-150500.4.29.1
* salt-master-3006.0-150500.4.29.1
* salt-api-3006.0-150500.4.29.1
* salt-standalone-formulas-configuration-3006.0-150500.4.29.1
* Server Applications Module 15-SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.29.1
* Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150500.4.29.1
## References:
* https://www.suse.com/security/cve/CVE-2024-22231.html
* https://www.suse.com/security/cve/CVE-2024-22232.html
* https://bugzilla.suse.com/show_bug.cgi?id=1193948
* https://bugzilla.suse.com/show_bug.cgi?id=1211649
* https://bugzilla.suse.com/show_bug.cgi?id=1215963
* https://bugzilla.suse.com/show_bug.cgi?id=1216284
* https://bugzilla.suse.com/show_bug.cgi?id=1219430
* https://bugzilla.suse.com/show_bug.cgi?id=1219431
* https://jira.suse.com/browse/MSQA-719
1
0
15 Feb '24
# Security update for salt
Announcement ID: SUSE-SU-2024:0509-1
Rating: important
References:
* bsc#1193948
* bsc#1211649
* bsc#1215963
* bsc#1216284
* bsc#1219430
* bsc#1219431
* jsc#MSQA-719
Cross-References:
* CVE-2024-22231
* CVE-2024-22232
CVSS scores:
* CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves two vulnerabilities, contains one feature and has four
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2024-22231: Prevent directory traversal when creating syndic cache
directory on the master (bsc#1219430)
* CVE-2024-22232: Prevent directory traversal attacks in the master's
serve_file method (bsc#1219431)
Bugs fixed:
* Ensure that pillar refresh loads beacons from pillar without restart
* Fix the aptpkg.py unit test failure
* Prefer unittest.mock to python-mock in test suite
* Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
* Revert changes to set Salt configured user early in the stack (bsc#1216284)
* Align behavior of some modules when using salt-call via symlink
(bsc#1215963)
* Fix gitfs " **env** " and improve cache cleaning (bsc#1193948)
* Remove python-boto dependency for the python3-salt-testsuite package for
Tumbleweed
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-509=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-509=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-509=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-509=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-509=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-509=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-509=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-509=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-509=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-509=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-509=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-509=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-509=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-509=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-509=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Manager Proxy 4.3 (x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Manager Proxy 4.3 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Manager Server 4.3 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* python3-salt-testsuite-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* openSUSE Leap 15.4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-transactional-update-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* salt-syndic-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* python3-salt-3006.0-150400.8.54.1
* salt-proxy-3006.0-150400.8.54.1
* salt-standalone-formulas-configuration-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-api-3006.0-150400.8.54.1
* salt-ssh-3006.0-150400.8.54.1
* salt-master-3006.0-150400.8.54.1
* salt-cloud-3006.0-150400.8.54.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.54.1
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* python3-salt-3006.0-150400.8.54.1
* salt-3006.0-150400.8.54.1
* salt-doc-3006.0-150400.8.54.1
* salt-minion-3006.0-150400.8.54.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* salt-zsh-completion-3006.0-150400.8.54.1
* salt-bash-completion-3006.0-150400.8.54.1
## References:
* https://www.suse.com/security/cve/CVE-2024-22231.html
* https://www.suse.com/security/cve/CVE-2024-22232.html
* https://bugzilla.suse.com/show_bug.cgi?id=1193948
* https://bugzilla.suse.com/show_bug.cgi?id=1211649
* https://bugzilla.suse.com/show_bug.cgi?id=1215963
* https://bugzilla.suse.com/show_bug.cgi?id=1216284
* https://bugzilla.suse.com/show_bug.cgi?id=1219430
* https://bugzilla.suse.com/show_bug.cgi?id=1219431
* https://jira.suse.com/browse/MSQA-719
1
0
SUSE-SU-2024:0512-1: important: Security update for golang-github-prometheus-alertmanager
by OPENSUSE-SECURITY-UPDATES 15 Feb '24
by OPENSUSE-SECURITY-UPDATES 15 Feb '24
15 Feb '24
# Security update for golang-github-prometheus-alertmanager
Announcement ID: SUSE-SU-2024:0512-1
Rating: important
References:
* bsc#1218838
* jsc#MSQA-719
* jsc#PED-7353
Cross-References:
* CVE-2023-40577
CVSS scores:
* CVE-2023-40577 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-40577 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 Module 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Package Hub 15 15-SP5
An update that solves one vulnerability and contains two features can now be
installed.
## Description:
This update for golang-github-prometheus-alertmanager fixes the following
issues:
golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0
(jsc#PED-7353):
* Version 0.26.0:
* Security fixes:
* CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
* Other changes and bugs fixed:
* Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
* Templating: Fixed a race condition when using the title function. It is now race-safe
* API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
* API: Attempting to delete a silence now returns the correct status code, 404 instead of 500
* Clustering: Fixes a panic when tls_client_config is empty
* Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text
* Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the alert delivery
* Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster
* Integrations: Add Microsoft Teams as a supported integration
* Version 0.25.0:
* Fail configuration loading if api_key and api_key_file are defined at the
same time
* Fix the alertmanager_alerts metric to avoid counting resolved alerts as
active. Also added a new alertmanager_marked_alerts metric that retain the
old behavior
* Trim contents of Slack API URLs when reading from files
* amtool: Avoid panic when the label value matcher is empty
* Fail configuration loading if api_url is empty for OpsGenie
* Fix email template for resolved notifications
* Add proxy_url support for OAuth2 in HTTP client configuration
* Reload TLS certificate and key from disk when updated
* Add Discord integration
* Add Webex integration
* Add min_version support to select the minimum TLS version in HTTP client
configuration
* Add max_version support to select the maximum TLS version in HTTP client
configuration
* Emit warning logs when truncating messages in notifications
* Support HEAD method for the /-/healty and /-/ready endpoints
* Add support for reading global and local SMTP passwords from files
* UI: Add 'Link' button to alerts in list
* UI: Allow to choose the first day of the week as Sunday or Monday
* Version 0.24.0:
* Fix HTTP client configuration for the SNS receiver
* Fix unclosed file descriptor after reading the silences snapshot file
* Fix field names for mute_time_intervals in JSON marshaling
* Ensure that the root route doesn't have any matchers
* Truncate the message's title to 1024 chars to avoid hitting Slack limits
* Fix the default HTML email template (email.default.html) to match with the
canonical source
* Detect SNS FIFO topic based on the rendered value
* Avoid deleting and recreating a silence when an update is possible
* api/v2: Return 200 OK when deleting an expired silence
* amtool: Fix the silence's end date when adding a silence. The end date is
(start date + duration) while it used to be (current time + duration). The
new behavior is consistent with the update operation
* Add the /api/v2 prefix to all endpoints in the OpenAPI specification and
generated client code
* Add --cluster.tls-config experimental flag to secure cluster traffic via
mutual TLS
* Add Telegram integration
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-512=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-512=1
* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2024-512=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-512=1
## Package List:
* SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40577.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218838
* https://jira.suse.com/browse/MSQA-719
* https://jira.suse.com/browse/PED-7353
1
0
SUSE-SU-2024:0513-1: important: Security update for SUSE Manager 4.3.11 Release Notes
by OPENSUSE-SECURITY-UPDATES 15 Feb '24
by OPENSUSE-SECURITY-UPDATES 15 Feb '24
15 Feb '24
# Security update for SUSE Manager 4.3.11 Release Notes
Announcement ID: SUSE-SU-2024:0513-1
Rating: important
References:
* bsc#1170848
* bsc#1210911
* bsc#1211254
* bsc#1211560
* bsc#1211912
* bsc#1213079
* bsc#1213507
* bsc#1213738
* bsc#1213981
* bsc#1214077
* bsc#1214791
* bsc#1215166
* bsc#1215514
* bsc#1215769
* bsc#1215810
* bsc#1215813
* bsc#1215982
* bsc#1216114
* bsc#1216394
* bsc#1216437
* bsc#1216550
* bsc#1216657
* bsc#1216753
* bsc#1216781
* bsc#1216988
* bsc#1217069
* bsc#1217209
* bsc#1217588
* bsc#1217784
* bsc#1217869
* bsc#1218019
* bsc#1218074
* bsc#1218075
* bsc#1218089
* bsc#1218094
* bsc#1218146
* bsc#1218490
* bsc#1218615
* bsc#1218669
* bsc#1218849
* bsc#1219577
* bsc#1219850
* jsc#MSQA-719
Cross-References:
* CVE-2023-32189
* CVE-2024-22231
* CVE-2024-22232
CVSS scores:
* CVE-2024-22231 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2024-22232 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves three vulnerabilities, contains one feature and has 39
security fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
### Description:
This update fixes the following issues:
release-notes-susemanager-proxy:
* Update to SUSE Manager 4.3.11
* Bugs mentioned: bsc#1213738, bsc#1216657, bsc#1216781, bsc#1217209,
bsc#1217588 bsc#1218615, bsc#1218849, bsc#1219577, bsc#1219850
## Security update for SUSE Manager Server 4.3
### Description:
This update fixes the following issues:
release-notes-susemanager:
* Update to SUSE Manager 4.3.11
* Migrate from RHEL and its clones to SUSE Liberty Linux
* Reboot required indication for non-SUSE distributions
* SSH key rotation for enhanced security
* Configure remote command execution
* End of Debian 10 support
* CVEs fixed: CVE-2023-32189, CVE-2024-22231, CVE-2024-22232
* Bugs mentioned:
bsc#1170848, bsc#1210911, bsc#1211254, bsc#1211560, bsc#1211912 bsc#1213079,
bsc#1213507, bsc#1213738, bsc#1213981, bsc#1214077 bsc#1214791, bsc#1215166,
bsc#1215514, bsc#1215769, bsc#1215810 bsc#1215813, bsc#1215982, bsc#1216114,
bsc#1216394, bsc#1216437 bsc#1216550, bsc#1216657, bsc#1216753, bsc#1216781,
bsc#1216988 bsc#1217069, bsc#1217209, bsc#1217588, bsc#1217784, bsc#1217869
bsc#1218019, bsc#1218074, bsc#1218075, bsc#1218089, bsc#1218094 bsc#1218490,
bsc#1218615, bsc#1218669, bsc#1218849, bsc#1219577 bsc#1219850, bsc#1218146
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-513=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-513=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-513=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-513=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-proxy-4.3.11-150400.3.79.1
* release-notes-susemanager-4.3.11-150400.3.100.1
* SUSE Manager Proxy 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.11-150400.3.79.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.11-150400.3.79.1
* SUSE Manager Server 4.3 (noarch)
* release-notes-susemanager-4.3.11-150400.3.100.1
## References:
* https://www.suse.com/security/cve/CVE-2023-32189.html
* https://www.suse.com/security/cve/CVE-2024-22231.html
* https://www.suse.com/security/cve/CVE-2024-22232.html
* https://bugzilla.suse.com/show_bug.cgi?id=1170848
* https://bugzilla.suse.com/show_bug.cgi?id=1210911
* https://bugzilla.suse.com/show_bug.cgi?id=1211254
* https://bugzilla.suse.com/show_bug.cgi?id=1211560
* https://bugzilla.suse.com/show_bug.cgi?id=1211912
* https://bugzilla.suse.com/show_bug.cgi?id=1213079
* https://bugzilla.suse.com/show_bug.cgi?id=1213507
* https://bugzilla.suse.com/show_bug.cgi?id=1213738
* https://bugzilla.suse.com/show_bug.cgi?id=1213981
* https://bugzilla.suse.com/show_bug.cgi?id=1214077
* https://bugzilla.suse.com/show_bug.cgi?id=1214791
* https://bugzilla.suse.com/show_bug.cgi?id=1215166
* https://bugzilla.suse.com/show_bug.cgi?id=1215514
* https://bugzilla.suse.com/show_bug.cgi?id=1215769
* https://bugzilla.suse.com/show_bug.cgi?id=1215810
* https://bugzilla.suse.com/show_bug.cgi?id=1215813
* https://bugzilla.suse.com/show_bug.cgi?id=1215982
* https://bugzilla.suse.com/show_bug.cgi?id=1216114
* https://bugzilla.suse.com/show_bug.cgi?id=1216394
* https://bugzilla.suse.com/show_bug.cgi?id=1216437
* https://bugzilla.suse.com/show_bug.cgi?id=1216550
* https://bugzilla.suse.com/show_bug.cgi?id=1216657
* https://bugzilla.suse.com/show_bug.cgi?id=1216753
* https://bugzilla.suse.com/show_bug.cgi?id=1216781
* https://bugzilla.suse.com/show_bug.cgi?id=1216988
* https://bugzilla.suse.com/show_bug.cgi?id=1217069
* https://bugzilla.suse.com/show_bug.cgi?id=1217209
* https://bugzilla.suse.com/show_bug.cgi?id=1217588
* https://bugzilla.suse.com/show_bug.cgi?id=1217784
* https://bugzilla.suse.com/show_bug.cgi?id=1217869
* https://bugzilla.suse.com/show_bug.cgi?id=1218019
* https://bugzilla.suse.com/show_bug.cgi?id=1218074
* https://bugzilla.suse.com/show_bug.cgi?id=1218075
* https://bugzilla.suse.com/show_bug.cgi?id=1218089
* https://bugzilla.suse.com/show_bug.cgi?id=1218094
* https://bugzilla.suse.com/show_bug.cgi?id=1218146
* https://bugzilla.suse.com/show_bug.cgi?id=1218490
* https://bugzilla.suse.com/show_bug.cgi?id=1218615
* https://bugzilla.suse.com/show_bug.cgi?id=1218669
* https://bugzilla.suse.com/show_bug.cgi?id=1218849
* https://bugzilla.suse.com/show_bug.cgi?id=1219577
* https://bugzilla.suse.com/show_bug.cgi?id=1219850
* https://jira.suse.com/browse/MSQA-719
1
0
SUSE-SU-2024:0515-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 15 Feb '24
by OPENSUSE-SECURITY-UPDATES 15 Feb '24
15 Feb '24
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0515-1
Rating: important
References:
* bsc#1108281
* bsc#1177529
* bsc#1209834
* bsc#1212091
* bsc#1215275
* bsc#1215885
* bsc#1216016
* bsc#1216702
* bsc#1217217
* bsc#1217670
* bsc#1217895
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218689
* bsc#1218713
* bsc#1218730
* bsc#1218752
* bsc#1218757
* bsc#1218768
* bsc#1218804
* bsc#1218832
* bsc#1218836
* bsc#1218916
* bsc#1218929
* bsc#1218930
* bsc#1218968
* bsc#1219053
* bsc#1219120
* bsc#1219128
* bsc#1219349
* bsc#1219412
* bsc#1219429
* bsc#1219434
* bsc#1219490
* bsc#1219608
Cross-References:
* CVE-2021-33631
* CVE-2023-46838
* CVE-2023-47233
* CVE-2023-4921
* CVE-2023-51042
* CVE-2023-51043
* CVE-2023-51780
* CVE-2023-51782
* CVE-2023-6040
* CVE-2023-6356
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-6915
* CVE-2024-0340
* CVE-2024-0565
* CVE-2024-0641
* CVE-2024-0775
* CVE-2024-1085
* CVE-2024-1086
* CVE-2024-24860
CVSS scores:
* CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0641 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24860 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 20 vulnerabilities and has 16 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
bugfixes.
The following security bugs were fixed:
* CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
nft_setelem_catchall_deactivate() function (bsc#1219429).
* CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
component that could have been exploited to achieve local privilege
escalation (bsc#1219434).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
because of a vcc_recvmsg race condition (bsc#1218730).
* CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
transmit fragment (bsc#1218836).
* CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
(bsc#1219412).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalation
(bsc#1215275).
* CVE-2023-51043: Fixed use-after-free during a race condition between a
nonblocking atomic commit and a driver unload in
drivers/gpu/drm/drm_atomic.c (bsc#1219120).
* CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
that could allow a local user to cause an information leak problem while
freeing the old quota file names before a potential failure (bsc#1219053).
* CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
new netfilter table, lack of a safeguard against invalid nf_tables family
(pf) values within `nf_tables_newtable` function (bsc#1218752).
* CVE-2024-0641: Fixed a denial of service vulnerability in
tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
* CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
* CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
lib/idr.c (bsc#1218804).
* CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
because of a rose_accept race condition (bsc#1218757).
* CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
(bsc#1218689).
* CVE-2024-24860: Fixed a denial of service caused by a race condition in
{min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
* Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
* bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
(git-fixes).
* bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
* bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
* bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
* bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
* bcache: check return value from btree_node_alloc_replacement() (git-fixes).
* bcache: fixup btree_cache_wait list damage (git-fixes).
* bcache: fixup init dirty data errors (git-fixes).
* bcache: fixup lock c->root error (git-fixes).
* bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-
fixes).
* bcache: prevent potential division by zero error (git-fixes).
* bcache: remove redundant assignment to variable cur_idx (git-fixes).
* bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
* bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
* block: Fix kabi header include (bsc#1218929).
* block: free the extended dev_t minor later (bsc#1218930).
* clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
* clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
* dm cache policy smq: ensure IO does not prevent cleaner policy progress
(git-fixes).
* dm cache: add cond_resched() to various workqueue loops (git-fixes).
* dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-
fixes).
* dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
* dm crypt: avoid accessing uninitialized tasklet (git-fixes).
* dm flakey: do not corrupt the zero page (git-fixes).
* dm flakey: fix a crash with invalid table line (git-fixes).
* dm flakey: fix logic when corrupting a bio (git-fixes).
* dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
(git-fixes).
* dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
(git-fixes).
* dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-
fixes).
* dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
* dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-
fixes).
* dm stats: check for and propagate alloc_percpu failure (git-fixes).
* dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-
fixes).
* dm thin metadata: check fail_io before using data_sm (git-fixes).
* dm thin: add cond_resched() to various workqueue loops (git-fixes).
* dm thin: fix deadlock when swapping to thin device (bsc#1177529).
* dm verity: do not perform FEC for failed readahead IO (git-fixes).
* dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
* dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
* dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
* dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
* dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata()
(git-fixes).
* dm-verity: align struct dm_verity_fec_io properly (git-fixes).
* dm: add cond_resched() to dm_wq_work() (git-fixes).
* dm: do not lock fs when the map is NULL during suspend or resume (git-
fixes).
* dm: do not lock fs when the map is NULL in process of resume (git-fixes).
* dm: remove flush_scheduled_work() during local_exit() (git-fixes).
* dm: send just one event on resize, not two (git-fixes).
* doc/README.KSYMS: Add to repo.
* hv_netvsc: rndis_filter needs to select NLS (git-fixes).
* intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
* kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* loop: suppress uevents while reconfiguring the device (git-fixes).
* nbd: Fix debugfs_create_dir error checking (git-fixes).
* nbd: fix incomplete validation of ioctl arg (git-fixes).
* nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
* nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
* nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
* null_blk: Always check queue mode setting from configfs (git-fixes).
* powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
IOV device (bsc#1212091 ltc#199106 git-fixes).
* rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-
fixes).
* rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
* rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
* rbd: get snapshot context after exclusive lock is ensured to be held (git-
fixes).
* rbd: harden get_lock_owner_info() a bit (git-fixes).
* rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
* rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
* rbd: move rbd_dev_refresh() definition (git-fixes).
* rbd: prevent busy loop when requesting exclusive lock (git-fixes).
* rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
* rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
* sched/isolation: add cpu_is_isolated() API (bsc#1217895).
* scsi: ibmvfc: Implement channel queue depth and event buffer accounting
(bsc#1209834 ltc#202097).
* scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
ltc#202097).
* trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
* vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-515=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-515=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-515=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-515=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-515=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-515=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-515=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-515=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-515=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-515=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-515=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-515=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-515=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-515=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-515=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* kernel-default-extra-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* SUSE Manager Proxy 4.3 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Manager Proxy 4.3 (x86_64)
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Manager Proxy 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Manager Retail Branch Server 4.3 (nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (nosrc ppc64le s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (noarch)
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.108.1
* SUSE Manager Server 4.3 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (noarch)
* kernel-source-vanilla-5.14.21-150400.24.108.1
* kernel-source-5.14.21-150400.24.108.1
* kernel-docs-html-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debuginfo-5.14.21-150400.24.108.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.108.1
* kernel-debug-devel-5.14.21-150400.24.108.1
* kernel-debug-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.108.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.108.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-kvmsmall-devel-5.14.21-150400.24.108.1
* kernel-default-base-rebuild-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-kvmsmall-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150400.24.108.1
* kernel-default-optional-5.14.21-150400.24.108.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-devel-5.14.21-150400.24.108.1
* dlm-kmp-default-5.14.21-150400.24.108.1
* kernel-default-extra-5.14.21-150400.24.108.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-qa-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* cluster-md-kmp-default-5.14.21-150400.24.108.1
* ocfs2-kmp-default-5.14.21-150400.24.108.1
* kernel-default-livepatch-devel-5.14.21-150400.24.108.1
* gfs2-kmp-default-5.14.21-150400.24.108.1
* kselftests-kmp-default-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.108.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64)
* dtb-altera-5.14.21-150400.24.108.1
* dtb-amlogic-5.14.21-150400.24.108.1
* dtb-nvidia-5.14.21-150400.24.108.1
* dtb-xilinx-5.14.21-150400.24.108.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.108.1
* kselftests-kmp-64kb-5.14.21-150400.24.108.1
* dtb-apm-5.14.21-150400.24.108.1
* reiserfs-kmp-64kb-5.14.21-150400.24.108.1
* dtb-lg-5.14.21-150400.24.108.1
* gfs2-kmp-64kb-5.14.21-150400.24.108.1
* dtb-qcom-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* ocfs2-kmp-64kb-5.14.21-150400.24.108.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-devel-5.14.21-150400.24.108.1
* dtb-allwinner-5.14.21-150400.24.108.1
* dtb-hisilicon-5.14.21-150400.24.108.1
* dtb-rockchip-5.14.21-150400.24.108.1
* dlm-kmp-64kb-5.14.21-150400.24.108.1
* dtb-freescale-5.14.21-150400.24.108.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-amazon-5.14.21-150400.24.108.1
* cluster-md-kmp-64kb-5.14.21-150400.24.108.1
* dtb-broadcom-5.14.21-150400.24.108.1
* dtb-renesas-5.14.21-150400.24.108.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-extra-5.14.21-150400.24.108.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-cavium-5.14.21-150400.24.108.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-optional-5.14.21-150400.24.108.1
* dtb-apple-5.14.21-150400.24.108.1
* dtb-marvell-5.14.21-150400.24.108.1
* dtb-mediatek-5.14.21-150400.24.108.1
* dtb-arm-5.14.21-150400.24.108.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-sprd-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* dtb-exynos-5.14.21-150400.24.108.1
* dtb-amd-5.14.21-150400.24.108.1
* dtb-socionext-5.14.21-150400.24.108.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-livepatch-devel-5.14.21-150400.24.108.1
* kernel-livepatch-SLE15-SP4_Update_23-debugsource-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_108-default-debuginfo-1-150400.9.5.1
* kernel-default-livepatch-5.14.21-150400.24.108.1
* kernel-livepatch-5_14_21-150400_24_108-default-1-150400.9.5.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* gfs2-kmp-default-5.14.21-150400.24.108.1
* cluster-md-kmp-default-5.14.21-150400.24.108.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.108.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.108.1
* dlm-kmp-default-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
nosrc)
* kernel-64kb-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.108.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-64kb-debugsource-5.14.21-150400.24.108.1
* kernel-64kb-debuginfo-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.108.1
* kernel-obs-build-5.14.21-150400.24.108.1
* kernel-default-debugsource-5.14.21-150400.24.108.1
* kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2
* kernel-default-devel-5.14.21-150400.24.108.1
* kernel-obs-build-debugsource-5.14.21-150400.24.108.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.108.1
* kernel-syms-5.14.21-150400.24.108.1
* kernel-default-debuginfo-5.14.21-150400.24.108.1
* reiserfs-kmp-default-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* kernel-source-5.14.21-150400.24.108.1
* kernel-macros-5.14.21-150400.24.108.1
* kernel-devel-5.14.21-150400.24.108.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.108.1
## References:
* https://www.suse.com/security/cve/CVE-2021-33631.html
* https://www.suse.com/security/cve/CVE-2023-46838.html
* https://www.suse.com/security/cve/CVE-2023-47233.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-51043.html
* https://www.suse.com/security/cve/CVE-2023-51780.html
* https://www.suse.com/security/cve/CVE-2023-51782.html
* https://www.suse.com/security/cve/CVE-2023-6040.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-6915.html
* https://www.suse.com/security/cve/CVE-2024-0340.html
* https://www.suse.com/security/cve/CVE-2024-0565.html
* https://www.suse.com/security/cve/CVE-2024-0641.html
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://www.suse.com/security/cve/CVE-2024-1085.html
* https://www.suse.com/security/cve/CVE-2024-1086.html
* https://www.suse.com/security/cve/CVE-2024-24860.html
* https://bugzilla.suse.com/show_bug.cgi?id=1108281
* https://bugzilla.suse.com/show_bug.cgi?id=1177529
* https://bugzilla.suse.com/show_bug.cgi?id=1209834
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1215275
* https://bugzilla.suse.com/show_bug.cgi?id=1215885
* https://bugzilla.suse.com/show_bug.cgi?id=1216016
* https://bugzilla.suse.com/show_bug.cgi?id=1216702
* https://bugzilla.suse.com/show_bug.cgi?id=1217217
* https://bugzilla.suse.com/show_bug.cgi?id=1217670
* https://bugzilla.suse.com/show_bug.cgi?id=1217895
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218689
* https://bugzilla.suse.com/show_bug.cgi?id=1218713
* https://bugzilla.suse.com/show_bug.cgi?id=1218730
* https://bugzilla.suse.com/show_bug.cgi?id=1218752
* https://bugzilla.suse.com/show_bug.cgi?id=1218757
* https://bugzilla.suse.com/show_bug.cgi?id=1218768
* https://bugzilla.suse.com/show_bug.cgi?id=1218804
* https://bugzilla.suse.com/show_bug.cgi?id=1218832
* https://bugzilla.suse.com/show_bug.cgi?id=1218836
* https://bugzilla.suse.com/show_bug.cgi?id=1218916
* https://bugzilla.suse.com/show_bug.cgi?id=1218929
* https://bugzilla.suse.com/show_bug.cgi?id=1218930
* https://bugzilla.suse.com/show_bug.cgi?id=1218968
* https://bugzilla.suse.com/show_bug.cgi?id=1219053
* https://bugzilla.suse.com/show_bug.cgi?id=1219120
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219349
* https://bugzilla.suse.com/show_bug.cgi?id=1219412
* https://bugzilla.suse.com/show_bug.cgi?id=1219429
* https://bugzilla.suse.com/show_bug.cgi?id=1219434
* https://bugzilla.suse.com/show_bug.cgi?id=1219490
* https://bugzilla.suse.com/show_bug.cgi?id=1219608
1
0
SUSE-SU-2024:0476-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 14 Feb '24
by OPENSUSE-SECURITY-UPDATES 14 Feb '24
14 Feb '24
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0476-1
Rating: important
References:
* bsc#1108281
* bsc#1177529
* bsc#1209834
* bsc#1212091
* bsc#1215885
* bsc#1216016
* bsc#1216702
* bsc#1217217
* bsc#1217670
* bsc#1217895
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218689
* bsc#1218713
* bsc#1218730
* bsc#1218752
* bsc#1218757
* bsc#1218768
* bsc#1218804
* bsc#1218832
* bsc#1218836
* bsc#1218916
* bsc#1218929
* bsc#1218930
* bsc#1218968
* bsc#1219053
* bsc#1219120
* bsc#1219128
* bsc#1219349
* bsc#1219412
* bsc#1219429
* bsc#1219434
* bsc#1219490
* bsc#1219608
Cross-References:
* CVE-2021-33631
* CVE-2023-46838
* CVE-2023-47233
* CVE-2023-51042
* CVE-2023-51043
* CVE-2023-51780
* CVE-2023-51782
* CVE-2023-6040
* CVE-2023-6356
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-6915
* CVE-2024-0340
* CVE-2024-0565
* CVE-2024-0641
* CVE-2024-0775
* CVE-2024-1085
* CVE-2024-1086
* CVE-2024-24860
CVSS scores:
* CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0340 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-0340 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0641 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24860 ( NVD ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves 19 vulnerabilities and has 16 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg()
(bsc#1218689).
* CVE-2024-24860: Fixed a denial of service caused by a race condition in
{min,max}_key_size_set() (bsc#1219608).
* CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
nft_setelem_catchall_deactivate() function (bsc#1219429).
* CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
component that could have been exploited to achieve local privilege
escalation (bsc#1219434).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
because of a vcc_recvmsg race condition (bsc#1218730).
* CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
transmit fragment (bsc#1218836).
* CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
(bsc#1219412).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
* CVE-2023-51043: Fixed use-after-free during a race condition between a
nonblocking atomic commit and a driver unload in
drivers/gpu/drm/drm_atomic.c (bsc#1219120).
* CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
that could allow a local user to cause an information leak problem while
freeing the old quota file names before a potential failure (bsc#1219053).
* CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
new netfilter table, lack of a safeguard against invalid nf_tables family
(pf) values within `nf_tables_newtable` function (bsc#1218752).
* CVE-2024-0641: Fixed a denial of service vulnerability in
tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
* CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
* CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
lib/idr.c (bsc#1218804).
* CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
* Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
* bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
(git-fixes).
* bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
* bcache: add code comments for bch_btree_node_get() and
__bch_btree_node_alloc() (git-fixes).
* bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
* bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
* bcache: check return value from btree_node_alloc_replacement() (git-fixes).
* bcache: fixup btree_cache_wait list damage (git-fixes).
* bcache: fixup init dirty data errors (git-fixes).
* bcache: fixup lock c->root error (git-fixes).
* bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-
fixes).
* bcache: prevent potential division by zero error (git-fixes).
* bcache: remove redundant assignment to variable cur_idx (git-fixes).
* bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
btree_gc_coalesce() (git-fixes).
* bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
* block: Fix kabi header include (bsc#1218929).
* block: free the extended dev_t minor later (bsc#1218930).
* clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
* clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
* dm cache policy smq: ensure IO does not prevent cleaner policy progress
(git-fixes).
* dm cache: add cond_resched() to various workqueue loops (git-fixes).
* dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-
fixes).
* dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
* dm crypt: avoid accessing uninitialized tasklet (git-fixes).
* dm flakey: do not corrupt the zero page (git-fixes).
* dm flakey: fix a crash with invalid table line (git-fixes).
* dm flakey: fix logic when corrupting a bio (git-fixes).
* dm init: add dm-mod.waitfor to wait for asynchronously probed block devices
(git-fixes).
* dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
(git-fixes).
* dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-
fixes).
* dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
* dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-
fixes).
* dm stats: check for and propagate alloc_percpu failure (git-fixes).
* dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-
fixes).
* dm thin metadata: check fail_io before using data_sm (git-fixes).
* dm thin: add cond_resched() to various workqueue loops (git-fixes).
* dm thin: fix deadlock when swapping to thin device (bsc#1177529).
* dm verity: do not perform FEC for failed readahead IO (git-fixes).
* dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
* dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
* dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
* dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
* dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata()
(git-fixes).
* dm-verity: align struct dm_verity_fec_io properly (git-fixes).
* dm: add cond_resched() to dm_wq_work() (git-fixes).
* dm: do not lock fs when the map is NULL during suspend or resume (git-
fixes).
* dm: do not lock fs when the map is NULL in process of resume (git-fixes).
* dm: remove flush_scheduled_work() during local_exit() (git-fixes).
* dm: send just one event on resize, not two (git-fixes).
* doc/README.KSYMS: Add to repo.
* hv_netvsc: rndis_filter needs to select NLS (git-fixes).
* intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
* kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* kernel-source: Fix description typo
* loop: suppress uevents while reconfiguring the device (git-fixes).
* nbd: Fix debugfs_create_dir error checking (git-fixes).
* nbd: fix incomplete validation of ioctl arg (git-fixes).
* nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
* nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
* nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
* null_blk: Always check queue mode setting from configfs (git-fixes).
* powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
IOV device (bsc#1212091 ltc#199106 git-fixes).
* rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-
fixes).
* rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
* rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
* rbd: get snapshot context after exclusive lock is ensured to be held (git-
fixes).
* rbd: harden get_lock_owner_info() a bit (git-fixes).
* rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
* rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
* rbd: move rbd_dev_refresh() definition (git-fixes).
* rbd: prevent busy loop when requesting exclusive lock (git-fixes).
* rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
* rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
* sched/isolation: add cpu_is_isolated() API (bsc#1217895).
* scsi: ibmvfc: Implement channel queue depth and event buffer accounting
(bsc#1209834 ltc#202097).
* scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
ltc#202097).
* trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
* vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-476=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-476=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-476=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-476=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-476=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-476=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-476=1
## Package List:
* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.68.1
* kernel-rt-debuginfo-5.14.21-150400.15.68.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-SLE15-SP4-RT_Update_18-debugsource-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_68-rt-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_68-rt-debuginfo-1-150400.1.3.1
## References:
* https://www.suse.com/security/cve/CVE-2021-33631.html
* https://www.suse.com/security/cve/CVE-2023-46838.html
* https://www.suse.com/security/cve/CVE-2023-47233.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-51043.html
* https://www.suse.com/security/cve/CVE-2023-51780.html
* https://www.suse.com/security/cve/CVE-2023-51782.html
* https://www.suse.com/security/cve/CVE-2023-6040.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-6915.html
* https://www.suse.com/security/cve/CVE-2024-0340.html
* https://www.suse.com/security/cve/CVE-2024-0565.html
* https://www.suse.com/security/cve/CVE-2024-0641.html
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://www.suse.com/security/cve/CVE-2024-1085.html
* https://www.suse.com/security/cve/CVE-2024-1086.html
* https://www.suse.com/security/cve/CVE-2024-24860.html
* https://bugzilla.suse.com/show_bug.cgi?id=1108281
* https://bugzilla.suse.com/show_bug.cgi?id=1177529
* https://bugzilla.suse.com/show_bug.cgi?id=1209834
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1215885
* https://bugzilla.suse.com/show_bug.cgi?id=1216016
* https://bugzilla.suse.com/show_bug.cgi?id=1216702
* https://bugzilla.suse.com/show_bug.cgi?id=1217217
* https://bugzilla.suse.com/show_bug.cgi?id=1217670
* https://bugzilla.suse.com/show_bug.cgi?id=1217895
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218689
* https://bugzilla.suse.com/show_bug.cgi?id=1218713
* https://bugzilla.suse.com/show_bug.cgi?id=1218730
* https://bugzilla.suse.com/show_bug.cgi?id=1218752
* https://bugzilla.suse.com/show_bug.cgi?id=1218757
* https://bugzilla.suse.com/show_bug.cgi?id=1218768
* https://bugzilla.suse.com/show_bug.cgi?id=1218804
* https://bugzilla.suse.com/show_bug.cgi?id=1218832
* https://bugzilla.suse.com/show_bug.cgi?id=1218836
* https://bugzilla.suse.com/show_bug.cgi?id=1218916
* https://bugzilla.suse.com/show_bug.cgi?id=1218929
* https://bugzilla.suse.com/show_bug.cgi?id=1218930
* https://bugzilla.suse.com/show_bug.cgi?id=1218968
* https://bugzilla.suse.com/show_bug.cgi?id=1219053
* https://bugzilla.suse.com/show_bug.cgi?id=1219120
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219349
* https://bugzilla.suse.com/show_bug.cgi?id=1219412
* https://bugzilla.suse.com/show_bug.cgi?id=1219429
* https://bugzilla.suse.com/show_bug.cgi?id=1219434
* https://bugzilla.suse.com/show_bug.cgi?id=1219490
* https://bugzilla.suse.com/show_bug.cgi?id=1219608
1
0
openSUSE-SU-2024:0048-1: important: Security update for pdns-recursor
by opensuse-securityďĽ opensuse.org 14 Feb '24
by opensuse-securityďĽ opensuse.org 14 Feb '24
14 Feb '24
openSUSE Security Update: Security update for pdns-recursor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2024:0048-1
Rating: important
References: #1209897 #1219823 #1219826
Cross-References: CVE-2023-26437 CVE-2023-50387 CVE-2023-50868
CVSS scores:
CVE-2023-26437 (NVD) : 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
CVE-2023-50387 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-50868 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for pdns-recursor fixes the following issues:
Update to 4.8.6:
* fixes case when crafted DNSSEC records in a zone can lead to a denial of
service in Recursor
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-202
4-01.html (boo#1219823, boo#1219826, CVE-2023-50387, CVE-2023-50868)
Changes in 4.8.5:
* (I)XFR: handle partial read of len prefix.
* YaHTTP: Prevent integer overflow on very large chunks.
* Fix setting of policy tags for packet cache hits.
Changes in 4.8.4:
* Deterred spoofing attempts can lead to authoritative servers being
marked unavailable (boo#1209897, CVE-2023-26437)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-48=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le x86_64):
pdns-recursor-4.8.6-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-26437.html
https://www.suse.com/security/cve/CVE-2023-50387.html
https://www.suse.com/security/cve/CVE-2023-50868.html
https://bugzilla.suse.com/1209897
https://bugzilla.suse.com/1219823
https://bugzilla.suse.com/1219826
1
0
openSUSE-SU-2024:0047-1: important: Security update for hugin
by opensuse-securityďĽ opensuse.org 14 Feb '24
by opensuse-securityďĽ opensuse.org 14 Feb '24
14 Feb '24
openSUSE Security Update: Security update for hugin
______________________________________________________________________________
Announcement ID: openSUSE-SU-2024:0047-1
Rating: important
References: #1219819 #1219820 #1219821 #1219822
Cross-References: CVE-2024-25442 CVE-2024-25443 CVE-2024-25445
CVE-2024-25446
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for hugin fixes the following issues:
Update to version 2023.0.0:
* PTBatcherGUI can now also queue user defined assistant and user
defined output sequences.
* PTBatcherGUI: Added option to generate panorama sequences from an
existing pto template.
* Assistant: Added option to select different output options like
projection, FOV or canvas size depending on different variables (e.g.
image count, field of view, lens type).
* Allow building with epoxy instead of GLEW for OpenGL pointer
management.
* Several improvements to crop tool (outside crop, aspect ratio, ...).
* Several bug fixes (e.g. in verdandi/internal blender).
* Updated translations.
- fixed: boo#1219819 (CVE-2024-25442), boo#1219820 (CVE-2024-25443)
boo#1219821 (CVE-2024-25445), boo#1219822 (CVE-2024-25446)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-47=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):
hugin-2023.0.0-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-25442.html
https://www.suse.com/security/cve/CVE-2024-25443.html
https://www.suse.com/security/cve/CVE-2024-25445.html
https://www.suse.com/security/cve/CVE-2024-25446.html
https://bugzilla.suse.com/1219819
https://bugzilla.suse.com/1219820
https://bugzilla.suse.com/1219821
https://bugzilla.suse.com/1219822
1
0
14 Feb '24
# Security update for tomcat
Announcement ID: SUSE-SU-2024:0472-1
Rating: important
References:
* bsc#1216118
* bsc#1216119
* bsc#1216120
* bsc#1217402
* bsc#1217649
* bsc#1217768
* bsc#1219208
Cross-References:
* CVE-2023-42794
* CVE-2023-42795
* CVE-2023-45648
* CVE-2023-46589
* CVE-2024-22029
CVSS scores:
* CVE-2023-42794 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42794 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42795 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-42795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45648 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-45648 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-46589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-46589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-22029 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Server 4.3
* Web and Scripting Module 15-SP5
An update that solves five vulnerabilities and has two security fixes can now be
installed.
## Description:
This update for tomcat fixes the following issues:
Updated to Tomcat 9.0.85:
* CVE-2023-45648: Improve trailer header parsing (bsc#1216118).
* CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows
(bsc#1216120).
* CVE-2023-42795: Improve handling of failures during recycle() methods
(bsc#1216119).
* CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers
parsing (bsc#1217649)
* CVE-2024-22029: Fixed escalation to root from tomcat user via %post script.
(bsc#1219208)
The following non-security issues were fixed:
* Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-472=1
* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-472=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-472=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-472=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-472=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-472=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-472=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-472=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-472=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-472=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-472=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-472=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-472=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* tomcat-javadoc-9.0.85-150200.57.1
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-embed-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* tomcat-docs-webapp-9.0.85-150200.57.1
* tomcat-jsvc-9.0.85-150200.57.1
* Web and Scripting Module 15-SP5 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Manager Server 4.3 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
* SUSE Enterprise Storage 7.1 (noarch)
* tomcat-lib-9.0.85-150200.57.1
* tomcat-el-3_0-api-9.0.85-150200.57.1
* tomcat-servlet-4_0-api-9.0.85-150200.57.1
* tomcat-webapps-9.0.85-150200.57.1
* tomcat-admin-webapps-9.0.85-150200.57.1
* tomcat-9.0.85-150200.57.1
* tomcat-jsp-2_3-api-9.0.85-150200.57.1
## References:
* https://www.suse.com/security/cve/CVE-2023-42794.html
* https://www.suse.com/security/cve/CVE-2023-42795.html
* https://www.suse.com/security/cve/CVE-2023-45648.html
* https://www.suse.com/security/cve/CVE-2023-46589.html
* https://www.suse.com/security/cve/CVE-2024-22029.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216118
* https://bugzilla.suse.com/show_bug.cgi?id=1216119
* https://bugzilla.suse.com/show_bug.cgi?id=1216120
* https://bugzilla.suse.com/show_bug.cgi?id=1217402
* https://bugzilla.suse.com/show_bug.cgi?id=1217649
* https://bugzilla.suse.com/show_bug.cgi?id=1217768
* https://bugzilla.suse.com/show_bug.cgi?id=1219208
1
0
SUSE-SU-2024:0469-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 14 Feb '24
by OPENSUSE-SECURITY-UPDATES 14 Feb '24
14 Feb '24
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0469-1
Rating: important
References:
* bsc#1065729
* bsc#1108281
* bsc#1141539
* bsc#1174649
* bsc#1181674
* bsc#1193285
* bsc#1194869
* bsc#1209834
* bsc#1210443
* bsc#1211515
* bsc#1212091
* bsc#1214377
* bsc#1215275
* bsc#1215885
* bsc#1216441
* bsc#1216559
* bsc#1216702
* bsc#1217895
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218005
* bsc#1218447
* bsc#1218527
* bsc#1218659
* bsc#1218713
* bsc#1218723
* bsc#1218730
* bsc#1218738
* bsc#1218752
* bsc#1218757
* bsc#1218768
* bsc#1218778
* bsc#1218779
* bsc#1218804
* bsc#1218832
* bsc#1218836
* bsc#1218916
* bsc#1218948
* bsc#1218958
* bsc#1218968
* bsc#1218997
* bsc#1219006
* bsc#1219012
* bsc#1219013
* bsc#1219014
* bsc#1219053
* bsc#1219067
* bsc#1219120
* bsc#1219128
* bsc#1219136
* bsc#1219285
* bsc#1219349
* bsc#1219412
* bsc#1219429
* bsc#1219434
* bsc#1219490
* bsc#1219512
* bsc#1219568
* bsc#1219582
* jsc#PED-4729
* jsc#PED-6694
* jsc#PED-7322
* jsc#PED-7615
* jsc#PED-7616
* jsc#PED-7620
* jsc#PED-7622
* jsc#PED-7623
Cross-References:
* CVE-2021-33631
* CVE-2023-46838
* CVE-2023-47233
* CVE-2023-4921
* CVE-2023-51042
* CVE-2023-51043
* CVE-2023-51780
* CVE-2023-51782
* CVE-2023-6040
* CVE-2023-6356
* CVE-2023-6531
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-6915
* CVE-2024-0565
* CVE-2024-0641
* CVE-2024-0775
* CVE-2024-1085
* CVE-2024-1086
CVSS scores:
* CVE-2021-33631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-33631 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-46838 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46838 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47233 ( NVD ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51042 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51043 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51780 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-51782 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6040 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-6040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6915 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-0641 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-1086 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5
An update that solves 19 vulnerabilities, contains eight features and has 41
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the
nft_setelem_catchall_deactivate() function (bsc#1219429).
* CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables
component that could have been exploited to achieve local privilege
escalation (bsc#1219434).
* CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
* CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c,
because of a vcc_recvmsg race condition (bsc#1218730).
* CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length
transmit fragment (bsc#1218836).
* CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end()
(bsc#1219412).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect
the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalation
(bsc#1215275).
* CVE-2023-51043: Fixed use-after-free during a race condition between a
nonblocking atomic commit and a driver unload in
drivers/gpu/drm/drm_atomic.c (bsc#1219120).
* CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c
that could allow a local user to cause an information leak problem while
freeing the old quota file names before a potential failure (bsc#1219053).
* CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a
new netfilter table, lack of a safeguard against invalid nf_tables family
(pf) values within `nf_tables_newtable` function (bsc#1218752).
* CVE-2024-0641: Fixed a denial of service vulnerability in
tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
* CVE-2024-0565: Fixed an out-of-bounds memory read flaw in
receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
* CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in
lib/idr.c (bsc#1218804).
* CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c
because of a rose_accept race condition (bsc#1218757).
* CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix
garbage collector's deletion of SKB races with unix_stream_read_generic()on
the socket that the SKB is queued on (bsc#1218447).
The following non-security bugs were fixed:
* Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
* ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
* ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
* ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
* ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error
(git-fixes).
* ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241
(bsc#1214377)
* ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
* ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
* ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
* ACPI: video: check for error while searching for backlight device parent
(git-fixes).
* ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-
fixes).
* ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
* ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
* ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
* ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook
(git-fixes).
* ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx
(git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
* ALSA: hda: Refer to correct stream index at loops (git-fixes).
* ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-
fixes).
* ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
* ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
* ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
* ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-
fixes).
* ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
* ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
* ASoC: amd: Add check for acp config flags (bsc#1219136).
* ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
* ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
* ASoC: amd: Drop empty platform remove function (bsc#1219136).
* ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
* ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
* ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out
(bsc#1219136).
* ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller
(bsc#1219136).
* ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
* ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
* ASoC: amd: acp: Add kcontrols and widgets per-codec in common code
(bsc#1219136).
* ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
* ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
* ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver
(bsc#1219136).
* ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
* ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
* ASoC: amd: acp: Initialize list to store acp_stream during pcm_open
(bsc#1219136).
* ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
* ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
* ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
* ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
* ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
* ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
* ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform
(bsc#1219136).
* ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
* ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
* ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
* ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
* ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
* ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols
(bsc#1219136).
* ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
* ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
* ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
* ASoC: amd: acp: rembrandt: Drop if blocks with always false condition
(bsc#1219136).
* ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
* ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions
(bsc#1219136).
* ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
* ASoC: amd: acp: store platform device reference created in pci probe call
(bsc#1219136).
* ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
* ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
* ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
* ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
* ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc()
(bsc#1219136).
* ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
* ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
* ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
* ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
* ASoC: amd: add acp6.2 irq handler (bsc#1219136).
* ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
* ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
* ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
* ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
* ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver
(bsc#1219136).
* ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
* ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
* ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
* ASoC: amd: fix ACP version typo mistake (bsc#1219136).
* ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
* ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
* ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
* ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs()
(bsc#1219136).
* ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
* ASoC: amd: ps: Update copyright notice (bsc#1219136).
* ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
* ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
* ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
* ASoC: amd: ps: move irq handler registration (bsc#1219136).
* ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
* ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
* ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
* ASoC: amd: ps: remove unused variable (bsc#1219136).
* ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
* ASoC: amd: ps: update macros with ps platform naming convention
(bsc#1219136).
* ASoC: amd: ps: update the acp clock source (bsc#1219136).
* ASoC: amd: ps: use acp_lock to protect common registers in pdm driver
(bsc#1219136).
* ASoC: amd: ps: use static function (bsc#1219136).
* ASoC: amd: renoir: Add a module parameter to influence pdm_gain
(bsc#1219136).
* ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
* ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
* ASoC: amd: vangogh: Add check for acp config flags in vangogh platform
(bsc#1219136).
* ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
* ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
* ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
* ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
* ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
* ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
* ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for
acp6x (bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42)
(bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43)
(bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop
15-fb0xxx (8A3E) (bsc#1219136).
* ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx
(8A22) (bsc#1219136).
* ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
* ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
* ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
* ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
* ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table
(bsc#1219136).
* ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table
(bsc#1219136).
* ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
* ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
(bsc#1219136).
* ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
* ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
* ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table
(bsc#1219136).
* ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table
(bsc#1219136).
* ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
* ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16
Gen 4+ ARA to the Quirks List (bsc#1219136).
* ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
* ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
* ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
* ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
(bsc#1219136).
* ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
* ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
* ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
* ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
* ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
* ASoC: cs43130: Fix the position of const qualifier (git-fixes).
* ASoC: da7219: Support low DC impedance headset (git-fixes).
* ASoC: nau8822: Fix incorrect type in assignment and cast to restricted
__be16 (git-fixes).
* ASoC: ops: add correct range check for limiting volume (git-fixes).
* ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
* ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
* ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
* ASoC: wm8974: Correct boost mixer inputs (git-fixes).
* Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
* Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
* Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
* Documentation: Begin a RAS section (jsc#PED-7622).
* EDAC/amd64: Add context struct (jsc#PED-7615).
* EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
* EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh
(jsc#PED-7616).
* EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
* EDAC/amd64: Add support for family 0x19, models 0x90-9f devices
(jsc#PED-7622).
* EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
* EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
* EDAC/amd64: Do not discover ECC symbol size for Family 17h and later
(jsc#PED-7615).
* EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
* EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
* EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
* EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
* EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt
(jsc#PED-7615).
* EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
* EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
* EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
* EDAC/amd64: Remove module version string (jsc#PED-7615).
* EDAC/amd64: Remove scrub rate control for Family 17h and later
(jsc#PED-7615).
* EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
* EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
* EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
* EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false
positive (jsc#PED-7615).
* EDAC/amd64: Split determine_edac_cap() into dct/umc functions
(jsc#PED-7615).
* EDAC/amd64: Split determine_memory_type() into dct/umc functions
(jsc#PED-7615).
* EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions
(jsc#PED-7615).
* EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
* EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions
(jsc#PED-7615).
* EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
* EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
* EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
* EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
* Fix crash in vmw_context_cotables_unref when 3d support is enabled
(bsc#1218738)
* HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
* HID: wacom: Correct behavior when processing some confidence == false
touches (git-fixes).
* IB/iser: Prevent invalidating wrong MR (git-fixes)
* Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID
(git-fixes).
* Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
* Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-
fixes).
* Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
* Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
* Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
* Input: xpad - add Razer Wolverine V2 support (git-fixes).
* KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
* KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes
bsc#1218997).
* KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
* Limit kernel-source build to architectures for which the kernel binary is
built (bsc#1108281).
* PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
* PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
* PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
* PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
* PM: hibernate: Enforce ordering during image compression/decompression (git-
fixes).
* RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
* RDMA/hns: Fix unnecessary err return when using invalid congest control
algorithm (git-fixes)
* RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
* RDMA/irdma: Add wait for suspend on SQD (git-fixes)
* RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
* RDMA/irdma: Do not modify to SQD on error (git-fixes)
* RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
* RDMA/irdma: Refactor error handling in create CQP (git-fixes)
* RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
* RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
* RDMA/rtrs-clt: Start hb after path_up (git-fixes)
* RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
* RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-
fixes)
* RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
* RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-
fixes)
* RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
* USB: xhci: workaround for grace period (git-fixes).
* Update config files: enable ASoC AMD PS drivers (bsc#1219136)
* Update patch reference for ax88179 fix (bsc#1218948)
* acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-
fixes).
* aio: fix mremap after fork null-deref (git-fixes).
* apparmor: avoid crash when parsed profile name is empty (git-fixes).
* arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
* arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps
PLACEHOLDER_4 for HAS_ECV.
* arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
* arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
* arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-
fixes)
* arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
* arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
* arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
* arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
* arm64: module: move find_section to header (jsc#PED-4729)
* arm64: vdso: Fix "no previous prototype" warning (jsc#PED-4729)
* arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
* arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
* asix: Add check for usbnet_get_endpoints (git-fixes).
* attr: block mode changes of symlinks (git-fixes).
* badblocks: add helper routines for badblock ranges handling (bsc#1174649).
* badblocks: add more helper structure and routines in badblocks.h
(bsc#1174649).
* badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
* badblocks: improve badblocks_check() for multiple ranges handling
(bsc#1174649).
* badblocks: improve badblocks_clear() for multiple ranges handling
(bsc#1174649).
* badblocks: improve badblocks_set() for multiple ranges handling
(bsc#1174649).
* badblocks: switch to the improved badblock handling code (bsc#1174649).
* bpf: Limit the number of kprobes when attaching program to multiple kprobes
(git-fixes).
* bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
* bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-
fixes).
* bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
* ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
* clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
* clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
* clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
* clk: samsung: Fix kernel-doc comments (git-fixes).
* clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-
fixes).
* clk: zynqmp: Add a check for NULL pointer (git-fixes).
* clk: zynqmp: make bestdiv unsigned (git-fixes).
* clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
* clocksource: disable watchdog checks on TSC when TSC is watchdog
(bsc#1215885).
* coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
* coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata'
(bsc#1218779)
* coresight: etm4x: Change etm4_platform_driver driver for MMIO devices
(bsc#1218779)
* coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
* coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
* coresight: etm4x: Ensure valid drvdata and clock before clk_put()
(bsc#1218779)
* coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
* crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
* crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
* crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
* crypto: sahara - do not resize req->src when doing hash operations (git-
fixes).
* crypto: sahara - fix ahash reqsize (git-fixes).
* crypto: sahara - fix ahash selftest failure (git-fixes).
* crypto: sahara - fix cbc selftest failure (git-fixes).
* crypto: sahara - fix processing hash requests with req->nbytes <
sg->length (git-fixes).
* crypto: sahara - fix processing requests with cryptlen < sg->length (git-
fixes).
* crypto: sahara - fix wait_for_completion_timeout() error handling (git-
fixes).
* crypto: sahara - handle zero-length aes requests (git-fixes).
* crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
* crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
* crypto: scomp - fix req->dst buffer overflow (git-fixes).
* dma-debug: fix kernel-doc warnings (git-fixes).
* dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
* dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-
fixes).
* dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
* dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
* dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
* doc/README.KSYMS: Add to repo.
* drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
* drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
* drivers: clk: zynqmp: update divider round rate logic (git-fixes).
* drm/amd/display: Fix tiled display misalignment (git-fixes).
* drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-
fixes).
* drm/amd/display: add nv12 bounding box (git-fixes).
* drm/amd/display: get dprefclk ss info from integration info table (git-
fixes).
* drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
* drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
* drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
* drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
* drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-
fixes).
* drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
* drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in
'get_platform_power_management_table()' (git-fixes).
* drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
(git-fixes).
* drm/amdgpu/pm: Fix the power source flag error (git-fixes).
* drm/amdgpu: Add NULL checks for function pointers (git-fixes).
* drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
* drm/amdgpu: Fix '*fw' from request_firmware() not released in
'amdgpu_ucode_request()' (git-fixes).
* drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer
(git-fixes).
* drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
* drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-
fixes).
* drm/amdgpu: Fix with right return code '-EIO' in
'amdgpu_gmc_vram_checking()' (git-fixes).
* drm/amdgpu: Let KFD sync with VM fences (git-fixes).
* drm/amdgpu: Release 'adev->pm.fw' before return in
'amdgpu_device_need_post()' (git-fixes).
* drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-
fixes).
* drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
* drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in
kfd_topology.c (git-fixes).
* drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()'
(git-fixes).
* drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-
fixes).
* drm/amdkfd: Fix lock dependency warning (git-fixes).
* drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
* drm/amdkfd: Use resource_size() helper function (git-fixes).
* drm/amdkfd: fixes for HMM mem allocation (git-fixes).
* drm/bridge: Fix typo in post_disable() description (git-fixes).
* drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
* drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
* drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
* drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
* drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable()
(git-fixes).
* drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case
(git-fixes).
* drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-
fixes).
* drm/bridge: tc358767: Fix return value on error case (git-fixes).
* drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function
(git-fixes).
* drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
* drm/crtc: fix uninitialized variable use (git-fixes).
* drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
* drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-
fixes).
* drm/exynos: fix a potential error pointer dereference (git-fixes).
* drm/exynos: fix a wrong error checking (git-fixes).
* drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
* drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-
fixes).
* drm/framebuffer: Fix use of uninitialized variable (git-fixes).
* drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-
fixes).
* drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr()
(git-fixes).
* drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
* drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
* drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
* drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality
(git-fixes).
* drm/msm/dsi: Enable runtime PM (git-fixes).
* drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-
fixes).
* drm/msm/mdp4: flush vblank event on disable (git-fixes).
* drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-
fixes).
* drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
* drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
* drm/panel: nt35510: fix typo (git-fixes).
* drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-
fixes).
* drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-
fixes).
* drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
* drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-
fixes).
* drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-
fixes).
* drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-
fixes).
* drm/radeon: check return value of radeon_ring_lock() (git-fixes).
* drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
(git-fixes).
* drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
* drm/tidss: Fix atomic_flush check (git-fixes).
* drm/tidss: Fix dss reset (git-fixes).
* drm/tidss: Move reset to the end of dispc_init() (git-fixes).
* drm/tidss: Return error value from from softreset (git-fixes).
* drm/tilcdc: Fix irq free on unload (git-fixes).
* drm: Do not unref the same fb many times by mistake due to deadlock handling
(git-fixes).
* drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-
fixes).
* drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
* dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
* efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
* eventfd: prevent underflow for eventfd semaphores (git-fixes).
* exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
* exfat: support handle zero-size directory (git-fixes).
* exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
* fbdev: Only disable sysfb on the primary device (bsc#1216441)
* fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an
existing patch to fix bsc#1216441.
* fbdev: flush deferred IO before closing (git-fixes).
* fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
* fbdev: imxfb: fix left margin setting (git-fixes).
* fbdev: mmp: Fix typo and wording in code comment (git-fixes).
* firewire: core: correct documentation of fw_csr_string() kernel API (git-
fixes).
* firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and
ASM108x/VT630x PCIe cards (git-fixes).
* firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
* fjes: fix memleaks in fjes_hw_setup (git-fixes).
* fs/mount_setattr: always cleanup mount_kattr (git-fixes).
* fs: Fix error checking for d_hash_and_lookup() (git-fixes).
* fs: Move notify_change permission checks into may_setattr (git-fixes).
* fs: do not audit the capability check in simple_xattr_list() (git-fixes).
* fs: drop peer group ids under namespace lock (git-fixes).
* fs: indicate request originates from old mount API (git-fixes).
* fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
* fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
* gfs2: Always check inode size of inline inodes (git-fixes).
* gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
* gfs2: Disable page faults during lockless buffered reads (git-fixes).
* gfs2: Eliminate ip->i_gh (git-fixes).
* gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
* gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
* gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
* gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
* gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
* gfs2: Switch to wait_event in gfs2_logd (git-fixes).
* gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
* gfs2: low-memory forced flush fixes (git-fixes).
* gfs2: release iopen glock early in evict (git-fixes).
* gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
* gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
* hv_netvsc: rndis_filter needs to select NLS (git-fixes).
* hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
* hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
* i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
* i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
* i2c: s3c24xx: fix transferring more than one message in polling mode (git-
fixes).
* iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
* iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
* iio: adc: ad9467: do not ignore error codes (git-fixes).
* iio: adc: ad9467: fix reset gpio handling (git-fixes).
* ipmi: Use regspacings passed as a module parameter (git-fixes).
* kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
* kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an
internal function that shouldn't have been exported
* kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
* kernel-doc: handle a void function without producing a warning (git-fixes).
* kernel-source: Fix description typo
* kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-
fixes).
* leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
* leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
* libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-
fixes).
* md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
* media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
* media: dt-bindings: ov8856: decouple lanes and link frequency from driver
(git-fixes).
* media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path
of m88ds3103_probe() (git-fixes).
* media: imx355: Enable runtime PM before registering async sub-device (git-
fixes).
* media: ov9734: Enable runtime PM before registering async sub-device (git-
fixes).
* media: pvrusb2: fix use after free on context disconnection (git-fixes).
* media: rkisp1: Disable runtime PM in probe error path (git-fixes).
* media: rkisp1: Fix media device memory leak (git-fixes).
* media: rkisp1: Read the ID register at probe time instead of streamon (git-
fixes).
* media: videobuf2-dma-sg: fix vmap callback (git-fixes).
* mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
* misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
* mkspec: Include constraints for both multibuild and plain package always
There is no need to check for multibuild flag, the constraints can be always
generated for both cases.
* mkspec: Use variant in constraints template Constraints are not applied
consistently with kernel package variants. Add variant to the constraints
template as appropriate, and expand it in mkspec.
* mm: fs: initialize fsdata passed to write_begin/write_end interface (git-
fixes).
* mmc: core: Cancel delayed work before releasing host (git-fixes).
* modpost: move **attribute** ((format(printf, 2, 3))) to modpost.h (git-
fixes).
* mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
* mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-
fixes).
* mtd: rawnand: pl353: Fix kernel doc (git-fixes).
* mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-
fixes).
* mtd: rawnand: rockchip: Rename a structure (git-fixes).
* net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
* net: usb: ax88179_178a: Bind only to vendor-specific interface
(bsc#1218948).
* net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
* net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
* net: usb: ax88179_178a: remove redundant init code (git-fixes).
* net: usb: ax88179_178a: restore state on resume (bsc#1218948).
* nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
* nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
* nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
* nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
* nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
* nsfs: add compat ioctl handler (git-fixes).
* nvme-loop: always quiesce and cancel commands before destroying admin q
(bsc#1211515).
* nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
* nvme-pci: fix sleeping function called from interrupt context (git-fixes).
* nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-
fixes).
* nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
* nvme: fix max_discard_sectors calculation (git-fixes).
* nvme: introduce helper function to get ctrl state (git-fixes).
* nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
* nvme: start keep-alive after admin queue setup (bsc#1211515).
* nvme: trace: avoid memcpy overflow warning (git-fixes).
* nvmet: re-fix tracing strncpy() warning (git-fixes).
* of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
* of: unittest: Fix of_count_phandle_with_args() expected value message (git-
fixes).
* parport: parport_serial: Add Brainboxes BAR details (git-fixes).
* parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
* perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
* perf/x86/intel/uncore: Fix NULL pointer dereference issue in
upi_fill_topology() (bsc#1218958).
* perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array
(bsc#1219512).
* phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
* phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
* pinctrl: intel: Revert "Unexport intel_pinctrl_probe()" (git-fixes).
* platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
* platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
* platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
* platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
* platform/x86: ISST: Reduce noise for missing numa information in logs
(bsc#1219285).
* platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
* power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
* power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
* powerpc/fadump: reset dump area size if fadump memory reserve fails
(bsc#1194869).
* powerpc/powernv: Add a null pointer check in opal_event_init()
(bsc#1065729).
* powerpc/powernv: Add a null pointer check in opal_powercap_init()
(bsc#1181674 ltc#189159 git-fixes).
* powerpc/powernv: Add a null pointer check to scom_debug_init_one()
(bsc#1194869).
* powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
IOV device (bsc#1212091 ltc#199106 git-fixes).
* powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
* powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1194869).
* powerpc/pseries: fix potential memory leak in init_cpu_associativity()
(bsc#1194869).
* powerpc/xive: Fix endian conversion size (bsc#1194869).
* pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-
fixes).
* pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
* pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
* pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
* pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
* pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-
fixes).
* r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
* r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
* reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-
fixes).
* ring-buffer/Documentation: Add documentation on buffer_percent file (git-
fixes).
* ring-buffer: Do not record in NMI if the arch does not support cmpxchg in
NMI (git-fixes).
* s390/dasd: fix double module refcount decrement (bsc#1141539).
* s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes
bsc#1219006).
* s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
* s390/vfio-ap: let on_scan_complete() callback filter matrix and update
guest's APCB (git-fixes bsc#1219014).
* s390/vfio-ap: loop over the shadow APCB when filtering guest's AP
configuration (git-fixes bsc#1219013).
* s390/vfio-ap: unpin pages on gisc registration failure (git-fixes
bsc#1218723).
* s390: vfio-ap: tighten the NIB validity check (git-fixes).
* sched/isolation: add cpu_is_isolated() API (bsc#1217895).
* scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
* scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
* scsi: core: Always send batch on reset or error handling command (git-
fixes).
* scsi: fnic: Return error if vmalloc() failed (git-fixes).
* scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
* scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
* scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
* scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
* scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
* scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
* scsi: hisi_sas: Replace with standard error code return value (git-fixes).
* scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
* scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-
fixes).
* scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code
(git-fixes).
* scsi: ibmvfc: Implement channel queue depth and event buffer accounting
(bsc#1209834 ltc#202097).
* scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834
ltc#202097).
* scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
* scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
(git-fixes).
* scsi: lpfc: Change VMID driver load time parameters to read only
(bsc#1219582).
* scsi: lpfc: Move determination of vmid_flag after VMID reinitialization
completes (bsc#1219582).
* scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC
(bsc#1219582).
* scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
* scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
* scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
selected registers (git-fixes).
* scsi: mpt3sas: Fix an outdated comment (git-fixes).
* scsi: mpt3sas: Fix in error path (git-fixes).
* scsi: mpt3sas: Fix loop logic (bsc#1219067).
* scsi: mpt3sas: Fix loop logic (git-fixes).
* scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
* scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
(git-fixes).
* scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
* selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
* serial: 8250: omap: Do not skip resource freeing if
pm_runtime_resume_and_get() failed (git-fixes).
* serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
* serial: imx: Correct clock error message in function probe() (git-fixes).
* serial: imx: fix tx statemachine deadlock (git-fixes).
* serial: max310x: fail probe if clock crystal is unstable (git-fixes).
* serial: max310x: improve crystal stable clock detection (git-fixes).
* serial: max310x: set default value when reading clock ready bit (git-fixes).
* serial: sc16is7xx: add check for unsupported SPI modes during probe (git-
fixes).
* serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
* serial: sccnxp: Improve error message if regulator_disable() fails (git-
fixes).
* shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-
fixes).
* software node: Let args be NULL in software_node_get_reference_args (git-
fixes).
* spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
* swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
* swiotlb: fix a braino in the alignment check fix (bsc#1216559).
* swiotlb: fix slot alignment checks (bsc#1216559).
* trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
* tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
* tracing/trigger: Fix to return error if failed to alloc snapshot (git-
fixes).
* tracing: Add size check when printing trace_marker output (git-fixes).
* tracing: Ensure visibility when inserting an element into tracing_map (git-
fixes).
* tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
* tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
(git-fixes).
* ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex
(git-fixes).
* ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted
(git-fixes).
* ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-
fixes).
* uio: Fix use-after-free in uio_open (git-fixes).
* usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-
fixes).
* usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
* usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
* usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
* usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
* usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-
fixes).
* usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
* usb: otg numberpad exception (bsc#1218527).
* usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
(git-fixes).
* usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
* usb: ucsi: Add missing ppm_lock (git-fixes).
* usb: ucsi_acpi: Fix command completion handling (git-fixes).
* usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-
fixes).
* usr/Kconfig: fix typos of "its" (git-fixes).
* vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
* vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
* virtio-mmio: fix memory leak of vm_dev (git-fixes).
* virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
* vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
* vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space() (git-fixes).
* watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
* watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
* watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused
(git-fixes).
* watchdog: set cdev owner before adding (git-fixes).
* wifi: ath11k: Defer on rproc_get failure (git-fixes).
* wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
* wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
* wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-
fixes).
* wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
* wifi: libertas: stop selecting wext (git-fixes).
* wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
* wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-
fixes).
* wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
* wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
* wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-
fixes).
* wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
* wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-
fixes).
* wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
* x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
* x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
* x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
* x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
* x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
* x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
* x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
* x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
* x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
* x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown()
(git-fixes).
* x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
* x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
* xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
* xen/events: fix delayed eoi list handling (git-fixes).
* xhci: Add grace period after xHC start to prevent premature runtime suspend
(git-fixes).
* xhci: cleanup xhci_hub_control port references (git-fixes).
* xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
* xhci: track port suspend state correctly in unsuccessful resume cases (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-469=1 openSUSE-SLE-15.5-2024-469=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-469=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-469=1
* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-469=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.35.1
* kernel-source-rt-5.14.21-150500.13.35.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-devel-5.14.21-150500.13.35.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.35.1
* reiserfs-kmp-rt-5.14.21-150500.13.35.1
* kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-1-150500.11.5.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-5.14.21-150500.13.35.1
* kernel-rt-debuginfo-5.14.21-150500.13.35.1
* dlm-kmp-rt-5.14.21-150500.13.35.1
* gfs2-kmp-rt-5.14.21-150500.13.35.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-livepatch-5.14.21-150500.13.35.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-debugsource-5.14.21-150500.13.35.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.35.1
* kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-1-150500.11.5.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.35.1
* kernel-livepatch-5_14_21-150500_13_35-rt-1-150500.11.5.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.35.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kselftests-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt-vdso-5.14.21-150500.13.35.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.35.1
* kernel-rt_debug-devel-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-syms-rt-5.14.21-150500.13.35.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-extra-5.14.21-150500.13.35.1
* kernel-rt-optional-5.14.21-150500.13.35.1
* ocfs2-kmp-rt-5.14.21-150500.13.35.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.35.1
* kernel-rt-5.14.21-150500.13.35.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.35.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-debugsource-5.14.21-150500.13.35.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_35-rt-debuginfo-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_13_35-rt-1-150500.11.5.1
* kernel-livepatch-SLE15-SP5-RT_Update_10-debugsource-1-150500.11.5.1
* SUSE Real Time Module 15-SP5 (x86_64)
* kernel-rt-devel-5.14.21-150500.13.35.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt_debug-vdso-5.14.21-150500.13.35.1
* kernel-rt-debuginfo-5.14.21-150500.13.35.1
* dlm-kmp-rt-5.14.21-150500.13.35.1
* gfs2-kmp-rt-5.14.21-150500.13.35.1
* kernel-rt-debugsource-5.14.21-150500.13.35.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.35.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.35.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt-vdso-5.14.21-150500.13.35.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-rt_debug-devel-5.14.21-150500.13.35.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.35.1
* kernel-syms-rt-5.14.21-150500.13.35.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.35.1
* ocfs2-kmp-rt-5.14.21-150500.13.35.1
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.35.1
* kernel-source-rt-5.14.21-150500.13.35.1
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.35.1
* kernel-rt-5.14.21-150500.13.35.1
## References:
* https://www.suse.com/security/cve/CVE-2021-33631.html
* https://www.suse.com/security/cve/CVE-2023-46838.html
* https://www.suse.com/security/cve/CVE-2023-47233.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://www.suse.com/security/cve/CVE-2023-51042.html
* https://www.suse.com/security/cve/CVE-2023-51043.html
* https://www.suse.com/security/cve/CVE-2023-51780.html
* https://www.suse.com/security/cve/CVE-2023-51782.html
* https://www.suse.com/security/cve/CVE-2023-6040.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6531.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-6915.html
* https://www.suse.com/security/cve/CVE-2024-0565.html
* https://www.suse.com/security/cve/CVE-2024-0641.html
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://www.suse.com/security/cve/CVE-2024-1085.html
* https://www.suse.com/security/cve/CVE-2024-1086.html
* https://bugzilla.suse.com/show_bug.cgi?id=1065729
* https://bugzilla.suse.com/show_bug.cgi?id=1108281
* https://bugzilla.suse.com/show_bug.cgi?id=1141539
* https://bugzilla.suse.com/show_bug.cgi?id=1174649
* https://bugzilla.suse.com/show_bug.cgi?id=1181674
* https://bugzilla.suse.com/show_bug.cgi?id=1193285
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1209834
* https://bugzilla.suse.com/show_bug.cgi?id=1210443
* https://bugzilla.suse.com/show_bug.cgi?id=1211515
* https://bugzilla.suse.com/show_bug.cgi?id=1212091
* https://bugzilla.suse.com/show_bug.cgi?id=1214377
* https://bugzilla.suse.com/show_bug.cgi?id=1215275
* https://bugzilla.suse.com/show_bug.cgi?id=1215885
* https://bugzilla.suse.com/show_bug.cgi?id=1216441
* https://bugzilla.suse.com/show_bug.cgi?id=1216559
* https://bugzilla.suse.com/show_bug.cgi?id=1216702
* https://bugzilla.suse.com/show_bug.cgi?id=1217895
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218005
* https://bugzilla.suse.com/show_bug.cgi?id=1218447
* https://bugzilla.suse.com/show_bug.cgi?id=1218527
* https://bugzilla.suse.com/show_bug.cgi?id=1218659
* https://bugzilla.suse.com/show_bug.cgi?id=1218713
* https://bugzilla.suse.com/show_bug.cgi?id=1218723
* https://bugzilla.suse.com/show_bug.cgi?id=1218730
* https://bugzilla.suse.com/show_bug.cgi?id=1218738
* https://bugzilla.suse.com/show_bug.cgi?id=1218752
* https://bugzilla.suse.com/show_bug.cgi?id=1218757
* https://bugzilla.suse.com/show_bug.cgi?id=1218768
* https://bugzilla.suse.com/show_bug.cgi?id=1218778
* https://bugzilla.suse.com/show_bug.cgi?id=1218779
* https://bugzilla.suse.com/show_bug.cgi?id=1218804
* https://bugzilla.suse.com/show_bug.cgi?id=1218832
* https://bugzilla.suse.com/show_bug.cgi?id=1218836
* https://bugzilla.suse.com/show_bug.cgi?id=1218916
* https://bugzilla.suse.com/show_bug.cgi?id=1218948
* https://bugzilla.suse.com/show_bug.cgi?id=1218958
* https://bugzilla.suse.com/show_bug.cgi?id=1218968
* https://bugzilla.suse.com/show_bug.cgi?id=1218997
* https://bugzilla.suse.com/show_bug.cgi?id=1219006
* https://bugzilla.suse.com/show_bug.cgi?id=1219012
* https://bugzilla.suse.com/show_bug.cgi?id=1219013
* https://bugzilla.suse.com/show_bug.cgi?id=1219014
* https://bugzilla.suse.com/show_bug.cgi?id=1219053
* https://bugzilla.suse.com/show_bug.cgi?id=1219067
* https://bugzilla.suse.com/show_bug.cgi?id=1219120
* https://bugzilla.suse.com/show_bug.cgi?id=1219128
* https://bugzilla.suse.com/show_bug.cgi?id=1219136
* https://bugzilla.suse.com/show_bug.cgi?id=1219285
* https://bugzilla.suse.com/show_bug.cgi?id=1219349
* https://bugzilla.suse.com/show_bug.cgi?id=1219412
* https://bugzilla.suse.com/show_bug.cgi?id=1219429
* https://bugzilla.suse.com/show_bug.cgi?id=1219434
* https://bugzilla.suse.com/show_bug.cgi?id=1219490
* https://bugzilla.suse.com/show_bug.cgi?id=1219512
* https://bugzilla.suse.com/show_bug.cgi?id=1219568
* https://bugzilla.suse.com/show_bug.cgi?id=1219582
* https://jira.suse.com/browse/PED-4729
* https://jira.suse.com/browse/PED-6694
* https://jira.suse.com/browse/PED-7322
* https://jira.suse.com/browse/PED-7615
* https://jira.suse.com/browse/PED-7616
* https://jira.suse.com/browse/PED-7620
* https://jira.suse.com/browse/PED-7622
* https://jira.suse.com/browse/PED-7623
1
0