August 2024 - openSUSE Security Announce

openSUSE-SU-2024:0272-1: important: Security update for python-Django
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0272-1 Rating: important References: #1228629 #1228630 #1228631 #1228632 Cross-References: CVE-2024-41989 CVE-2024-41990 CVE-2024-41991 CVE-2024-42005 CVSS scores: CVE-2024-41989 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41990 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41990 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41991 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-42005 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-42005 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-Django fixes the following issues: * CVE-2024-42005: Fixed potential SQL injection in QuerySet.values() and values_list() (boo#1228629) * CVE-2024-41989: Fixed memory exhaustion in django.utils.numberformat.floatformat() (boo#1228630) * CVE-2024-41990: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1228631) * CVE-2024-41991: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (boo#1228632) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-272=1 Package List: References: https://www.suse.com/security/cve/CVE-2024-41989.html https://www.suse.com/security/cve/CVE-2024-41990.html https://www.suse.com/security/cve/CVE-2024-41991.html https://www.suse.com/security/cve/CVE-2024-42005.html https://bugzilla.suse.com/1228629 https://bugzilla.suse.com/1228630 https://bugzilla.suse.com/1228631 https://bugzilla.suse.com/1228632

1 0

openSUSE-SU-2024:0269-1: moderate: Security update for trivy
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for trivy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0269-1 Rating: moderate References: #1224781 #1227022 Cross-References: CVE-2023-42363 CVE-2024-35192 CVE-2024-6257 CVSS scores: CVE-2023-42363 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-42363 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * release: v0.54.0 [main] (#7075) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * release: v0.53.0 [main] (#6855) * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * release: v0.52.1 [release/v0.52] (#6877) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * release: v0.52.0 [main] (#6809) * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to "pronunciation" (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-269=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): trivy-0.54.1-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-42363.html https://www.suse.com/security/cve/CVE-2024-35192.html https://www.suse.com/security/cve/CVE-2024-6257.html https://bugzilla.suse.com/1224781 https://bugzilla.suse.com/1227022

1 0

openSUSE-SU-2024:0268-1: moderate: Security update for trivy
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for trivy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0268-1 Rating: moderate References: #1224781 #1227022 Cross-References: CVE-2023-42363 CVE-2024-35192 CVE-2024-6257 CVSS scores: CVE-2023-42363 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-42363 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to "pronunciation" (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) Update to version 0.44.1: * fix(report): return severity colors in table format (#4969) * build: maximize available disk space for release (#4937) * test(cli): Fix assertion helptext (#4966) * test: validate CycloneDX with the JSON schema (#4956) * fix(server): add licenses to the Result message (#4955) * fix(aws): resolve endpoint if endpoint is passed (#4925) * fix(sbom): move licenses to `name` field in Cyclonedx format (#4941) * use testify instead of gotest.tools (#4946) * fix(nodejs): do not detect lock file in node_modules as an app (#4949) * bump go-dep-parser (#4936) * test(aws): move part of unit tests to integration (#4884) * docs(cli): update help string for file and dir skipping (#4872) * docs: update the discussion template (#4928) Update to version 0.44.0: * feat(repo): support local repositories (#4890) * bump go-dep-parser (#4893) * fix(misconf): add missing fields to proto (#4861) * fix: remove trivy-db package replacement (#4877) * chore(test): bump the integration test timeout to 15m (#4880) * chore: update CODEOWNERS (#4871) * feat(vuln): support vulnerability status (#4867) * feat(misconf): Support custom URLs for policy bundle (#4834) * refactor: replace with sortable packages (#4858) * docs: correct license scanning sample command (#4855) * fix(report): close the file (#4842) * feat(misconf): Add support for independently enabling libraries (#4070) * feat(secret): add secret config file for cache calculation (#4837) * Fix a link in gitlab-ci.md (#4850) * fix(flag): use globalstar to skip directories (#4854) * fix(license): using common way for splitting licenses (#4434) * fix(containerd): Use img platform in exporter instead of strict host platform (#4477) * remove govulndb (#4783) * fix(java): inherit licenses from parents (#4817) * refactor: add allowed values for CLI flags (#4800) * add example regex to allow rules (#4827) * feat(misconf): Support custom data for rego policies for cloud (#4745) * docs: correcting the trivy k8s tutorial (#4815) * feat(cli): add --tf-exclude-downloaded-modules flag (#4810) * fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794) * feat(misconf): enable --policy flag to accept directory and files both (#4777) * feat(python): add license fields (#4722) * fix: support trivy k8s-version on k8s sub-command (#4786) Update to version 0.43.1: * docs(image): fix the comment on the soft/hard link (#4740) * check Type when filling pkgs in vulns (#4776) * feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770) * fix(rocky): add architectures support for advisories (#4691) * fix: documentation about reseting trivy image (#4733) * fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744) * fix: update Amazon Linux 1 EOL (#4761) Update to version 0.43.0: * feat(nodejs): support yarn workspaces (#4664) * fix(image): pass the secret scanner option to scan the img config (#4735) * fix: scan job pod it not found on k8s-1.27.x (#4729) * feat(docker): add support for mTLS authentication when connecting to registry (#4649) * fix: skip scanning the gpg-pubkey package (#4720) * Fix http registry oci pull (#4701) * feat(misconf): Support skipping services (#4686) * docs: fix supported modes for pubspec.lock files (#4713) * fix(misconf): disable the terraform plan analyzer for other scanners (#4714) * clarifying a dir path is required for custom policies (#4716) * chore: update alpine base images (#4715) * fix last-history-created (#4697) * feat: kbom and cyclonedx v1.5 spec support (#4708) * docs: add information about Aqua (#4590) * fix: k8s escape resource filename on windows os (#4693) * feat: cyclondx sbom custom property support (#4688) * add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690) * use group field for jar in cyclonedx (#4674) * feat(java): capture licenses from pom.xml (#4681) * feat(helm): make sessionAffinity configurable (#4623) * fix: Show the correct URL of the secret scanning (#4682) * document expected file pattern definition format (#4654) * fix: format arg error (#4642) * feat(k8s): cyclonedx kbom support (#4557) * fix(nodejs): remove unused fields for the pnpm lockfile (#4630) * fix(vm): update ext4-filesystem parser for parse multi block extents (#4616) * fix(debian): update EOL for Debian 12 (#4647) * chore: unnecessary use of fmt.Sprintf (S1039) (#4637) * fix(db): change argument order in Exists query for JavaDB (#4595) * feat(aws): Add support to see successes in results (#4427) * feat: trivy k8s private registry support (#4567) * docs: add general coverage page (#3859) * chore: create SECURITY.md (#4601) Update to version 0.42.1: * fix(misconf): deduplicate misconf results (#4588) * fix(vm): support sector size of 4096 (#4564) * fix(misconf): terraform relative paths (#4571) * fix(purl): skip unsupported library type (#4577) * fix(terraform): recursively detect all Root Modules (#4457) * fix(vm): support post analyzer for vm command (#4544) * fix(nodejs): change the type of the devDependencies field (#4560) * fix(sbom): export empty dependencies in CycloneDX (#4568) * refactor: add composite fs for post-analyzers (#4556) * feat: add SBOM analyzer (#4210) * fix(sbom): update logic for work with files in spdx format (#4513) * feat: azure workload identity support (#4489) * feat(ubuntu): add eol date for 18.04 ESM (#4524) * fix(misconf): Update required extensions for terraformplan (#4523) * refactor(cyclonedx): add intermediate representation (#4490) * fix(misconf): Remove debug print while scanning (#4521) * fix(java): remove duplicates of jar libs (#4515) * fix(java): fix overwriting project props in pom.xml (#4498) * docs: Update compilation instructions (#4512) * fix(nodejs): update logic for parsing pnpm lock files (#4502) * fix(secret): remove aws-account-id rule (#4494) * feat(oci): add support for referencing an input image by digest (#4470) * docs: fixed the format (#4503) * fix(java): add support of * for exclusions for pom.xml files (#4501) * feat: adding issue template for documentation (#4453) * docs: switch glad to ghsa for Go (#4493) * feat(misconf): Add terraformplan support (#4342) * feat(debian): add digests for dpkg (#4445) * feat(k8s): exclude node scanning by node labels (#4459) * docs: add info about multi-line mode for regexp from custom secret rules (#4159) * feat(cli): convert JSON reports into a different format (#4452) * feat(image): add logic to guess base layer for docker-cis scan (#4344) * fix(cyclonedx): set original names for packages (#4306) * feat: group subcommands (#4449) * feat(cli): add retry to cache operations (#4189) * fix(vuln): report architecture for `apk` packages (#4247) * refactor: enable cases where return values are not needed in pipeline (#4443) * fix(image): resolve scan deadlock when error occurs in slow mode (#4336) * docs(misconf): Update docs for kubernetes file patterns (#4435) * test: k8s integration tests (#4423) * feat(redhat): add package digest for rpm (#4410) * feat(misconf): Add `--reset-policy-bundle` for policy bundle (#4167) * fix: typo (#4431) * add user instruction to imgconf (#4429) * fix(k8s): add image sources (#4411) * docs(scanning): Add versioning banner (#4415) * feat(cli): add mage command to update golden integration test files (#4380) * feat: node-collector custom namespace support (#4407) * refactor(sbom): use multiline json for spdx-json format (#4404) * fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347) * refactor: code-optimization (#4214) * feat(image): Add image-src flag to specify which runtime(s) to use (#4047) * test: skip wrong update of test golden files (#4379) * refactor: don't return error for package.json without version/name (#4377) * docs: cmd error (#4376) * test(cli): add test for config file and env combination (#2666) * fix(report): set a correct file location for license scan output (#4326) * chore(alpine): Update Alpine to 3.18 (#4351) * fix(alpine): add EOL date for Alpine 3.18 (#4308) * feat: allow root break for mapfs (#4094) * docs(misconf): Remove examples.md (#4256) * fix(ubuntu): update eol dates for Ubuntu (#4258) * feat(alpine): add digests for apk packages (#4168) * chore: add discussion templates (#4190) * fix(terraform): Support tfvars (#4123) * chore: separate docs:generate (#4242) * refactor: define vulnerability scanner interfaces (#4117) * feat: unified k8s scan resources (#4188) * chore: trivy bin ignore (#4212) * feat(image): enforce image platform (#4083) * fix(ubuntu): fix version selection logic for ubuntu esm (#4171) * chore: install.sh support for windows (#4155) * docs: moving skipping files out of others (#4154) Update to version 0.41.0: * fix(spdx): add workaround for no src packages (#4118) * test(golang): rename broken go.mod (#4129) * feat(sbom): add supplier field (#4122) * test(misconf): skip downloading of policies for tests #4126 * refactor: use debug message for post-analyze errors (#4037) * feat(sbom): add VEX support (#4053) * feat(sbom): add primary package purpose field for SPDX (#4119) * fix(k8s): fix quiet flag (#4120) * fix(python): parse of pip extras (#4103) * feat(java): use full path for nested jars (#3992) * feat(license): add new flag for classifier confidence level (#4073) * feat: config and fs compliance support (#4097) * feat(spdx): add support for SPDX 2.3 (#4058) * fix: k8s all-namespaces support (#4096) * perf(misconf): replace with post-analyzers (#4090) * fix(helm): update networking API version detection (#4106) * feat(image): custom docker host option (#3599) * style: debug flag is incorrect and needs extra - (#4087) * docs(vuln): Document inline vulnerability filtering comments (#4024) * feat(fs): customize error callback during fs walk (#4038) * fix(ubuntu): skip copyright files from subfolders (#4076) * docs: restructure scanners (#3977) * fix: fix `file does not exist` error for post-analyzers (#4061) Update to version 0.40.0: * feat(flag): Support globstar for `--skip-files` and `--skip-directories` (#4026) * fix: return insecure option to download javadb (#4064) * fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found (#4052) * fix(k8s): current context title (#4055) * fix(k8s): quit support on k8s progress bar (#4021) * chore: add a note about Dockerfile.canary (#4050) * fix(vuln): report architecture for debian packages (#4032) * feat: add support for Chainguard's commercial distro (#3641) * fix(vuln): fix error message for remote scanners (#4031) * feat(report): add image metadata to SARIF (#4020) * docs: fix broken cache link on Installation page (#3999) * fix: lock downloading policies and database (#4017) * fix: avoid concurrent access to the global map (#4014) * feat(rust): add Cargo.lock v3 support (#4012) * feat: auth support oci download server subcommand (#4008) * chore: install.sh support for armv7 (#3985) Update to version 0.39.1: * fix(rust): fix panic when 'dependencies' field is not used in cargo.toml (#3997) * fix(sbom): fix infinite loop for cyclonedx (#3998) * fix: use warning for errors from enrichment files for post-analyzers (#3972) * fix(helm): added annotation to psp configurable from values (#3893) * fix(secret): update built-in rule `tests` (#3855) * test: rewrite scripts in Go (#3968) * docs(cli): Improve glob documentation (#3945) Update to version 0.39.0: * docs(cli): added makefile and go file to create docs (#3930) * feat(cyclonedx): support dependency graph (#3177) * feat(server): redis with public TLS certs support (#3783) * feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866) * chore: replace make with mage (#3932) * fix(sbom): add checksum to files (#3888) * chore: remove unused mount volumes (#3927) * feat: add auth support for downloading OCI artifacts (#3915) * refactor(purl): use epoch in qualifier (#3913) * feat(image): add registry options (#3906) * feat(rust): dependency tree and line numbers support for cargo lock file (#3746) * feat(php): add support for location, licenses and graph for composer.lock files (#3873) * feat(image): discover SBOM in OCI referrers (#3768) * docs: change cache-dir key in config file (#3897) * fix(sbom): use release and epoch for SPDX package version (#3896) * docs: Update incorrect comment for skip-update flag (#3878) * refactor(misconf): simplify policy filesystem (#3875) * feat(nodejs): parse package.json alongside yarn.lock (#3757) * fix(spdx): add PkgDownloadLocation field (#3879) * chore(amazon): update EOL (#3876) * fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877) * feat(amazon): add al2023 support (#3854) * docs(misconf): Add information about selectors (#3703) * docs(cli): update CLI docs with cobra (#3815) * feat: k8s parallel processing (#3693) * docs: add DefectDojo in the Security Management section (#3871) * refactor: add pipeline (#3868) * feat(cli): add javadb metadata to version info (#3835) * feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849) * feat: add node toleration option (#3823) * fix: allow mapfs to open dirs (#3867) * fix(report): update uri only for os class targets (#3846) * feat(nodejs): Add v3 npm lock file support (#3826) * feat(nodejs): parse package.json files alongside package-lock.json (#2916) * docs(misconf): Fix links to built in policies (#3841) Update to version 0.38.3: from 1.86.1 to 1.89.1 * fix(java): skip empty files for jar post analyzer * fix(docker): build healthcheck command for line without /bin/sh prefix * refactor(license): use goyacc for license parser (#3824) 23.0.0-rc.1+incompatible to 23.0.1+incompatible * fix: populate timeout context to node-collector * fix: exclude node collector scanning (#3771) * fix: display correct flag in error message when skipping java db update #3808 * fix: disable jar analyzer for scanners other than vuln (#3810) * fix(sbom): fix incompliant license format for spdx (#3335) * fix(java): the project props take precedence over the parent's props (#3320) * docs: add canary build info to README.md (#3799) * docs: adding link to gh token generation (#3784) * docs: changing docs in accordance with #3460 (#3787) Update to version 0.38.2: * fix(license): disable jar analyzer for licence scan only (#3780) * bump trivy-issue-action to v0.0.0; skip `pkg` dir (#3781) * fix: skip checking dirs for required post-analyzers (#3773) * docs: add information about plugin format (#3749) * fix(sbom): add trivy version to spdx creators tool field (#3756) Update to version 0.38.1: * feat(misconf): Add support to show policy bundle version (#3743) * fix(python): fix error with optional dependencies in pyproject.toml (#3741) * add id for package.json files (#3750) Update to version 0.38.0: * fix(cli): pass integer to exit-on-eol (#3716) * feat: add kubernetes pss compliance (#3498) * feat: Adding --module-dir and --enable-modules (#3677) * feat: add special IDs for filtering secrets (#3702) * docs(misconf): Add guide on input schema (#3692) * feat(go): support dependency graph and show only direct dependencies in the tree (#3691) * feat: docker multi credential support (#3631) * feat: summarize vulnerabilities in compliance reports (#3651) * feat(python): parse pyproject.toml alongside poetry.lock (#3695) * feat(python): add dependency tree for poetry lock file (#3665) * fix(cyclonedx): incompliant affect ref (#3679) * chore(helm): update skip-db-update environment variable (#3657) * fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675) * fix(sbom): export empty dependencies in CycloneDX (#3664) * docs: java-db air-gap doc tweaks (#3561) * feat(go): license support (#3683) * feat(ruby): add dependency tree/location support for Gemfile.lock (#3669) * fix(k8s): k8s label size (#3678) * fix(cyclondx): fix array empty value, null to [] (#3676) * refactor: rewrite gomod analyzer as post-analyzer (#3674) * feat: config outdated-api result filtered by k8s version (#3578) * fix: Update to Alpine 3.17.2 (#3655) * feat: add support for virtual files (#3654) * feat: add post-analyzers (#3640) * feat(python): add dependency locations for Pipfile.lock (#3614) * fix(java): fix groupID selection by ArtifactID for jar files. (#3644) * fix(aws): Adding a fix for update-cache flag that is not applied on AWS scans. (#3619) * feat(cli): add command completion (#3061) * docs(misconf): update dockerfile link (#3627) * feat(flag): add exit-on-eosl option (#3423) * fix(cli): make java db repository configurable (#3595) * chore: bump trivy-kubernetes (#3613) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-268=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): trivy-0.54.1-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-42363.html https://www.suse.com/security/cve/CVE-2024-35192.html https://www.suse.com/security/cve/CVE-2024-6257.html https://bugzilla.suse.com/1224781 https://bugzilla.suse.com/1227022

1 0

SUSE-SU-2024:3062-1: moderate: Security update for podman
by OPENSUSE-SECURITY-UPDATES 30 Aug '24

30 Aug '24

# Security update for podman Announcement ID: SUSE-SU-2024:3062-1 Rating: moderate References: * bsc#1227052 Cross-References: * CVE-2024-6104 CVSS scores: * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-6104: Fixed sensitive information disclosure in log files in go- retryablehttp (bsc#1227052) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3062=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3062=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3062=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3062=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3062=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podmansh-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * openSUSE Leap 15.3 (noarch) * podman-docker-4.9.5-150300.9.34.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * podman-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6104.html * https://bugzilla.suse.com/show_bug.cgi?id=1227052

1 0

openSUSE-SU-2024:0267-1: important: Security update for chromium
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0267-1 Rating: important References: #1229897 Cross-References: CVE-2024-7969 CVE-2024-8193 CVE-2024-8194 CVE-2024-8198 CVSS scores: CVE-2024-7969 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 128.0.6613.113 (boo#1229897) * CVE-2024-7969: Type Confusion in V8 * CVE-2024-8193: Heap buffer overflow in Skia * CVE-2024-8194: Type Confusion in V8 * CVE-2024-8198: Heap buffer overflow in Skia Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-267=1 - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-267=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-128.0.6613.113-bp156.2.20.1 chromedriver-debuginfo-128.0.6613.113-bp156.2.20.1 chromium-128.0.6613.113-bp156.2.20.1 chromium-debuginfo-128.0.6613.113-bp156.2.20.1 - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-128.0.6613.113-bp155.2.108.1 chromium-128.0.6613.113-bp155.2.108.1 References: https://www.suse.com/security/cve/CVE-2024-7969.html https://www.suse.com/security/cve/CVE-2024-8193.html https://www.suse.com/security/cve/CVE-2024-8194.html https://www.suse.com/security/cve/CVE-2024-8198.html https://bugzilla.suse.com/1229897

1 0

SUSE-SU-2024:3054-1: important: Security update for python3-setuptools
by OPENSUSE-SECURITY-UPDATES 28 Aug '24

28 Aug '24

# Security update for python3-setuptools Announcement ID: SUSE-SU-2024:3054-1 Rating: important References: * bsc#1228105 Cross-References: * CVE-2024-6345 CVSS scores: * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-setuptools fixes the following issues: * CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3054=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3054=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3054=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3054=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3054=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3054=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3054=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3054=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3054=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3054=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3054=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3054=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3054=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3054=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3054=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3054=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3054=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3054=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3054=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * Basesystem Module 15-SP5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * Basesystem Module 15-SP6 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Manager Proxy 4.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Manager Server 4.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * openSUSE Leap 15.4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * openSUSE Leap Micro 5.5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * openSUSE Leap 15.5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * openSUSE Leap 15.6 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6345.html * https://bugzilla.suse.com/show_bug.cgi?id=1228105

1 0

SUSE-SU-2024:3055-1: important: Security update for python-setuptools
by OPENSUSE-SECURITY-UPDATES 28 Aug '24

28 Aug '24

# Security update for python-setuptools Announcement ID: SUSE-SU-2024:3055-1 Rating: important References: * bsc#1228105 Cross-References: * CVE-2024-6345 CVSS scores: * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-setuptools fixes the following issues: * CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3055=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3055=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3055=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3055=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3055=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3055=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3055=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3055=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-setuptools-wheel-67.7.2-150400.3.16.1 * python311-setuptools-67.7.2-150400.3.16.1 * openSUSE Leap 15.5 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * openSUSE Leap 15.6 (noarch) * python311-setuptools-wheel-67.7.2-150400.3.16.1 * python311-setuptools-67.7.2-150400.3.16.1 * Public Cloud Module 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * Python 3 Module 15-SP5 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * Python 3 Module 15-SP6 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6345.html * https://bugzilla.suse.com/show_bug.cgi?id=1228105

1 0

SUSE-SU-2024:3031-1: moderate: Security update for keepalived
by OPENSUSE-SECURITY-UPDATES 27 Aug '24

27 Aug '24

# Security update for keepalived Announcement ID: SUSE-SU-2024:3031-1 Rating: moderate References: * bsc#1228123 Cross-References: * CVE-2024-41184 CVSS scores: * CVE-2024-41184 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for keepalived fixes the following issues: * CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3031=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3031=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3031=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3031=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3031=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-3031=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41184.html * https://bugzilla.suse.com/show_bug.cgi?id=1228123

1 0

SUSE-SU-2024:3019-1: moderate: Security update for openssl-3
by OPENSUSE-SECURITY-UPDATES 27 Aug '24

27 Aug '24

# Security update for openssl-3 Announcement ID: SUSE-SU-2024:3019-1 Rating: moderate References: * bsc#1226463 * bsc#1227138 Cross-References: * CVE-2024-5535 CVSS scores: * CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: \- Build with no-afalgeng (bsc#1226463) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3019=1 openSUSE-SLE-15.5-2024-3019=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3019=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.0.8-150500.5.39.1 * openssl-3-debugsource-3.0.8-150500.5.39.1 * openssl-3-3.0.8-150500.5.39.1 * libopenssl-3-devel-3.0.8-150500.5.39.1 * libopenssl3-3.0.8-150500.5.39.1 * openssl-3-debuginfo-3.0.8-150500.5.39.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.39.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.39.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.39.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.39.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150500.5.39.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.39.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.39.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150500.5.39.1 * openssl-3-debugsource-3.0.8-150500.5.39.1 * openssl-3-3.0.8-150500.5.39.1 * libopenssl-3-devel-3.0.8-150500.5.39.1 * libopenssl3-3.0.8-150500.5.39.1 * openssl-3-debuginfo-3.0.8-150500.5.39.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1226463 * https://bugzilla.suse.com/show_bug.cgi?id=1227138

1 0

SUSE-SU-2024:3018-1: moderate: Security update for mariadb
by OPENSUSE-SECURITY-UPDATES 27 Aug '24

27 Aug '24

# Security update for mariadb Announcement ID: SUSE-SU-2024:3018-1 Rating: moderate References: * bsc#1225983 Cross-References: * CVE-2024-21096 CVSS scores: * CVE-2024-21096 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Galera for Ericsson 15 SP3 * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * Updated to 10.5.26 * Updated to 10.5.25: * CVE-2024-21096: Fixed a vulnerability that would allow unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. (bsc#1225983) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3018=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3018=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2024-3018=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3018=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3018=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3018=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * mariadb-test-10.5.26-150300.3.46.1 * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-test-debuginfo-10.5.26-150300.3.46.1 * mariadb-rpm-macros-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * mariadb-bench-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * mariadb-bench-debuginfo-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * mariadb-galera-10.5.26-150300.3.46.1 * openSUSE Leap 15.3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21096.html * https://bugzilla.suse.com/show_bug.cgi?id=1225983

1 0

openSUSE-SU-2024:0194-2: moderate: Security update for keybase-client
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0194-2 Rating: moderate References: #1213928 Cross-References: CVE-2023-29408 CVSS scores: CVE-2023-29408 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-29408 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for keybase-client fixes the following issues: Update to version 6.2.8 * Update client CA * Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch. - Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally. - Integrate KBFS packages previously build via own source package * Upstream integrated these into the same source. * Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch. - Upgrade Go version used for compilation to 1.19. - Use Systemd unit file from upstream source. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-194=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.2.8-bp156.2.3.1 kbfs-debuginfo-6.2.8-bp156.2.3.1 kbfs-git-6.2.8-bp156.2.3.1 kbfs-git-debuginfo-6.2.8-bp156.2.3.1 kbfs-tool-6.2.8-bp156.2.3.1 kbfs-tool-debuginfo-6.2.8-bp156.2.3.1 keybase-client-6.2.8-bp156.2.3.1 keybase-client-debuginfo-6.2.8-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-29408.html https://bugzilla.suse.com/1213928

1 0

openSUSE-SU-2024:0258-2: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0258-2 Rating: important References: #1229426 #1229591 Cross-References: CVE-2024-7964 CVE-2024-7965 CVE-2024-7966 CVE-2024-7967 CVE-2024-7968 CVE-2024-7969 CVE-2024-7971 CVE-2024-7972 CVE-2024-7973 CVE-2024-7974 CVE-2024-7975 CVE-2024-7976 CVE-2024-7977 CVE-2024-7978 CVE-2024-7979 CVE-2024-7980 CVE-2024-7981 CVE-2024-8033 CVE-2024-8034 CVE-2024-8035 CVSS scores: CVE-2024-7964 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7966 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7968 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7969 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7974 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7975 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7976 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7978 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2024-7981 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8033 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8034 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8035 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-258=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-128.0.6613.84-bp156.2.17.1 chromedriver-debuginfo-128.0.6613.84-bp156.2.17.1 chromium-128.0.6613.84-bp156.2.17.1 chromium-debuginfo-128.0.6613.84-bp156.2.17.1 References: https://www.suse.com/security/cve/CVE-2024-7964.html https://www.suse.com/security/cve/CVE-2024-7965.html https://www.suse.com/security/cve/CVE-2024-7966.html https://www.suse.com/security/cve/CVE-2024-7967.html https://www.suse.com/security/cve/CVE-2024-7968.html https://www.suse.com/security/cve/CVE-2024-7969.html https://www.suse.com/security/cve/CVE-2024-7971.html https://www.suse.com/security/cve/CVE-2024-7972.html https://www.suse.com/security/cve/CVE-2024-7973.html https://www.suse.com/security/cve/CVE-2024-7974.html https://www.suse.com/security/cve/CVE-2024-7975.html https://www.suse.com/security/cve/CVE-2024-7976.html https://www.suse.com/security/cve/CVE-2024-7977.html https://www.suse.com/security/cve/CVE-2024-7978.html https://www.suse.com/security/cve/CVE-2024-7979.html https://www.suse.com/security/cve/CVE-2024-7980.html https://www.suse.com/security/cve/CVE-2024-7981.html https://www.suse.com/security/cve/CVE-2024-8033.html https://www.suse.com/security/cve/CVE-2024-8034.html https://www.suse.com/security/cve/CVE-2024-8035.html https://bugzilla.suse.com/1229426 https://bugzilla.suse.com/1229591

1 0

openSUSE-SU-2024:0231-1: moderate: Security update for python-notebook
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for python-notebook ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0231-1 Rating: moderate References: #1227583 Cross-References: CVE-2019-11358 CVE-2021-32798 CVSS scores: CVE-2019-11358 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-32798 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-notebook fixes the following issues: - Update to 5.7.11 * sanitizer fix CVE-2021-32798 (boo#1227583) - Update to 5.7.10 * no upstream changelog - Update to 5.7.9 * Update JQuery dependency to version 3.4.1 to fix security vulnerability (CVE-2019-11358) * Update from preact to React Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-231=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): jupyter-notebook-5.7.11-bp156.4.3.1 jupyter-notebook-doc-5.7.11-bp156.4.3.1 jupyter-notebook-lang-5.7.11-bp156.4.3.1 jupyter-notebook-latex-5.7.11-bp156.4.3.1 python3-notebook-5.7.11-bp156.4.3.1 python3-notebook-lang-5.7.11-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-11358.html https://www.suse.com/security/cve/CVE-2021-32798.html https://bugzilla.suse.com/1227583

1 0

openSUSE-SU-2024:0155-1: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0155-1 Rating: important References: #1225690 Cross-References: CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496 CVE-2024-5497 CVE-2024-5498 CVE-2024-5499 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-155=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-125.0.6422.141-bp156.2.3.1 chromium-125.0.6422.141-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-5493.html https://www.suse.com/security/cve/CVE-2024-5494.html https://www.suse.com/security/cve/CVE-2024-5495.html https://www.suse.com/security/cve/CVE-2024-5496.html https://www.suse.com/security/cve/CVE-2024-5497.html https://www.suse.com/security/cve/CVE-2024-5498.html https://www.suse.com/security/cve/CVE-2024-5499.html https://bugzilla.suse.com/1225690

1 0

openSUSE-SU-2024:0221-1: important: Security update for python-nltk
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0221-1 Rating: important References: #1227174 Cross-References: CVE-2024-39705 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-nltk fixes the following issues: - CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-221=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): python3-nltk-3.7-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2024-39705.html https://bugzilla.suse.com/1227174

1 0

openSUSE-SU-2024:0220-1: moderate: Security update for caddy
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for caddy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0220-1 Rating: moderate References: #1222468 Cross-References: CVE-2023-45142 CVE-2024-22189 CVSS scores: CVE-2023-45142 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-45142 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-22189 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for caddy fixes the following issues: - Update to version 2.8.4: * cmd: fix regression in auto-detect of Caddyfile (#6362) * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: * cmd: fix auto-detetction of .caddyfile extension (#6356) * caddyhttp: properly sanitize requests for root path (#6360) * caddytls: Implement certmagic.RenewalInfoGetter * build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361) - Update to version 2.8.1: * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) - Update to version 2.8.0: * acmeserver: Add `sign_with_root` for Caddyfile (#6345) * caddyfile: Reject global request matchers earlier (#6339) * core: Fix bug in AppIfConfigured (fix #6336) * fix a typo (#6333) * autohttps: Move log WARN to INFO, reduce confusion (#6185) * reverseproxy: Support HTTP/3 transport to backend (#6312) * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292) * Fix lint error about deprecated method in smallstep/certificates/authority * go.mod: Upgrade dependencies * caddytls: fix permission requirement with AutomationPolicy (#6328) * caddytls: remove ClientHelloSNICtxKey (#6326) * caddyhttp: Trace individual middleware handlers (#6313) * templates: Add `pathEscape` template function and use it in file browser (#6278) * caddytls: set server name in context (#6324) * chore: downgrade minimum Go version in go.mod (#6318) * caddytest: normalize the JSON config (#6316) * caddyhttp: New experimental handler for intercepting responses (#6232) * httpcaddyfile: Set challenge ports when http_port or https_port are used * logging: Add support for additional logger filters other than hostname (#6082) * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) * Second half of 6dce493 * caddyhttp: Alter log message when request is unhandled (close #5182) * chore: Bump Go version in CI (#6310) * go.mod: go 1.22.3 * Fix typos (#6311) * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307) * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) * go.mod: CertMagic v0.21.0 * reverseproxy: Implement health_follow_redirects (#6302) * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) * go.mod: Upgrade to quic-go v0.43.1 * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) * caddytls: Ability to drop connections (close #6294) * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289) * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) * caddytls: Evict internal certs from cache based on issuer (#6266) * chore: add warn logs when using deprecated fields (#6276) * caddyhttp: Fix linter warning about deprecation * go.mod: Upgrade to quic-go v0.43.0 * fileserver: Set "Vary: Accept-Encoding" header (see #5849) * events: Add debug log * reverseproxy: handle buffered data during hijack (#6274) * ci: remove `android` and `plan9` from cross-build workflow (#6268) * run `golangci-lint run --fix --fast` (#6270) * caddytls: Option to configure certificate lifetime (#6253) * replacer: Implement `file.*` global replacements (#5463) * caddyhttp: Address some Go 1.20 features (#6252) * Quell linter (false positive) * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263) * caddytls: Add Caddyfile support for on-demand permission module (close #6260) * reverseproxy: Remove long-deprecated buffering properties * reverseproxy: Reuse buffered request body even if partially drained * reverseproxy: Accept EOF when buffering * logging: Fix default access logger (#6251) * fileserver: Improve Vary handling (#5849) * cmd: Only validate config is proper JSON if config slice has data (#6250) * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) * encode: Slight fix for the previous commit * encode: Improve Etag handling (fix #5849) * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148) * caddyfile: Populate regexp matcher names by default (#6145) * caddyhttp: record num. bytes read when response writer is hijacked (#6173) * caddyhttp: Support multiple logger names per host (#6088) * chore: fix some typos in comments (#6243) * encode: Configurable compression level for zstd (#6140) * caddytls: Remove shim code supporting deprecated lego-dns (#6231) * connection policy: add `local_ip` matcher (#6074) * reverseproxy: Wait for both ends of websocket to close (#6175) * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * caddytls: Still provision permission module if ask is specified * fileserver: read etags from precomputed files (#6222) * fileserver: Escape # and ? in img src (fix #6237) * reverseproxy: Implement modular CA provider for TLS transport (#6065) * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) * cmd: Fix panic related to config filename (fix #5919) * cmd: Assume Caddyfile based on filename prefix and suffix (#5919) * admin: Make `Etag` a header, not a trailer (#6208) * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227) * gitignore: Add rule for caddyfile.go (#6225) * chore: Fix broken links in README.md (#6223) * chore: Upgrade some dependencies (#6221) * caddyhttp: Add plaintext response to `file_server browse` (#6093) * admin: Use xxhash for etag (#6207) * modules: fix some typo in conments (#6206) * caddyhttp: Replace sensitive headers with REDACTED (close #5669) * caddyhttp: close quic connections when server closes (#6202) * reverseproxy: Use xxhash instead of fnv32 for LB (#6203) * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182) * chore: upgrade deps (#6198) * chore: remove repetitive word (#6193) * Added a null check to avoid segfault on rewrite query ops (#6191) * rewrite: `uri query` replace operation (#6165) * logging: support `ms` duration format and add docs (#6187) * replacer: use RWMutex to protect static provider (#6184) * caddyhttp: Allow `header` replacement with empty string (#6163) * vars: Make nil values act as empty string instead of `"<nil>"` (#6174) * chore: Update quic-go to v0.42.0 (#6176) * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) * reverseproxy: configurable active health_passes and health_fails (#6154) * reverseproxy: Configurable forward proxy URL (#6114) * caddyhttp: upgrade to cel v0.20.0 (#6161) * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) * caddyhttp: suppress flushing if the response is being buffered (#6150) * chore: encode: use FlushError instead of Flush (#6168) * encode: write status immediately when status code is informational (#6164) * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153) * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865) * rewrite: Implement `uri query` operations (#6120) * fix struct names (#6151) * fileserver: Preserve query during canonicalization redirect (#6109) * logging: Implement `log_append` handler (#6066) * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113) * logging: Implement `append` encoder, allow flatter filters config (#6069) * ci: fix the integration test `TestLeafCertLoaders` (#6149) * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108) * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) * cmd: Adjust config load logs/errors (#6032) * reverseproxy: SRV dynamic upstream failover (#5832) * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) * core: OnExit hooks (#6128) * cmd: fix the output of the `Usage` section (#6138) * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) * acmeserver: add policy field to define allow/deny rules (#5796) * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119) * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) * caddyfile: Assert having a space after heredoc marker to simply check (#6117) * chore: Update Chroma to get the new Caddyfile lexer (#6118) * reverseproxy: use context.WithoutCancel (#6116) * caddyfile: Reject directives in the place of site addresses (#6104) * caddyhttp: Register post-shutdown callbacks (#5948) * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) * caddyauth: Drop support for `scrypt` (#6091) * Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100) * caddyauth: Rename `basicauth` to `basic_auth` (#6092) * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094) * caddyfile: Reject long heredoc markers (#6098) * chore: Rename CI jobs, run on M1 mac (#6089) * update comment * improved list * fix: add back text/* * fix: add more media types to the compressed by default list * acmeserver: support specifying the allowed challenge types (#5794) * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085) * caddyhttp: Test cases for `%2F` and `%252F` (#6084) * bump to golang 1.22 (#6083) * fileserver: Browse can show symlink target if enabled (#5973) * core: Support NO_COLOR env var to disable log coloring (#6078) * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) * Update comment in setcap helper script * caddytls: Make on-demand 'ask' permission modular (#6055) * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) * chore: enabling a few more linters (#5961) * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) * caddyfile: Switch to slices.Equal for better performance (#6061) * tls: modularize trusted CA providers (#5784) * logging: Automatic `wrap` default for `filter` encoder (#5980) * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) * caddyfile: Normalize & flatten all unmarshalers (#6037) * cmd: reverseproxy: log: use caddy logger (#6042) * matchers: `query` now ANDs multiple keys (#6054) * caddyfile: Add heredoc support to `fmt` command (#6056) * refactor: move automaxprocs init in caddycmd.Main() * caddyfile: Allow heredoc blank lines (#6051) * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844) * fileserver: Implement caddyfile.Unmarshaler interface (#5850) * reverseproxy: Add `tls_curves` option to HTTP transport (#5851) * caddyhttp: Security enhancements for client IP parsing (#5805) * replacer: Fix escaped closing braces (#5995) * filesystem: Globally declared filesystems, `fs` directive (#5833) * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) * httpcaddyfile: Fix redir <to> html (#6001) * httpcaddyfile: Support client auth verifiers (#6022) * tls: add reuse_private_keys (#6025) * reverseproxy: Only change Content-Length when full request is buffered (#5830) * Switch Solaris-derivatives away from listen_unix (#6021) * build(deps): bump actions/upload-artifact from 3 to 4 (#6013) * build(deps): bump actions/setup-go from 4 to 5 (#6012) * chore: check against errors of `io/fs` instead of `os` (#6011) * caddyhttp: support unix sockets in `caddy respond` command (#6010) * fileserver: Add total file size to directory listing (#6003) * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) * cmd: use automaxprocs for better perf in containers (#5711) * logging: Add `zap.Option` support (#5944) * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990) * metrics: Record request metrics on HTTP errors (#5979) * go.mod: Updated quic-go to v0.40.1 (#5983) * fileserver: Enable compression for command by default (#5855) * fileserver: New --precompressed flag (#5880) * caddyhttp: Add `uuid` to access logs when used (#5859) * proxyprotocol: use github.com/pires/go-proxyproto (#5915) * cmd: Preserve LastModified date when exporting storage (#5968) * core: Always make AppDataDir for InstanceID (#5976) * chore: cross-build for AIX (#5971) * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - CVEs: * CVE-2024-22189 (boo#1222468) * CVE-2023-45142 - Update to version 2.7.6: * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - Update to version 2.7.5: * admin: Respond with 4xx on non-existing config path (#5870) * ci: Force the Go version for govulncheck (#5879) * fileserver: Set canonical URL on browse template (#5867) * tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) * reverseproxy: Add more debug logs (#5793) * reverseproxy: Fix `least_conn` policy regression (#5862) * reverseproxy: Add logging for dynamic A upstreams (#5857) * reverseproxy: Replace health header placeholders (#5861) * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) * reverseproxy: Fix retries on "upstreams unavailable" error (#5841) * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) * encode: Add `application/wasm*` to the default content types (#5869) * fileserver: Add command shortcuts `-l` and `-a` (#5854) * go.mod: Upgrade dependencies incl. x/net/http * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) * reverseproxy: Allow fallthrough for response handlers without routes (#5780) * fix: caddytest.AssertResponseCode error message (#5853) * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) * build(deps): bump actions/checkout from 3 to 4 (#5846) * caddyhttp: Use LimitedReader for HTTPRedirectListener * fileserver: browse template SVG icons and UI tweaks (#5812) * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) * httpcaddyfile: fix placeholder shorthands in named routes (#5791) * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) * ci: Run govulncheck (#5790) * logging: query filter for array of strings (#5779) * logging: Clone array on log filters, prevent side-effects (#5786) * fileserver: Export BrowseTemplate * ci: ensure short-sha is exported correctly on all platforms (#5781) * caddyfile: Fix case where heredoc marker is empty after newline (#5769) * go.mod: Update quic-go to v0.38.0 (#5772) * chore: Appease gosec linter (#5777) * replacer: change timezone to UTC for "time.now.http" placeholders (#5774) * caddyfile: Adjust error formatting (#5765) * update quic-go to v0.37.6 (#5767) * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) * caddyfile: Loosen heredoc parsing (#5761) * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) * fix package typo (#5764) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-220=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): caddy-2.8.4-bp156.3.3.1 - openSUSE Backports SLE-15-SP6 (noarch): caddy-bash-completion-2.8.4-bp156.3.3.1 caddy-fish-completion-2.8.4-bp156.3.3.1 caddy-zsh-completion-2.8.4-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2023-45142.html https://www.suse.com/security/cve/CVE-2024-22189.html https://bugzilla.suse.com/1222468

1 0

openSUSE-SU-2024:0206-1: moderate: Security update for cockpit
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for cockpit ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0206-1 Rating: moderate References: #1226040 #1227299 Cross-References: CVE-2024-6126 CVSS scores: CVE-2024-6126 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cockpit fixes the following issues: - new version 320: * pam-ssh-add: Fix insecure killing of session ssh-agent (boo#1226040, CVE-2024-6126) - changes in older versions: * Storage: Btrfs snapshots * Podman: Add image pull action * Files: Bookmark support * webserver: System user changes * Metrics: Grafana setup now prefers Valkey - Invalid json against the storaged manifest boo#1227299 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-206=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): cockpit-320-bp156.2.6.3 cockpit-bridge-320-bp156.2.6.3 cockpit-devel-320-bp156.2.6.3 cockpit-pcp-320-bp156.2.6.3 cockpit-ws-320-bp156.2.6.3 - openSUSE Backports SLE-15-SP6 (noarch): cockpit-doc-320-bp156.2.6.3 cockpit-kdump-320-bp156.2.6.3 cockpit-networkmanager-320-bp156.2.6.3 cockpit-packagekit-320-bp156.2.6.3 cockpit-selinux-320-bp156.2.6.3 cockpit-storaged-320-bp156.2.6.3 cockpit-system-320-bp156.2.6.3 References: https://www.suse.com/security/cve/CVE-2024-6126.html https://bugzilla.suse.com/1226040 https://bugzilla.suse.com/1227299

1 0

openSUSE-SU-2024:0226-1: moderate: Security update for gh
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for gh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0226-1 Rating: moderate References: #1227035 Cross-References: CVE-2024-6104 CVSS scores: CVE-2024-6104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-6104 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Enable to use --web even though editor is enabled by config * Add editor hint message * Use prefer_editor_prompt config by `issue create` * Add prefer_editor_prompt config * Add `issue create --editor` * Update create.go * gh attestation trusted-root subcommand (#9206) * Fetch variable selected repo relationship when required * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` option support * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-226=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gh-2.53.0-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (noarch): gh-bash-completion-2.53.0-bp156.2.6.1 gh-fish-completion-2.53.0-bp156.2.6.1 gh-zsh-completion-2.53.0-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-6104.html https://bugzilla.suse.com/1227035

1 0

openSUSE-SU-2024:0157-2: important: Security update for nano
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for nano ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0157-2 Rating: important References: #1226099 Cross-References: CVE-2024-5742 CVSS scores: CVE-2024-5742 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-157=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): nano-7.2-bp156.3.3.1 nano-debuginfo-7.2-bp156.3.3.1 nano-debugsource-7.2-bp156.3.3.1 - openSUSE Backports SLE-15-SP6 (noarch): nano-lang-7.2-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-5742.html https://bugzilla.suse.com/1226099

1 0

openSUSE-SU-2024:0254-2: important: Security update for chromium, gn, rust-bindgen
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium, gn, rust-bindgen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0254-2 Rating: important References: #1228628 #1228940 #1228941 #1228942 Cross-References: CVE-2024-6988 CVE-2024-6989 CVE-2024-6990 CVE-2024-6991 CVE-2024-6992 CVE-2024-6993 CVE-2024-6994 CVE-2024-6995 CVE-2024-6996 CVE-2024-6997 CVE-2024-6998 CVE-2024-6999 CVE-2024-7000 CVE-2024-7001 CVE-2024-7003 CVE-2024-7004 CVE-2024-7005 CVE-2024-7255 CVE-2024-7256 CVE-2024-7532 CVE-2024-7533 CVE-2024-7534 CVE-2024-7535 CVE-2024-7536 CVE-2024-7550 CVSS scores: CVE-2024-6988 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6989 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6990 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6991 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6994 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6995 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2024-6996 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-6997 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6999 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7000 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7001 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7003 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7004 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7005 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7255 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7532 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7533 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7534 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7535 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7536 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7550 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn gh: - Update to version 0.20240730: * Rust: link_output, depend_output and runtime_outputs for dylibs * Add missing reference section to function_toolchain.cc * Do not cleanup args.gn imports located in the output directory. * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule * Do not add native dependencies to the library search path * Support linking frameworks and swiftmodules in Rust targets * [desc] Silence print() statements when outputing json * infra: Move CI/try builds to Ubuntu-22.04 * [MinGW] Fix mingw building issues * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn * [template] Fix "rule alink_thin" in the //build/build_linux.ninja.template * Allow multiple --ide switches * [src] Add "#include <limits>" in the //src/base/files/file_enumerator_win.cc * Get updates to infra/recipes.py from upstream * Revert "Teach gn to handle systems with > 64 processors" * [apple] Rename the code-signing properties of create_bundle * Fix a typo in "gn help refs" output * Revert "[bundle] Use "phony" builtin tool for create_bundle targets" * [bundle] Use "phony" builtin tool for create_bundle targets * [ios] Simplify handling of assets catalog * [swift] List all outputs as deps of "source_set" stamp file * [swift] Update `gn check ...` to consider the generated header * [swift] Set `restat = 1` to swift build rules * Fix build with gcc12 * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude() * [swift] Remove problematic use of "stamp" tool * Implement new --ninja-outputs-file option. * Add NinjaOutputsWriter class * Move InvokePython() function to its own source file. * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat * Enable C++ runtime assertions in debug mode. * Fix regression in MakeRelativePath() * fix: Fix Windows MakeRelativePath. * Add long path support for windows * Ensure read_file() files are considered by "gn analyze" * apply 2to3 to for some Python scripts * Add rustflags to desc and help output * strings: support case insensitive check only in StartsWith/EndsWith * add .git-blame-ignore-revs * use std::{string,string_view}::{starts_with,ends_with} * apply clang-format to all C++ sources * add forward declaration in rust_values.h * Add `root_patterns` list to build configuration. * Use c++20 in GN build * update windows sdk to 2024-01-11 * update windows sdk * Add linux-riscv64. * Update OWNERS list. * remove unused function * Ignore build warning -Werror=redundant-move * Fix --as=buildfile `gn desc deps` output. * Update recipe engine to 9dea1246. * treewide: Fix spelling mistakes Added rust-bindgen: - Version 0.69.1 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-254=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gn-0.20240730-bp156.2.3.1 gn-debuginfo-0.20240730-bp156.2.3.1 gn-debugsource-0.20240730-bp156.2.3.1 rust-bindgen-0.69.1-bp156.2.1 rust-bindgen-debuginfo-0.69.1-bp156.2.1 - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-127.0.6533.119-bp156.2.14.1 chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1 chromium-127.0.6533.119-bp156.2.14.1 chromium-debuginfo-127.0.6533.119-bp156.2.14.1 References: https://www.suse.com/security/cve/CVE-2024-6988.html https://www.suse.com/security/cve/CVE-2024-6989.html https://www.suse.com/security/cve/CVE-2024-6990.html https://www.suse.com/security/cve/CVE-2024-6991.html https://www.suse.com/security/cve/CVE-2024-6992.html https://www.suse.com/security/cve/CVE-2024-6993.html https://www.suse.com/security/cve/CVE-2024-6994.html https://www.suse.com/security/cve/CVE-2024-6995.html https://www.suse.com/security/cve/CVE-2024-6996.html https://www.suse.com/security/cve/CVE-2024-6997.html https://www.suse.com/security/cve/CVE-2024-6998.html https://www.suse.com/security/cve/CVE-2024-6999.html https://www.suse.com/security/cve/CVE-2024-7000.html https://www.suse.com/security/cve/CVE-2024-7001.html https://www.suse.com/security/cve/CVE-2024-7003.html https://www.suse.com/security/cve/CVE-2024-7004.html https://www.suse.com/security/cve/CVE-2024-7005.html https://www.suse.com/security/cve/CVE-2024-7255.html https://www.suse.com/security/cve/CVE-2024-7256.html https://www.suse.com/security/cve/CVE-2024-7532.html https://www.suse.com/security/cve/CVE-2024-7533.html https://www.suse.com/security/cve/CVE-2024-7534.html https://www.suse.com/security/cve/CVE-2024-7535.html https://www.suse.com/security/cve/CVE-2024-7536.html https://www.suse.com/security/cve/CVE-2024-7550.html https://bugzilla.suse.com/1228628 https://bugzilla.suse.com/1228940 https://bugzilla.suse.com/1228941 https://bugzilla.suse.com/1228942

1 0

openSUSE-SU-2024:0161-1: moderate: Security update for plasma5-workspace
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for plasma5-workspace ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0161-1 Rating: moderate References: #1225774 #1226110 Cross-References: CVE-2024-36041 CVSS scores: CVE-2024-36041 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: plasma5-workspace was updated to fix the following issue: - Fixed ksmserver authentication (CVE-2024-36041, boo#1225774). - Fixed a regression introduced by the preceding change (kde#487912, boo#1226110): Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-161=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64): gmenudbusmenuproxy-5.27.11-bp156.3.3.1 plasma5-session-wayland-5.27.11-bp156.3.3.1 plasma5-workspace-5.27.11-bp156.3.3.1 plasma5-workspace-devel-5.27.11-bp156.3.3.1 plasma5-workspace-libs-5.27.11-bp156.3.3.1 xembedsniproxy-5.27.11-bp156.3.3.1 - openSUSE Backports SLE-15-SP6 (noarch): plasma5-session-5.27.11-bp156.3.3.1 plasma5-workspace-lang-5.27.11-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-36041.html https://bugzilla.suse.com/1225774 https://bugzilla.suse.com/1226110

1 0

openSUSE-SU-2024:0203-1: critical: Security update for znc
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for znc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0203-1 Rating: critical References: #1227393 Cross-References: CVE-2024-39844 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for znc fixes the following issues: Update to 1.9.1 (boo#1227393, CVE-2024-39844) * This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. * Improve tooltips in webadmin. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-203=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): znc-1.9.1-bp156.2.3.1 znc-devel-1.9.1-bp156.2.3.1 znc-perl-1.9.1-bp156.2.3.1 znc-python3-1.9.1-bp156.2.3.1 znc-tcl-1.9.1-bp156.2.3.1 - openSUSE Backports SLE-15-SP6 (noarch): znc-lang-1.9.1-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-39844.html https://bugzilla.suse.com/1227393

1 0

openSUSE-SU-2024:0150-2: moderate: Security update for libhtp
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for libhtp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0150-2 Rating: moderate References: #1220403 Cross-References: CVE-2024-23837 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service (boo#1220403) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-150=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): libhtp-debugsource-0.5.42-bp156.3.3.1 libhtp-devel-0.5.42-bp156.3.3.1 libhtp2-0.5.42-bp156.3.3.1 libhtp2-debuginfo-0.5.42-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-23837.html https://bugzilla.suse.com/1220403

1 0

openSUSE-SU-2024:0224-2: moderate: Security update for keybase-client
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0224-2 Rating: moderate References: #1227167 Cross-References: CVE-2024-24792 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for keybase-client fixes the following issues: - Update the Image dependency to address CVE-2024-24792 (boo#1227167). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-224=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.2.8-bp156.2.6.1 kbfs-debuginfo-6.2.8-bp156.2.6.1 kbfs-git-6.2.8-bp156.2.6.1 kbfs-git-debuginfo-6.2.8-bp156.2.6.1 kbfs-tool-6.2.8-bp156.2.6.1 kbfs-tool-debuginfo-6.2.8-bp156.2.6.1 keybase-client-6.2.8-bp156.2.6.1 keybase-client-debuginfo-6.2.8-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-24792.html https://bugzilla.suse.com/1227167

1 0

openSUSE-SU-2024:0168-1: important: Security update for gdcm
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for gdcm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0168-1 Rating: important References: #1223398 Cross-References: CVE-2024-22373 CVSS scores: CVE-2024-22373 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gdcm fixes the following issues: - CVE-2024-22373: Fixed out-of-bounds write vulnerability in JPEG2000Codec::DecodeByStreamsCommon (boo#1223398). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-168=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): gdcm-3.0.24-bp156.2.4.1 gdcm-applications-3.0.24-bp156.2.4.1 gdcm-devel-3.0.24-bp156.2.4.1 gdcm-examples-3.0.24-bp156.2.4.1 libgdcm3_0-3.0.24-bp156.2.4.1 libsocketxx1_2-3.0.24-bp156.2.4.1 python3-gdcm-3.0.24-bp156.2.4.1 References: https://www.suse.com/security/cve/CVE-2024-22373.html https://bugzilla.suse.com/1223398

1 0

openSUSE-SU-2024:0212-2: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0212-2 Rating: important References: #1227979 Cross-References: CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 126.0.6478.182 (boo#1227979): - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use after free in Audio - CVE-2024-6777: Use after free in Navigation - CVE-2024-6778: Race in DevTools - CVE-2024-6779: Out of bounds memory access in V8 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-212=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-126.0.6478.182-bp156.2.11.1 chromedriver-debuginfo-126.0.6478.182-bp156.2.11.1 chromium-126.0.6478.182-bp156.2.11.1 chromium-debuginfo-126.0.6478.182-bp156.2.11.1 References: https://www.suse.com/security/cve/CVE-2024-6772.html https://www.suse.com/security/cve/CVE-2024-6773.html https://www.suse.com/security/cve/CVE-2024-6774.html https://www.suse.com/security/cve/CVE-2024-6775.html https://www.suse.com/security/cve/CVE-2024-6776.html https://www.suse.com/security/cve/CVE-2024-6777.html https://www.suse.com/security/cve/CVE-2024-6778.html https://www.suse.com/security/cve/CVE-2024-6779.html https://bugzilla.suse.com/1227979

1 0

openSUSE-SU-2024:0258-1: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0258-1 Rating: important References: #1229426 #1229591 Cross-References: CVE-2024-7964 CVE-2024-7965 CVE-2024-7966 CVE-2024-7967 CVE-2024-7968 CVE-2024-7969 CVE-2024-7971 CVE-2024-7972 CVE-2024-7973 CVE-2024-7974 CVE-2024-7975 CVE-2024-7976 CVE-2024-7977 CVE-2024-7978 CVE-2024-7979 CVE-2024-7980 CVE-2024-7981 CVE-2024-8033 CVE-2024-8034 CVE-2024-8035 CVSS scores: CVE-2024-7964 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7966 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7968 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7969 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7974 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7975 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7976 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7978 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2024-7981 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8033 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8034 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8035 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-258=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-128.0.6613.84-bp155.2.105.1 chromium-128.0.6613.84-bp155.2.105.1 References: https://www.suse.com/security/cve/CVE-2024-7964.html https://www.suse.com/security/cve/CVE-2024-7965.html https://www.suse.com/security/cve/CVE-2024-7966.html https://www.suse.com/security/cve/CVE-2024-7967.html https://www.suse.com/security/cve/CVE-2024-7968.html https://www.suse.com/security/cve/CVE-2024-7969.html https://www.suse.com/security/cve/CVE-2024-7971.html https://www.suse.com/security/cve/CVE-2024-7972.html https://www.suse.com/security/cve/CVE-2024-7973.html https://www.suse.com/security/cve/CVE-2024-7974.html https://www.suse.com/security/cve/CVE-2024-7975.html https://www.suse.com/security/cve/CVE-2024-7976.html https://www.suse.com/security/cve/CVE-2024-7977.html https://www.suse.com/security/cve/CVE-2024-7978.html https://www.suse.com/security/cve/CVE-2024-7979.html https://www.suse.com/security/cve/CVE-2024-7980.html https://www.suse.com/security/cve/CVE-2024-7981.html https://www.suse.com/security/cve/CVE-2024-8033.html https://www.suse.com/security/cve/CVE-2024-8034.html https://www.suse.com/security/cve/CVE-2024-8035.html https://bugzilla.suse.com/1229426 https://bugzilla.suse.com/1229591

1 0

SUSE-SU-2024:3001-1: important: Security update for xen
by OPENSUSE-SECURITY-UPDATES 23 Aug '24

23 Aug '24

# Security update for xen Announcement ID: SUSE-SU-2024:3001-1 Rating: important References: * bsc#1228574 * bsc#1228575 Cross-References: * CVE-2024-31145 * CVE-2024-31146 CVSS scores: * CVE-2024-31145 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-31146 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) * CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3001=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3001=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3001=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3001=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3001=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3001=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3001=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3001=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-debuginfo-4.14.6_18-150300.3.78.1 * xen-libs-32bit-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-doc-html-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_18-150300.3.78.1 * xen-libs-64bit-debuginfo-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31145.html * https://www.suse.com/security/cve/CVE-2024-31146.html * https://bugzilla.suse.com/show_bug.cgi?id=1228574 * https://bugzilla.suse.com/show_bug.cgi?id=1228575

1 0

SUSE-SU-2024:3003-1: important: Security update for MozillaFirefox
by OPENSUSE-SECURITY-UPDATES 23 Aug '24

23 Aug '24

# Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:3003-1 Rating: important References: * bsc#1226316 * bsc#1228648 Cross-References: * CVE-2024-6600 * CVE-2024-6601 * CVE-2024-6602 * CVE-2024-6603 * CVE-2024-6604 * CVE-2024-6605 * CVE-2024-6606 * CVE-2024-6607 * CVE-2024-6608 * CVE-2024-6609 * CVE-2024-6610 * CVE-2024-6611 * CVE-2024-6612 * CVE-2024-6613 * CVE-2024-6614 * CVE-2024-6615 * CVE-2024-7518 * CVE-2024-7519 * CVE-2024-7520 * CVE-2024-7521 * CVE-2024-7522 * CVE-2024-7524 * CVE-2024-7525 * CVE-2024-7526 * CVE-2024-7527 * CVE-2024-7528 * CVE-2024-7529 * CVE-2024-7531 CVSS scores: * CVE-2024-6600 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-6601 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-6602 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2024-6603 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-6604 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6605 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-6606 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L * CVE-2024-6607 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-6608 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-6609 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2024-6610 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L * CVE-2024-6611 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-6612 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-6614 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-6615 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7518 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-7518 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-7519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7519 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2024-7520 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7520 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7521 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7521 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7522 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2024-7522 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7524 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7525 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7525 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-7526 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2024-7526 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-7527 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7527 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7528 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7528 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7529 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-7529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-7531 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2024-7531 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * Desktop Applications Module 15-SP5 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 28 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648) \- CVE-2024-7518: Fullscreen notification dialog can be obscured by document \- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling \- CVE-2024-7520: Type confusion in WebAssembly \- CVE-2024-7521: Incomplete WebAssembly exception handing \- CVE-2024-7522: Out of bounds read in editor component \- CVE-2024-7524: CSP strict-dynamic bypass using web- compatibility shims \- CVE-2024-7525: Missing permission check when creating a StreamFilter \- CVE-2024-7526: Uninitialized memory used by WebGL \- CVE-2024-7527: Use-after-free in JavaScript garbage collection \- CVE-2024-7528: Use-after-free in IndexedDB \- CVE-2024-7529: Document content could partially obscure security prompts \- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3003=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3003=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3003=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3003=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3003=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3003=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3003=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3003=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3003=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3003=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3003=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3003=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3003=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-branding-upstream-128.1.0-150200.152.146.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * openSUSE Leap 15.6 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP6 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-branding-upstream-128.1.0-150200.152.146.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6600.html * https://www.suse.com/security/cve/CVE-2024-6601.html * https://www.suse.com/security/cve/CVE-2024-6602.html * https://www.suse.com/security/cve/CVE-2024-6603.html * https://www.suse.com/security/cve/CVE-2024-6604.html * https://www.suse.com/security/cve/CVE-2024-6605.html * https://www.suse.com/security/cve/CVE-2024-6606.html * https://www.suse.com/security/cve/CVE-2024-6607.html * https://www.suse.com/security/cve/CVE-2024-6608.html * https://www.suse.com/security/cve/CVE-2024-6609.html * https://www.suse.com/security/cve/CVE-2024-6610.html * https://www.suse.com/security/cve/CVE-2024-6611.html * https://www.suse.com/security/cve/CVE-2024-6612.html * https://www.suse.com/security/cve/CVE-2024-6613.html * https://www.suse.com/security/cve/CVE-2024-6614.html * https://www.suse.com/security/cve/CVE-2024-6615.html * https://www.suse.com/security/cve/CVE-2024-7518.html * https://www.suse.com/security/cve/CVE-2024-7519.html * https://www.suse.com/security/cve/CVE-2024-7520.html * https://www.suse.com/security/cve/CVE-2024-7521.html * https://www.suse.com/security/cve/CVE-2024-7522.html * https://www.suse.com/security/cve/CVE-2024-7524.html * https://www.suse.com/security/cve/CVE-2024-7525.html * https://www.suse.com/security/cve/CVE-2024-7526.html * https://www.suse.com/security/cve/CVE-2024-7527.html * https://www.suse.com/security/cve/CVE-2024-7528.html * https://www.suse.com/security/cve/CVE-2024-7529.html * https://www.suse.com/security/cve/CVE-2024-7531.html * https://bugzilla.suse.com/show_bug.cgi?id=1226316 * https://bugzilla.suse.com/show_bug.cgi?id=1228648

1 0

openSUSE-SU-2024:0257-1: moderate: Security update for roundcubemail
by opensuse-security＠opensuse.org 21 Aug '24

21 Aug '24

openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0257-1 Rating: moderate References: #1216895 Cross-References: CVE-2023-47272 CVSS scores: CVE-2023-47272 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for roundcubemail fixes the following issues: Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Reported by Huy Nguyễn Phạm Nhật. * Fix command injection via crafted im_convert_path/im_identify_path on Windows. Reported by Huy Nguyễn Phạm Nhật. CHANGELOG * Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) * Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) * Fix bug in collapsing/expanding folders with some special characters in names (#9324) * Fix PHP8 warnings (#9363, #9365, #9429) * Fix missing field labels in CSV import, for some locales (#9393) * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences * Fix command injection via crafted im_convert_path/im_identify_path on Windows Update to 1.6.6: * Fix regression in handling LDAP search_fields configuration parameter (#9210) * Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3 * Fix page jump menu flickering on click (#9196) * Update to TinyMCE 5.10.9 security release (#9228) * Fix PHP8 warnings (#9235, #9238, #9242, #9306) * Fix saving other encryption settings besides enigma's (#9240) * Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237) * Fix TinyMCE localization installation (#9266) * Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257) * Fix IMAP GETMETADATA command with options - RFC5464 Update to 1.6.5 (boo#1216895): * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download CVE-2023-47272 Other changes: * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) * Fix PHP warnings (#9174) * Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) * Fix bug where images attached to application/smil messages weren't displayed (#8870) * Fix PHP string replacement error in utils/error.php (#9185) * Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-257=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): roundcubemail-1.6.7-bp155.2.9.1 References: https://www.suse.com/security/cve/CVE-2023-47272.html https://bugzilla.suse.com/1216895

1 0

Fwd: SUSE-RU-2024:2017-1: important: Recommended update for transactional-update
by Thomas Röther 20 Aug '24

20 Aug '24

-------- Ursprüngliche Nachricht -------- Von: "Thomas Röther" <thomas(a)roether.at> Gesendet: 20. August 2024 15:07:08 MESZ An: opensuse-updates+unsubscribe(a)opensuse.org Betreff: Fwd: SUSE-RU-2024:2017-1: important: Recommended update for transactional-update -------- Ursprüngliche Nachricht -------- Von: OPENSUSE-UPDATES <null(a)suse.de> Gesendet: 20. August 2024 14:31:05 MESZ An: updates(a)lists.opensuse.org Betreff: SUSE-RU-2024:2017-1: important: Recommended update for transactional-update # Recommended update for transactional-update Announcement ID: SUSE-RU-2024:2017-1 Rating: important References: * bsc#1221346 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one fix can now be installed. ## Description: This update for transactional-update fixes the following issues: * tukit: Properly handle overlay syncing failures: If the system would not be rebooted and several snapshots accumulated in the meantime, it was possible that the previous base snapshot "required for /etc syncing" was deleted already. In that case changes in /etc might have been reset (gh#openSUSE/transactional-update#116) (gh#kube-hetzner/terraform-hcloud- kube-hetzner#1287) * Always use zypper of installed system (bsc#1221346) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-2017=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2017=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2017=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1221346

1 0

SUSE-SU-2024:2977-1: important: Security update for qemu
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for qemu Announcement ID: SUSE-SU-2024:2977-1 Rating: important References: * bsc#1212968 * bsc#1215311 * bsc#1227322 Cross-References: * CVE-2023-2861 * CVE-2024-4467 CVSS scores: * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-2861 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968) * CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) Other fixes: \- Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-2977=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2977=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2977=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2977=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2977=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2977=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2977=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2977=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-vhost-user-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-vhost-user-gpu-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ivshmem-tools-debuginfo-5.2.0-150300.130.1 * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-linux-user-debuginfo-5.2.0-150300.130.1 * qemu-block-nfs-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-block-gluster-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * qemu-block-dmg-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-testsuite-5.2.0-150300.130.2 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-hw-usb-smartcard-5.2.0-150300.130.1 * qemu-block-nfs-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * qemu-ivshmem-tools-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-block-gluster-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-extra-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-block-dmg-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * qemu-linux-user-5.2.0-150300.130.1 * qemu-linux-user-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-extra-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.130.1 * qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * openSUSE Leap 15.3 (s390x x86_64 i586) * qemu-kvm-5.2.0-150300.130.1 * openSUSE Leap 15.3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-microvm-5.2.0-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * qemu-kvm-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Enterprise Storage 7.1 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2024-4467.html * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1215311 * https://bugzilla.suse.com/show_bug.cgi?id=1227322

1 0

SUSE-SU-2024:1499-2: low: Security update for java-17-openjdk
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for java-17-openjdk Announcement ID: SUSE-SU-2024:1499-2 Rating: low References: * bsc#1213470 * bsc#1222979 * bsc#1222983 * bsc#1222986 * bsc#1222987 Cross-References: * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21094 CVSS scores: * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: * CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) * CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) * CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: \- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes \+ JDK-8318340: Improve RSA key implementations * Other changes \+ JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS \+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. \+ JDK-7167356: (javac) investigate failing tests in JavacParserTest \+ JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the border incorrectly \+ JDK-8169475: WheelModifier.java fails by timeout \+ JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean \+ JDK-8209595: MonitorVmStartTerminate.java timed out \+ JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests \+ JDK-8261404: Class.getReflectionFactory() is not thread-safe \+ JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from \+ JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test \+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout \+ JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy \+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result \+ JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp \+ JDK-8272853: improve `JavadocTester.runTests` \+ JDK-8273454: C2: Transform (-a) _(-b) into a_ b \+ JDK-8274060: C2: Incorrect computation after JDK-8273454 \+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 \+ JDK-8274621: NullPointerException because listenAddress[0] is null \+ JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming \+ JDK-8274634: Use String.equals instead of String.compareTo in java.desktop \+ JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id \+ JDK-8278028: [test-library] Warnings cleanup of the test library \+ JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses \+ JDK-8278363: Create extented container test groups \+ JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env \+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+ JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp \+ JDK-8281585: Remove unused imports under test/lib and jtreg/gc \+ JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change \+ JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 \+ JDK-8283994: Make Xerces DatatypeException stackless \+ JDK-8286312: Stop mixing signed and unsigned types in bit operations \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with "Expected two batches of Active Setting events" \+ JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state \+ JDK-8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only" \+ JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" \+ JDK-8290041: ModuleDescriptor.hashCode is inconsistent \+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed \+ JDK-8292458: Atomic operations on scoped enums don't build with clang \+ JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" \+ JDK-8293117: Add atomic bitset functions \+ JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics \+ JDK-8294158: HTML formatting for PassFailJFrame instructions \+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure \+ JDK-8294535: Add screen capture functionality to PassFailJFrame \+ JDK-8295068: SSLEngine throws NPE parsing CertificateRequests \+ JDK-8295124: Atomic::add to pointer type may return wrong value \+ JDK-8295274: HelidonAppTest.java fails "assert(event->should_commit()) failed: invariant" from compiled frame" \+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts \+ JDK-8297968: Crash in PrintOptoAssembly \+ JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler \+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found \+ JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF \+ JDK-8301306: java/net/httpclient/ _fail with -Xcomp \+ JDK-8301310: The SendRawSysexMessage test may cause a JVM crash \+ JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 \+ JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library \+ JDK-8302017: Allocate BadPaddingException only if it will be thrown \+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java \+ JDK-8303605: Memory leaks in Metaspace gtests \+ JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM \+ JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure \+ JDK-8305356: Fix ignored bad CompileCommands in tests \+ JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests \+ JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address \+ JDK-8305962: update jcstress to 0.16 \+ JDK-8305972: Update XML Security for Java to 3.0.2 \+ JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate \+ JDK-8306408: Fix the format of several tables in building.md \+ JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock \+ JDK-8307926: Support byte-sized atomic bitset operations \+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' \+ JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it \+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating \+ JDK-8308245: Add -proc:full to describe current default annotation processing policy \+ JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use \+ JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition \+ JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout \+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop \+ JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton \+ JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing \+ JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers \+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails \+ JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work \+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing \+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out \+ JDK-8310838: Correct range notations in MethodTypeDesc specification \+ JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate \+ JDK-8310923: Refactor Currency tests to use JUnit \+ JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform \+ JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem \+ JDK-8311581: Remove obsolete code and comments in TestLVT.java \+ JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 \+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC \+ JDK-8312428: PKCS11 tests fail with NSS 3.91 \+ JDK-8312434: SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom" \+ JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 \+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+ JDK-8313206: PKCS11 tests silently skip execution \+ JDK-8313575: Refactor PKCS11Test tests \+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory \+ JDK-8313643: Update HarfBuzz to 8.2.2 \+ JDK-8313816: Accessing jmethodID might lead to spurious crashes \+ JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+ JDK-8314220: Configurable InlineCacheBuffer size \+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags \+ JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder \+ JDK-8315042: NPE in PKCS7.parseOldSignedData \+ JDK-8315594: Open source few headless Swing misc tests \+ JDK-8315600: Open source few more headless Swing misc tests \+ JDK-8315602: Open source swing security manager test \+ JDK-8315611: Open source swing text/html and tree test \+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+ JDK-8315731: Open source several Swing Text related tests \+ JDK-8315761: Open source few swing JList and JMenuBar tests \+ JDK-8315920: C2: "control input must dominate current control" assert failure \+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location \+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests \+ JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux \+ JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal \+ JDK-8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86 \+ JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests \+ JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC \+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless \+ JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable \+ JDK-8316693: Simplify at-requires checkDockerSupport() \+ JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries \+ JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly \+ JDK-8317039: Enable specifying the JDK used to run jtreg \+ JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le \+ JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information \+ JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) \+ JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma \+ JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 \+ JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued \+ JDK-8318154: Improve stability of WheelModifier.java test \+ JDK-8318183: C2: VM may crash after hitting node limit \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 \+ JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal \+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests \+ JDK-8318689: jtreg is confused when folder name is the same as the test name \+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" \+ JDK-8318951: Additional negative value check in JPEG decoding \+ JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+ JDK-8318957: Enhance agentlib:jdwp help output by info about allow option \+ JDK-8318961: increase javacserver connection timeout values and max retry attempts \+ JDK-8318971: Better Error Handling for Jar Tool When Processing Non- existent Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+ JDK-8319124: Update XML Security for Java to 3.0.3 \+ JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils \+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader \+ JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes \+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh \+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 \+ JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks \+ JDK-8320001: javac crashes while adding type annotations to the return type of a constructor \+ JDK-8320168: handle setsocktopt return values \+ JDK-8320208: Update Public Suffix List to b5bf572 \+ JDK-8320300: Adjust hs_err output in malloc/mmap error cases \+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity \+ JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly \+ JDK-8320798: Console read line with zero out should zero out underlying buffer \+ JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 \+ JDK-8320921: GHA: Parallelize hotspot_compiler test jobs \+ JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp \+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions \+ JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode \+ JDK-8321408: Add Certainly roots R1 and E1 \+ JDK-8321480: ISO 4217 Amendment 176 Update \+ JDK-8321599: Data loss in AVX3 Base64 decoding \+ JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint \+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform \+ JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size \+ JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces \+ JDK-8322417: Console read line with zero out should zero out when throwing exception \+ JDK-8322583: RISC-V: Enable fast class initialization checks \+ JDK-8322725: (tz) Update Timezone Data to 2023d \+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray \+ JDK-8322772: Clean up code after JDK-8322417 \+ JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output \+ JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests \+ JDK-8323008: filter out harmful -std_ flags added by autoconf from CXX \+ JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread \+ JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation \+ JDK-8323243: JNI invocation of an abstract instance method corrupts the stack \+ JDK-8323331: fix typo hpage_pdm_size \+ JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled \+ JDK-8323515: Create test alias "all" for all test roots \+ JDK-8323637: Capture hotspot replay files in GHA \+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed \+ JDK-8323806: [17u] VS2017 build fails with warning after 8293117\. \+ JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" \+ JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode \+ JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 \+ JDK-8324514: ClassLoaderData::print_on should print address of class loader \+ JDK-8324647: Invalid test group of lib-test after JDK-8323515 \+ JDK-8324659: GHA: Generic jtreg errors are not reported \+ JDK-8324937: GHA: Avoid multiple test suites per job \+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+ JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 \+ JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE \+ JDK-8327036: [macosx- aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 \+ JDK-8327391: Add SipHash attribution file \+ JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 * Removed the possibility to use the system timezone-java (bsc#1213470). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1499=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1499=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1499=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-demo-17.0.11.0-150400.3.42.1 * java-17-openjdk-devel-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-17.0.11.0-150400.3.42.1 * java-17-openjdk-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-src-17.0.11.0-150400.3.42.1 * java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 * openSUSE Leap 15.6 (noarch) * java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-devel-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-17.0.11.0-150400.3.42.1 * java-17-openjdk-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-demo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1213470 * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987

1 0

SUSE-SU-2024:2983-1: important: Security update for qemu
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for qemu Announcement ID: SUSE-SU-2024:2983-1 Rating: important References: * bsc#1227322 * bsc#1229007 Cross-References: * CVE-2024-4467 * CVE-2024-7409 CVSS scores: * CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-7409 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) * CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) * nbd/server: Close stray clients at server-stop * nbd/server: Drop non-negotiating clients * nbd/server: Cap default max-connections to 100 * nbd/server: Plumb in new args to nbd_client_add() * nbd: Minor style and typo fixes * Update qemu to version 8.2.6 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2983=1 openSUSE-SLE-15.6-2024-2983=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2983=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2983=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2983=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * qemu-chardev-baum-8.2.6-150600.3.9.1 * qemu-audio-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-block-iscsi-debuginfo-8.2.6-150600.3.9.1 * qemu-ksm-8.2.6-150600.3.9.1 * qemu-ui-curses-8.2.6-150600.3.9.1 * qemu-ppc-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-core-8.2.6-150600.3.9.1 * qemu-block-gluster-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.6-150600.3.9.1 * qemu-extra-8.2.6-150600.3.9.1 * qemu-img-8.2.6-150600.3.9.1 * qemu-ui-gtk-debuginfo-8.2.6-150600.3.9.1 * qemu-block-ssh-8.2.6-150600.3.9.1 * qemu-pr-helper-8.2.6-150600.3.9.1 * qemu-ui-spice-core-debuginfo-8.2.6-150600.3.9.1 * qemu-spice-8.2.6-150600.3.9.1 * qemu-ui-opengl-debuginfo-8.2.6-150600.3.9.1 * qemu-block-ssh-debuginfo-8.2.6-150600.3.9.1 * qemu-ppc-8.2.6-150600.3.9.1 * qemu-headless-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-debuginfo-8.2.6-150600.3.9.1 * qemu-block-iscsi-8.2.6-150600.3.9.1 * qemu-s390x-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-app-8.2.6-150600.3.9.1 * qemu-audio-dbus-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-8.2.6-150600.3.9.1 * qemu-chardev-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-opengl-8.2.6-150600.3.9.1 * qemu-accel-qtest-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-host-debuginfo-8.2.6-150600.3.9.1 * qemu-8.2.6-150600.3.9.1 * qemu-img-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-gtk-8.2.6-150600.3.9.1 * qemu-audio-pa-debuginfo-8.2.6-150600.3.9.1 * qemu-guest-agent-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-extra-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-jack-8.2.6-150600.3.9.1 * qemu-arm-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-8.2.6-150600.3.9.1 * qemu-hw-usb-host-8.2.6-150600.3.9.1 * qemu-audio-alsa-8.2.6-150600.3.9.1 * qemu-pr-helper-debuginfo-8.2.6-150600.3.9.1 * qemu-tools-8.2.6-150600.3.9.1 * qemu-block-dmg-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-8.2.6-150600.3.9.1 * qemu-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-curses-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-debugsource-8.2.6-150600.3.9.1 * qemu-block-nfs-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-arm-8.2.6-150600.3.9.1 * qemu-audio-jack-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.6-150600.3.9.1 * qemu-block-curl-8.2.6-150600.3.9.1 * qemu-accel-qtest-8.2.6-150600.3.9.1 * qemu-audio-pipewire-8.2.6-150600.3.9.1 * qemu-audio-alsa-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-oss-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-8.2.6-150600.3.9.1 * qemu-ui-spice-app-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-8.2.6-150600.3.9.1 * qemu-vhost-user-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-8.2.6-150600.3.9.1 * qemu-audio-oss-8.2.6-150600.3.9.1 * qemu-audio-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-dbus-8.2.6-150600.3.9.1 * qemu-lang-8.2.6-150600.3.9.1 * qemu-s390x-8.2.6-150600.3.9.1 * qemu-chardev-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-8.2.6-150600.3.9.1 * qemu-ui-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-debuginfo-8.2.6-150600.3.9.1 * qemu-block-nfs-8.2.6-150600.3.9.1 * qemu-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-chardev-baum-debuginfo-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-block-curl-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-8.2.6-150600.3.9.1 * qemu-block-gluster-8.2.6-150600.3.9.1 * qemu-guest-agent-8.2.6-150600.3.9.1 * qemu-vhost-user-gpu-8.2.6-150600.3.9.1 * qemu-audio-pipewire-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-debuginfo-8.2.6-150600.3.9.1 * qemu-block-dmg-debuginfo-8.2.6-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * qemu-vgabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-SLOF-8.2.6-150600.3.9.1 * qemu-seabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-skiboot-8.2.6-150600.3.9.1 * qemu-ipxe-8.2.6-150600.3.9.1 * qemu-doc-8.2.6-150600.3.9.1 * qemu-microvm-8.2.6-150600.3.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-8.2.6-150600.3.9.1 * qemu-block-rbd-debuginfo-8.2.6-150600.3.9.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * qemu-pr-helper-8.2.6-150600.3.9.1 * qemu-pr-helper-debuginfo-8.2.6-150600.3.9.1 * qemu-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-img-debuginfo-8.2.6-150600.3.9.1 * qemu-tools-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-img-8.2.6-150600.3.9.1 * SUSE Package Hub 15 15-SP6 (noarch) * qemu-vgabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-SLOF-8.2.6-150600.3.9.1 * qemu-seabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-skiboot-8.2.6-150600.3.9.1 * qemu-microvm-8.2.6-150600.3.9.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * qemu-vhost-user-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-8.2.6-150600.3.9.1 * qemu-audio-oss-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-8.2.6-150600.3.9.1 * qemu-chardev-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-opengl-8.2.6-150600.3.9.1 * qemu-accel-qtest-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-s390x-8.2.6-150600.3.9.1 * qemu-chardev-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-8.2.6-150600.3.9.1 * qemu-ppc-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-gtk-8.2.6-150600.3.9.1 * qemu-ui-spice-core-8.2.6-150600.3.9.1 * qemu-block-gluster-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-debugsource-8.2.6-150600.3.9.1 * qemu-audio-pa-debuginfo-8.2.6-150600.3.9.1 * qemu-block-nfs-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-arm-8.2.6-150600.3.9.1 * qemu-extra-8.2.6-150600.3.9.1 * qemu-audio-jack-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-gtk-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-8.2.6-150600.3.9.1 * qemu-block-nfs-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-extra-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.6-150600.3.9.1 * qemu-audio-jack-8.2.6-150600.3.9.1 * qemu-arm-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-opengl-debuginfo-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-ui-spice-core-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-8.2.6-150600.3.9.1 * qemu-block-gluster-8.2.6-150600.3.9.1 * qemu-ppc-8.2.6-150600.3.9.1 * qemu-accel-qtest-8.2.6-150600.3.9.1 * qemu-audio-alsa-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-debuginfo-8.2.6-150600.3.9.1 * qemu-block-dmg-8.2.6-150600.3.9.1 * qemu-vhost-user-gpu-8.2.6-150600.3.9.1 * qemu-s390x-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-alsa-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-oss-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-8.2.6-150600.3.9.1 * qemu-ui-spice-app-8.2.6-150600.3.9.1 * qemu-linux-user-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-app-debuginfo-8.2.6-150600.3.9.1 * qemu-block-dmg-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * qemu-chardev-baum-8.2.6-150600.3.9.1 * qemu-audio-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-chardev-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-block-iscsi-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-ksm-8.2.6-150600.3.9.1 * qemu-ui-opengl-8.2.6-150600.3.9.1 * qemu-hw-usb-host-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-dbus-8.2.6-150600.3.9.1 * qemu-8.2.6-150600.3.9.1 * qemu-lang-8.2.6-150600.3.9.1 * qemu-ui-curses-8.2.6-150600.3.9.1 * qemu-chardev-spice-8.2.6-150600.3.9.1 * qemu-block-rbd-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-curses-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-core-8.2.6-150600.3.9.1 * qemu-ui-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-block-rbd-8.2.6-150600.3.9.1 * qemu-block-nfs-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-debuginfo-8.2.6-150600.3.9.1 * qemu-guest-agent-debuginfo-8.2.6-150600.3.9.1 * qemu-block-ssh-8.2.6-150600.3.9.1 * qemu-block-nfs-8.2.6-150600.3.9.1 * qemu-ui-spice-core-debuginfo-8.2.6-150600.3.9.1 * qemu-chardev-baum-debuginfo-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-8.2.6-150600.3.9.1 * qemu-block-ssh-debuginfo-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-spice-8.2.6-150600.3.9.1 * qemu-block-curl-8.2.6-150600.3.9.1 * qemu-ui-opengl-debuginfo-8.2.6-150600.3.9.1 * qemu-block-curl-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-host-8.2.6-150600.3.9.1 * qemu-headless-8.2.6-150600.3.9.1 * qemu-guest-agent-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pipewire-8.2.6-150600.3.9.1 * qemu-block-iscsi-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-8.2.6-150600.3.9.1 * qemu-audio-pipewire-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-dbus-8.2.6-150600.3.9.1 * qemu-audio-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64) * qemu-arm-debuginfo-8.2.6-150600.3.9.1 * qemu-arm-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (noarch) * qemu-vgabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-SLOF-8.2.6-150600.3.9.1 * qemu-skiboot-8.2.6-150600.3.9.1 * qemu-seabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-ipxe-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le x86_64) * qemu-ui-gtk-8.2.6-150600.3.9.1 * qemu-ui-spice-app-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-app-8.2.6-150600.3.9.1 * qemu-ui-gtk-debuginfo-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (ppc64le) * qemu-ppc-8.2.6-150600.3.9.1 * qemu-ppc-debuginfo-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.6-150600.3.9.1 * qemu-s390x-8.2.6-150600.3.9.1 * qemu-s390x-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (x86_64) * qemu-audio-alsa-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-8.2.6-150600.3.9.1 * qemu-audio-alsa-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-8.2.6-150600.3.9.1 * qemu-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-8.2.6-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4467.html * https://www.suse.com/security/cve/CVE-2024-7409.html * https://bugzilla.suse.com/show_bug.cgi?id=1227322 * https://bugzilla.suse.com/show_bug.cgi?id=1229007

1 0

SUSE-SU-2024:2786-1: important: Security update for java-1_8_0-openjdk
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2024:2786-1 Rating: important References: * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 * bsc#1228052 Cross-References: * CVE-2024-21131 * CVE-2024-21138 * CVE-2024-21140 * CVE-2024-21144 * CVE-2024-21145 * CVE-2024-21147 CVSS scores: * CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21144 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u422 (icedtea-3.32.0): * Security fixes * JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports * JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage * JDK-8320097: Improve Image transformations * JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling * JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading * JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management * JDK-8323390: Enhance mask blit functionality * JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling * JDK-8325600: Better symbol storage * Import of OpenJDK 8 u422 build 05 * JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 * JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings * JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/ /bug7123767.java: number of checked graphics configurations should be limited * JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails * JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails * JDK-8205407: [windows, vs<2017] C4800 after 8203197 * JDK-8235834: IBM-943 charset encoder needs updating * JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" * JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled * JDK-8256152: tests fail because of ambiguous method resolution * JDK-8258855: Two tests sun/security/krb5/auto/ /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 * JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. * JDK-8268916: Tests for AffirmTrust roots * JDK-8278067: Make HttpURLConnection default keep alive timeout configurable * JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 * JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value * JDK-8291638: Keep-Alive timeout of 0 should close connection immediately * JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections * JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL * JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM * JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 * JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. * JDK-8316138: Add GlobalSign 2 TLS root certificates * JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows * JDK-8320005: Allow loading of shared objects with .a extension on AIX * JDK-8324185: [8u] Accept Xcode 12+ builds on macOS * JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing * JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test * JDK-8326686: Bump update version of OpenJDK: 8u422 * JDK-8327440: Fix "bad source file" error during beaninfo generation * JDK-8328809: [8u] Problem list some CA tests * JDK-8328825: Google CAInterop test failures * JDK-8329544: [8u] sun/security/krb5/auto/ /ReplayCacheTestProc.java cannot find the testlibrary * JDK-8331791: [8u] AIX build break from JDK-8320005 backport * JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test * JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes * Bug fixes * JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye * JDK-8333669: [8u] GHA: Dead VS2010 download link * JDK-8318039: GHA: Bump macOS and Xcode versions ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2786=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2786=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-2786=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-2786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2786=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2786=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2786=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-src-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-accessibility-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-src-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-accessibility-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.6 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.422-150000.3.97.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21131.html * https://www.suse.com/security/cve/CVE-2024-21138.html * https://www.suse.com/security/cve/CVE-2024-21140.html * https://www.suse.com/security/cve/CVE-2024-21144.html * https://www.suse.com/security/cve/CVE-2024-21145.html * https://www.suse.com/security/cve/CVE-2024-21147.html * https://bugzilla.suse.com/show_bug.cgi?id=1228046 * https://bugzilla.suse.com/show_bug.cgi?id=1228047 * https://bugzilla.suse.com/show_bug.cgi?id=1228048 * https://bugzilla.suse.com/show_bug.cgi?id=1228050 * https://bugzilla.suse.com/show_bug.cgi?id=1228051 * https://bugzilla.suse.com/show_bug.cgi?id=1228052

1 0

SUSE-SU-2024:2980-1: important: Security update for kernel-firmware
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for kernel-firmware Announcement ID: SUSE-SU-2024:2980-1 Rating: important References: * bsc#1229069 Cross-References: * CVE-2023-31315 CVSS scores: * CVE-2023-31315 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2980=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2980=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2980=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2980=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2980=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2980=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2980=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2980=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2980=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2980=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2980=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2980=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2980=1 ## Package List: * openSUSE Leap 15.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Manager Proxy 4.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Manager Server 4.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31315.html * https://bugzilla.suse.com/show_bug.cgi?id=1229069

1 0

SUSE-SU-2024:2982-1: important: Security update for python311
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for python311 Announcement ID: SUSE-SU-2024:2982-1 Rating: important References: * bsc#1225660 * bsc#1226447 * bsc#1226448 * bsc#1227378 * bsc#1227999 * bsc#1228780 Cross-References: * CVE-2023-27043 * CVE-2024-0397 * CVE-2024-4032 * CVE-2024-6923 CVSS scores: * CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for python311 fixes the following issues: Security issues fixed: * CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233) * CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448) Non-security issues fixed: * Fixed executable bits for /usr/bin/idle* (bsc#1227378). * Improve python reproducible builds (bsc#1227999) * Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) * %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-2982=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2982=1 openSUSE-SLE-15.6-2024-2982=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2982=1 ## Package List: * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-3.11.9-150600.3.3.1 * python311-idle-3.11.9-150600.3.3.1 * python311-dbm-3.11.9-150600.3.3.1 * python311-devel-3.11.9-150600.3.3.1 * python311-core-debugsource-3.11.9-150600.3.3.1 * python311-debuginfo-3.11.9-150600.3.3.1 * python311-curses-3.11.9-150600.3.3.1 * python311-tk-3.11.9-150600.3.3.1 * python311-tk-debuginfo-3.11.9-150600.3.3.1 * python311-tools-3.11.9-150600.3.3.1 * python311-dbm-debuginfo-3.11.9-150600.3.3.1 * python311-curses-debuginfo-3.11.9-150600.3.3.1 * python311-debugsource-3.11.9-150600.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python311-doc-devhelp-3.11.9-150600.3.3.1 * python311-dbm-3.11.9-150600.3.3.1 * python311-tk-3.11.9-150600.3.3.1 * python311-debuginfo-3.11.9-150600.3.3.1 * python311-tools-3.11.9-150600.3.3.1 * python311-testsuite-3.11.9-150600.3.3.1 * python311-base-3.11.9-150600.3.3.1 * python311-idle-3.11.9-150600.3.3.1 * libpython3_11-1_0-3.11.9-150600.3.3.1 * python311-curses-3.11.9-150600.3.3.1 * python311-doc-3.11.9-150600.3.3.1 * python311-3.11.9-150600.3.3.1 * python311-devel-3.11.9-150600.3.3.1 * python311-core-debugsource-3.11.9-150600.3.3.1 * python311-testsuite-debuginfo-3.11.9-150600.3.3.1 * python311-tk-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-debuginfo-3.11.9-150600.3.3.1 * python311-dbm-debuginfo-3.11.9-150600.3.3.1 * python311-base-debuginfo-3.11.9-150600.3.3.1 * python311-curses-debuginfo-3.11.9-150600.3.3.1 * python311-debugsource-3.11.9-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * python311-32bit-3.11.9-150600.3.3.1 * python311-base-32bit-3.11.9-150600.3.3.1 * python311-32bit-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-32bit-3.11.9-150600.3.3.1 * python311-base-32bit-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-32bit-debuginfo-3.11.9-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_11-1_0-64bit-debuginfo-3.11.9-150600.3.3.1 * python311-64bit-debuginfo-3.11.9-150600.3.3.1 * python311-base-64bit-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-64bit-3.11.9-150600.3.3.1 * python311-64bit-3.11.9-150600.3.3.1 * python311-base-64bit-3.11.9-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-3.11.9-150600.3.3.1 * python311-core-debugsource-3.11.9-150600.3.3.1 * python311-base-debuginfo-3.11.9-150600.3.3.1 * python311-base-3.11.9-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27043.html * https://www.suse.com/security/cve/CVE-2024-0397.html * https://www.suse.com/security/cve/CVE-2024-4032.html * https://www.suse.com/security/cve/CVE-2024-6923.html * https://bugzilla.suse.com/show_bug.cgi?id=1225660 * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 * https://bugzilla.suse.com/show_bug.cgi?id=1227378 * https://bugzilla.suse.com/show_bug.cgi?id=1227999 * https://bugzilla.suse.com/show_bug.cgi?id=1228780

1 0

SUSE-SU-2024:2984-1: important: Security update for libqt5-qt3d
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for libqt5-qt3d Announcement ID: SUSE-SU-2024:2984-1 Rating: important References: * bsc#1228204 Cross-References: * CVE-2024-40724 CVSS scores: * CVE-2024-40724 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40724 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qt3d fixes the following issues: * CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class (bsc#1228204) * Checked for a nullptr returned from the shader manager * Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call * Fixed QTextureAtlas parenting that could lead to crashes due to being used after free'd ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2984=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2984=1 openSUSE-SLE-15.6-2024-2984=1 ## Package List: * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libQt53DInput5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-tools-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-5.15.12+kde0-150600.3.3.1 * libQt53DQuick-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-5.15.12+kde0-150600.3.3.1 * libQt53DExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debugsource-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-5.15.12+kde0-150600.3.3.1 * libQt53DRender-devel-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DCore-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D-devel-5.15.12+kde0-150600.3.3.1 * libQt53DLogic-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-5.15.12+kde0-150600.3.3.1 * Desktop Applications Module 15-SP6 (noarch) * libqt5-qt3d-private-headers-devel-5.15.12+kde0-150600.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libQt53DInput5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-tools-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-5.15.12+kde0-150600.3.3.1 * libQt53DQuick-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-examples-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-5.15.12+kde0-150600.3.3.1 * libQt53DExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debugsource-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-examples-5.15.12+kde0-150600.3.3.1 * libQt53DRender-devel-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DCore-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D-devel-5.15.12+kde0-150600.3.3.1 * libQt53DLogic-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-5.15.12+kde0-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * libqt5-qt3d-private-headers-devel-5.15.12+kde0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40724.html * https://bugzilla.suse.com/show_bug.cgi?id=1228204

1 0

SUSE-SU-2024:2985-1: important: Security update for libqt5-qtquick3d
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for libqt5-qtquick3d Announcement ID: SUSE-SU-2024:2985-1 Rating: important References: * bsc#1228199 Cross-References: * CVE-2024-40724 CVSS scores: * CVE-2024-40724 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40724 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qtquick3d fixes the following issues: * CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class (bsc#1228199) * Fixed progressive anti-aliasing, which doesn't work if any object in the scene used a PrincipledMaterial * Fixed a crash when a custom material/effect shader variable changes * Skipped processing unknown uniforms, as those that are vendor specific ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2985=1 openSUSE-SLE-15.6-2024-2985=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2985=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libqt5-qtquick3d-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-examples-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-imports-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-private-headers-devel-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-tools-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-examples-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-tools-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-imports-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-devel-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-debugsource-5.15.12+kde1-150600.3.3.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * libqt5-qtquick3d-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-debugsource-5.15.12+kde1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40724.html * https://bugzilla.suse.com/show_bug.cgi?id=1228199

1 0

SUSE-SU-2024:2976-1: important: Security update for libqt5-qt3d
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for libqt5-qt3d Announcement ID: SUSE-SU-2024:2976-1 Rating: important References: * bsc#1228204 Cross-References: * CVE-2024-40724 CVSS scores: * CVE-2024-40724 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40724 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qt3d fixes the following issues: * CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228204) Other fixes: \- Check for a nullptr returned from the shader manager \- Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call \- Fix QTextureAtlas parenting that could lead to crashes due to being used after free'd. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2976=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2976=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2976=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2976=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2976=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2976=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-examples-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-examples-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40724.html * https://bugzilla.suse.com/show_bug.cgi?id=1228204

1 0

SUSE-SU-2024:2974-1: important: Security update for python310
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for python310 Announcement ID: SUSE-SU-2024:2974-1 Rating: important References: * bsc#1225660 * bsc#1227378 * bsc#1227999 * bsc#1228780 Cross-References: * CVE-2024-6923 CVSS scores: * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability and has three security fixes can now be installed. ## Description: This update for python310 fixes the following issues: Security issue fixed: * CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Non-security issues fixed: * Improve python reproducible builds (bsc#1227999) * Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) * Fixed executable bits for /usr/bin/idle* (bsc#1227378). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2974=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2974=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2974=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2974=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2974=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2974=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2974=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2974=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-testsuite-debuginfo-3.10.14-150400.4.54.1 * python310-testsuite-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-doc-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-doc-devhelp-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * openSUSE Leap 15.5 (x86_64) * python310-32bit-3.10.14-150400.4.54.1 * python310-base-32bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-32bit-3.10.14-150400.4.54.1 * python310-32bit-debuginfo-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-debuginfo-3.10.14-150400.4.54.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-testsuite-debuginfo-3.10.14-150400.4.54.1 * python310-testsuite-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-doc-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-doc-devhelp-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * openSUSE Leap 15.6 (x86_64) * python310-32bit-3.10.14-150400.4.54.1 * python310-base-32bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-32bit-3.10.14-150400.4.54.1 * python310-32bit-debuginfo-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-testsuite-debuginfo-3.10.14-150400.4.54.1 * python310-testsuite-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-doc-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-doc-devhelp-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * openSUSE Leap 15.4 (x86_64) * python310-32bit-3.10.14-150400.4.54.1 * python310-base-32bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-32bit-3.10.14-150400.4.54.1 * python310-32bit-debuginfo-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-debuginfo-3.10.14-150400.4.54.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_10-1_0-64bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-64bit-3.10.14-150400.4.54.1 * python310-64bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-64bit-3.10.14-150400.4.54.1 * python310-64bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-64bit-debuginfo-3.10.14-150400.4.54.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6923.html * https://bugzilla.suse.com/show_bug.cgi?id=1225660 * https://bugzilla.suse.com/show_bug.cgi?id=1227378 * https://bugzilla.suse.com/show_bug.cgi?id=1227999 * https://bugzilla.suse.com/show_bug.cgi?id=1228780

1 0

SUSE-SU-2024:2961-1: moderate: Security update for osc
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for osc Announcement ID: SUSE-SU-2024:2961-1 Rating: moderate References: * bsc#1122683 * bsc#1212476 * bsc#1218170 * bsc#1221340 * bsc#1225911 Cross-References: * CVE-2024-22034 CVSS scores: * CVE-2024-22034 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has four security fixes can now be installed. ## Description: This update for osc fixes the following issues: * 1.9.0 * Security: * Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911) Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. * Command-line: * Introduce build --checks parameter * Library: * OscConfigParser: Remove automatic **name** option * 1.8.3 * Command-line: * Change 'repairwc' command to always run all repair steps * Library: * Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional * Fix colorize() to avoid wrapping empty string into color escape sequences * Provide default values for kwargs.get/pop in get_results() function * 1.8.2 * Library: * Change 'repairwc' command to fix missing .osc/_osclib_version * Make error message in check_store_version() more generic to work for both projects and packages * Fix check_store_version in project store * 1.8.1 * Command-line: * Fix 'linkpac' command crash when used with '\--disable-build' or '\--disable-publish' option * 1.8.0 * Command-line: * Improve 'submitrequest' command to inherit description from superseded request * Fix 'mv' command when renaming a file multiple times * Improve 'info' command to support projects * Improve 'getbinaries' command by accepting '-M' / '\--multibuild-package' option outside checkouts * Add architecture filtering to 'release' command * Change 'results' command so the normal and multibuild packages have the same output * Change 'results' command to use csv writer instead of formatting csv as string * Add couple mutually exclusive options errors to 'results' command * Set a default value for 'results --format' only for the csv output * Add support for 'results --format' for the default text mode * Update help text for '\--format' option in 'results' command * Add 'results --fail-on-error/-F' flag * Redirect venv warnings from stderr to debug output * Configuration: * Fix config parser to throw an exception on duplicate sections or options * Modify conf.get_config() to print permissions warning to stderr rather than stdout * Library: * Run check_store_version() in obs_scm.Store and fix related code in Project and Package * Forbid extracting files with absolute path from 'cpio' archives (bsc#1122683) * Forbid extracting files with absolute path from 'ar' archives (bsc#1122683) * Remove no longer valid warning from core.unpack_srcrpm() * Make obs_api.KeyinfoSslcert keyid and fingerprint fields optional * Fix return value in build build.create_build_descr_data() * Fix core.get_package_results() to obey 'multibuild_packages' argument * Tests: * Fix tests so they don't modify fixtures * 1.7.0 * Command-line: * Add 'person search' command * Add 'person register' command * Add '-M/--multibuild-package' option to '[what]dependson' commands * Update '-U/--user' option in 'maintainer' command to accept also an email address * Fix 'branch' command to allow using '\--new-package' option on packages that do not exist * Fix 'buildinfo' command to include obs:cli_debug_packages by default * Fix 'buildinfo' command to send complete local build environment as the 'build' command does * Fix 'maintainer --devel-project' to raise an error if running outside a working copy without any arguments * Fix handling arguments in 'service remoterun prj/pac' * Fix 'rebuild' command so the '\--all' option conflicts with the 'package' argument * Fix crash when removing 'scmsync' element from dst package meta in 'linkpac' command * Fix crash when reading dst package meta in 'linkpac' command * Allow `osc rpmlint` to infer prj/pkg from CWD * Propagate exit code from the run() and do_() commandline methods * Give a hint where a scmsync git is hosted * Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec * Improve 'updatepacmetafromspec' command to expand rpm spec macros by calling rpmspec to query the data * Improve 'build' and 'buildinfo' commands by uploading *.inc files to OBS for parsing BuildRequires (bsc#1221340) * Improve 'service' command by printing names of running services * Improve 'getbinaries' command by ignoring source and debuginfo filters when a binary name is specified * Change 'build' command to pass '\--jobs' option to 'build' tool only if 'build_jobs' > 0 * Clarify 'list' command's help that that listing binaries doesn't contain md5 checksums * Improve 'log' command: produce proper CSV and XML outputs, add -p/--patch option for the text output * Allow setlinkrev to set a specific vrev * Document '\--buildtool-opt=--noclean' example in 'build' command's help * Fix handling the default package argument on the command-line * Configuration: * Document loading configuration from env variables * Connection: * Don't retry on error 400 * Remove now unused 'retry_on_400' http_request() option from XmlModel * Revert "Don't retry on 400 HTTP status code in core.server_diff()" * Revert "connection: Allow disabling retry on 400 HTTP status code" * Authentication: * Update SignatureAuthHandler to support specifying ssh key by its fingerprint * Use ssh key from ssh agent that contains comment 'obs=<apiurl-hostname>' * Use strings instead of bytes in SignatureAuthHandler * Cache password from SecretService to avoid spamming user with an accept dialog * Never ask for credentials when displaying help * Remove unused SignatureAuthHandler.get_fingerprint() * Library: * Add rootless build support for 'qemu' VM type * Support package linking of packages from scmsync projects * Fix do_createrequest() function to return None instead of request id * Replace invalid 'if' with 'elif' in BaseModel.dict() * Fix crash when no prefered packages are defined * Add XmlModel class that encapsulates manipulation with XML * Add obs_api.Person.cmd_register() for registering new users * Fix conf.get_config() to ignore file type bits when comparing oscrc perms * Fix conf.get_config() to correctly handle overrides when env variables are set * Fix output.tty.IS_INTERACTIVE when os.isatty() throws OSError * Improve cmdln.HelpFormatter to obey newline characters * Update list of color codes in 'output.tty' module * Remove core.setDevelProject() in favor of core.set_devel_project() * Move removing control characters to output.sanitize_text() * Improve sanitize_text() to keep selected CSI escape sequences * Add output.pipe_to_pager() that pipes lines to a pager without creating an intermediate temporary file * Fix output.safe_write() in connection with NamedTemporaryFile * Modernize output.run_pager() * Extend output.print_msg() to accept 'error' and 'warning' values of 'to_print' argument * Add XPathQuery class for translating keyword arguments to an xpath query * Add obs_api.Keyinfo class * Add obs_api.Package class * Add Package.get_revision_list() for listing commit log * Add obs_api.PackageSources class for handling OBS SCM sources * Add obs_api.Person class * Add obs_api.Project class * Add obs_api.Request class * Add obs_api.Token class * Allow storing apiurl in the XmlModel instances * Allow retrieving default field value from top-level model * Fix BaseModel to convert dictionaries to objects on retrieving a model list * Fix BaseModel to always deepcopy mutable defaults on first use * Implement do_snapshot() and has_changed() methods to determine changes in BaseModel * Implement total ordering on BaseModel * Add comments with available attributes/elements to edited XML * Refactoring: * Migrate repo {list,add,remove} commands to obs_api.Project * Migrate core.show_package_disabled_repos() to obs_api.Package * Migrate core.Package.update_package_meta() to obs_api.Package * Migrate core.get_repos_of_project() to obs_api.Project * Migrate core.get_repositories_of_project() to obs_api.Project * Migrate core.show_scmsync() to obs_api.{Package,Project} * Migrate core.set_devel_project() to obs_api.Package * Migrate core.show_devel_project() to obs_api.Package * Migrate Fetcher.run() to obs_api.Keyinfo * Migrate core.create_submit_request() to obs_api.Request * Migrate 'token' command to obs_api.Token * Migrate 'whois/user' command to obs_api.Person * Migrate 'signkey' command to obs_api.Keyinfo * Move print_msg() to the 'osc.output' module * Move run_pager() and get_default_pager() from 'core' to 'output' module * Move core.Package to obs_scm.Package * Move core.Project to obs_scm.Project * Move functions manipulating store from core to obs_scm.store * Move store.Store to obs_scm.Store * Move core.Linkinfo to obs_scm.Linkinfo * Move core.Serviceinfo to obs_scm.Serviceinfo * Move core.File to obs_scm.File * Merge _private.project.ProjectMeta into obs_api.Project * Spec: * Remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476) * 1.6.2 * Command-line: * Fix 'branch' command to allow using '\--new-package' option on packages that do not exist * Fix 'buildinfo' command to include obs:cli_debug_packages by default * Fix 'buildinfo' command to send complete local build environment as the 'build' command does * Allow `osc rpmlint` to infer prj/pkg from CWD * Propagate exit code from the run() and do_() commandline methods * Give a hint where a scmsync git is hosted * Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec * Authentication: * Cache password from SecretService to avoid spamming user with an accept dialog * Never ask for credentials when displaying help * Library: * Support package linking of packages from scmsync projects * Fix do_createrequest() function to return None instead of request id * Replace invalid 'if' with 'elif' in BaseModel.dict() * Fix crash when no prefered packages are defined * 1.6.1 * Command-line: * Use busybox compatible commands for completion * Change 'wipe' command to use the new get_user_input() function * Fix error 500 in running 'meta attribute <prj>' * Configuration: * Fix resolving config symlink to the actual config file * Honor XDG_CONFIG_HOME and XDG_CACHE_HOME env vars * Warn about ignoring XDG_CONFIG_HOME and ~/.config/osc/oscrc if ~/.oscrc exists * Library: * Error out when branching a scmsync package * New get_user_input() function for consistent handling of user input * Move xml_indent, xml_quote and xml_unquote to osc.util.xml module * Refactor makeurl(), deprecate query taking string or list arguments, drop osc_urlencode() * Remove all path quoting, rely on makeurl() * Always use dict query in makeurl() * Fix core.slash_split() to strip both leading and trailing slashes * 1.6.0 * Command-line: * The 'token --trigger' command no longer sets '\--operation=runservice' by default. * Change 'token --create' command to require '\--operation' * Fix 'linkdiff' command error 400: prj/pac/md5 not in repository * Update 'build' command to support building 'productcompose' build type with updateinfo.xml data * Don't show meter in terminals that are not interactive * Fix traceback when running osc from an arbitrary git repo that fails to map branch to a project (bsc#1218170) * Configuration: * Implement reading credentials from environmental variables * Allow starting with an empty config if --configfile is either empty or points to /dev/null * Implement 'quiet' conf option * Password can be an empty string (commonly used with ssh auth) * Connection: * Allow -X HEAD on osc api requests as well * Library: * Fix credentials managers to consistently return Password * Fix Password.encode() on python < 3.8 * Refactor 'meter' module, use config settings to pick the right class * Convert to using f-strings * Use Field.get_callback to handle quiet/verbose and http_debug/http_full_debug options * Implement get_callback that allows modifying returned value to the Field class * Add support for List[BaseModel] type to Field class * Report class name when reporting an error during instantiating BaseModel object * Fix exporting an empty model field in BaseModel.dict() * Fix initializing a sub-model instance from a dictionary * Implement 'Enum' support in models * Fix Field.origin_type for Optional types * Drop unused 'exclude_unset' argument from BaseModel.dict() method * Store cached model defaults in self._defaults, avoid sharing references to mutable defaults * Limit model attributes to predefined fields by forbidding creating new attributes on fly * Store model values in self._values dict instead of private attributes * Spec: * Recommend openssh-clients for ssh-add that is required during ssh auth * Add 0%{?amzn} macro that wasn't usptreamed ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2961=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2961=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2961=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2961=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2961=1 ## Package List: * openSUSE Leap 15.4 (noarch) * osc-1.9.0-150400.10.6.1 * openSUSE Leap 15.5 (noarch) * osc-1.9.0-150400.10.6.1 * openSUSE Leap 15.6 (noarch) * osc-1.9.0-150400.10.6.1 * Development Tools Module 15-SP5 (noarch) * osc-1.9.0-150400.10.6.1 * Development Tools Module 15-SP6 (noarch) * osc-1.9.0-150400.10.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22034.html * https://bugzilla.suse.com/show_bug.cgi?id=1122683 * https://bugzilla.suse.com/show_bug.cgi?id=1212476 * https://bugzilla.suse.com/show_bug.cgi?id=1218170 * https://bugzilla.suse.com/show_bug.cgi?id=1221340 * https://bugzilla.suse.com/show_bug.cgi?id=1225911

1 0

SUSE-SU-2024:2970-1: moderate: Security update for python-WebOb
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-WebOb Announcement ID: SUSE-SU-2024:2970-1 Rating: moderate References: * bsc#1229221 Cross-References: * CVE-2024-42353 CVSS scores: * CVE-2024-42353 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-WebOb fixes the following issues: * CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header (bsc#1229221) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2970=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2970=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-WebOb-1.8.7-150400.11.6.1 * openSUSE Leap 15.6 (noarch) * python311-WebOb-1.8.7-150400.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-42353.html * https://bugzilla.suse.com/show_bug.cgi?id=1229221

1 0

SUSE-SU-2024:1464-1: important: Security update for jasper
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for jasper Announcement ID: SUSE-SU-2024:1464-1 Rating: important References: * bsc#1223155 Cross-References: * CVE-2024-31744 CVSS scores: * CVE-2024-31744 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for jasper fixes the following issues: * CVE-2024-31744: Fixed denial of service through assertion failure in jpc_streamlist_remove() (bsc#1223155). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1464=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1464=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1464=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1464=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1464=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1464=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1464=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1464=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1464=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1464=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1464=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1464=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1464=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1464=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1464=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1464=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1464=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1464=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * jasper-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * openSUSE Leap 15.5 (x86_64) * libjasper4-32bit-2.0.14-150000.3.34.1 * libjasper4-32bit-debuginfo-2.0.14-150000.3.34.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Manager Proxy 4.3 (x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31744.html * https://bugzilla.suse.com/show_bug.cgi?id=1223155

1 0

SUSE-SU-2024:1486-1: moderate: Security update for cosign
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for cosign Announcement ID: SUSE-SU-2024:1486-1 Rating: moderate References: * bsc#1222835 * bsc#1222837 * jsc#SLE-23879 Cross-References: * CVE-2024-29902 * CVE-2024-29903 CVSS scores: * CVE-2024-29902 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-29903 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: * CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835) * CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837) Other fixes: \- Updated to 2.2.4 (jsc#SLE-23879) * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1486=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1486=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1486=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-debuginfo-2.2.4-150400.3.20.1 * cosign-2.2.4-150400.3.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cosign-2.2.4-150400.3.20.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cosign-2.2.4-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29902.html * https://www.suse.com/security/cve/CVE-2024-29903.html * https://bugzilla.suse.com/show_bug.cgi?id=1222835 * https://bugzilla.suse.com/show_bug.cgi?id=1222837 * https://jira.suse.com/browse/SLE-23879

1 0

SUSE-SU-2024:1489-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:1489-1 Rating: important References: * bsc#1184942 * bsc#1186060 * bsc#1192145 * bsc#1194516 * bsc#1208995 * bsc#1209635 * bsc#1209657 * bsc#1212514 * bsc#1213456 * bsc#1217987 * bsc#1217988 * bsc#1217989 * bsc#1218336 * bsc#1218447 * bsc#1218479 * bsc#1218562 * bsc#1219170 * bsc#1219264 * bsc#1220320 * bsc#1220340 * bsc#1220366 * bsc#1220400 * bsc#1220411 * bsc#1220413 * bsc#1220414 * bsc#1220425 * bsc#1220426 * bsc#1220429 * bsc#1220432 * bsc#1220442 * bsc#1220445 * bsc#1220465 * bsc#1220468 * bsc#1220475 * bsc#1220484 * bsc#1220486 * bsc#1220487 * bsc#1220516 * bsc#1220521 * bsc#1220528 * bsc#1220529 * bsc#1220532 * bsc#1220554 * bsc#1220556 * bsc#1220557 * bsc#1220560 * bsc#1220561 * bsc#1220566 * bsc#1220575 * bsc#1220580 * bsc#1220583 * bsc#1220611 * bsc#1220615 * bsc#1220621 * bsc#1220625 * bsc#1220630 * bsc#1220631 * bsc#1220638 * bsc#1220639 * bsc#1220640 * bsc#1220641 * bsc#1220662 * bsc#1220663 * bsc#1220669 * bsc#1220670 * bsc#1220677 * bsc#1220678 * bsc#1220685 * bsc#1220687 * bsc#1220688 * bsc#1220692 * bsc#1220697 * bsc#1220703 * bsc#1220706 * bsc#1220733 * bsc#1220734 * bsc#1220739 * bsc#1220743 * bsc#1220745 * bsc#1220749 * bsc#1220751 * bsc#1220753 * bsc#1220758 * bsc#1220759 * bsc#1220764 * bsc#1220768 * bsc#1220769 * bsc#1220777 * bsc#1220779 * bsc#1220785 * bsc#1220790 * bsc#1220794 * bsc#1220824 * bsc#1220826 * bsc#1220829 * bsc#1220836 * bsc#1220846 * bsc#1220850 * bsc#1220861 * bsc#1220871 * bsc#1220883 * bsc#1220946 * bsc#1220954 * bsc#1220969 * bsc#1220979 * bsc#1220982 * bsc#1220985 * bsc#1220987 * bsc#1221015 * bsc#1221044 * bsc#1221058 * bsc#1221061 * bsc#1221077 * bsc#1221088 * bsc#1221276 * bsc#1221293 * bsc#1221532 * bsc#1221534 * bsc#1221541 * bsc#1221548 * bsc#1221552 * bsc#1221575 * bsc#1221605 * bsc#1221606 * bsc#1221608 * bsc#1221830 * bsc#1221931 * bsc#1221932 * bsc#1221934 * bsc#1221935 * bsc#1221949 * bsc#1221952 * bsc#1221965 * bsc#1221966 * bsc#1221969 * bsc#1221973 * bsc#1221974 * bsc#1221978 * bsc#1221989 * bsc#1221990 * bsc#1221991 * bsc#1221992 * bsc#1221993 * bsc#1221994 * bsc#1221996 * bsc#1221997 * bsc#1221998 * bsc#1221999 * bsc#1222000 * bsc#1222001 * bsc#1222002 * bsc#1222003 * bsc#1222004 * bsc#1222117 * bsc#1222422 * bsc#1222585 * bsc#1222619 * bsc#1222660 * bsc#1222664 * bsc#1222669 * bsc#1222706 * jsc#PED-5759 * jsc#SLE-13706 * jsc#SLE-15131 * jsc#SLE-15172 * jsc#SLE-15176 Cross-References: * CVE-2020-36780 * CVE-2020-36781 * CVE-2020-36782 * CVE-2020-36783 * CVE-2021-23134 * CVE-2021-29155 * CVE-2021-46908 * CVE-2021-46909 * CVE-2021-46911 * CVE-2021-46914 * CVE-2021-46917 * CVE-2021-46918 * CVE-2021-46919 * CVE-2021-46920 * CVE-2021-46921 * CVE-2021-46922 * CVE-2021-46930 * CVE-2021-46931 * CVE-2021-46933 * CVE-2021-46938 * CVE-2021-46939 * CVE-2021-46943 * CVE-2021-46944 * CVE-2021-46950 * CVE-2021-46951 * CVE-2021-46956 * CVE-2021-46958 * CVE-2021-46959 * CVE-2021-46960 * CVE-2021-46961 * CVE-2021-46962 * CVE-2021-46963 * CVE-2021-46971 * CVE-2021-46976 * CVE-2021-46980 * CVE-2021-46981 * CVE-2021-46983 * CVE-2021-46984 * CVE-2021-46988 * CVE-2021-46990 * CVE-2021-46991 * CVE-2021-46992 * CVE-2021-46998 * CVE-2021-47000 * CVE-2021-47001 * CVE-2021-47003 * CVE-2021-47006 * CVE-2021-47009 * CVE-2021-47013 * CVE-2021-47014 * CVE-2021-47015 * CVE-2021-47017 * CVE-2021-47020 * CVE-2021-47026 * CVE-2021-47034 * CVE-2021-47035 * CVE-2021-47038 * CVE-2021-47044 * CVE-2021-47045 * CVE-2021-47046 * CVE-2021-47049 * CVE-2021-47051 * CVE-2021-47055 * CVE-2021-47056 * CVE-2021-47058 * CVE-2021-47061 * CVE-2021-47063 * CVE-2021-47065 * CVE-2021-47068 * CVE-2021-47069 * CVE-2021-47070 * CVE-2021-47071 * CVE-2021-47073 * CVE-2021-47077 * CVE-2021-47082 * CVE-2021-47087 * CVE-2021-47095 * CVE-2021-47097 * CVE-2021-47100 * CVE-2021-47101 * CVE-2021-47109 * CVE-2021-47110 * CVE-2021-47112 * CVE-2021-47114 * CVE-2021-47117 * CVE-2021-47118 * CVE-2021-47119 * CVE-2021-47120 * CVE-2021-47130 * CVE-2021-47136 * CVE-2021-47137 * CVE-2021-47138 * CVE-2021-47139 * CVE-2021-47141 * CVE-2021-47142 * CVE-2021-47144 * CVE-2021-47150 * CVE-2021-47153 * CVE-2021-47160 * CVE-2021-47161 * CVE-2021-47164 * CVE-2021-47165 * CVE-2021-47166 * CVE-2021-47167 * CVE-2021-47168 * CVE-2021-47169 * CVE-2021-47170 * CVE-2021-47171 * CVE-2021-47172 * CVE-2021-47173 * CVE-2021-47174 * CVE-2021-47175 * CVE-2021-47176 * CVE-2021-47177 * CVE-2021-47179 * CVE-2021-47180 * CVE-2021-47181 * CVE-2021-47183 * CVE-2021-47185 * CVE-2021-47189 * CVE-2022-0487 * CVE-2022-4744 * CVE-2022-48626 * CVE-2023-0160 * CVE-2023-1192 * CVE-2023-28746 * CVE-2023-35827 * CVE-2023-52454 * CVE-2023-52469 * CVE-2023-52470 * CVE-2023-52474 * CVE-2023-52476 * CVE-2023-52477 * CVE-2023-52492 * CVE-2023-52500 * CVE-2023-52508 * CVE-2023-52509 * CVE-2023-52572 * CVE-2023-52575 * CVE-2023-52583 * CVE-2023-52590 * CVE-2023-52591 * CVE-2023-52607 * CVE-2023-52628 * CVE-2023-6270 * CVE-2023-6356 * CVE-2023-6531 * CVE-2023-6535 * CVE-2023-6536 * CVE-2023-7042 * CVE-2023-7192 * CVE-2024-22099 * CVE-2024-26600 * CVE-2024-26614 * CVE-2024-26642 * CVE-2024-26704 * CVE-2024-26733 CVSS scores: * CVE-2020-36780 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36781 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36782 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36783 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-23134 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-23134 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-29155 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-29155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46908 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46909 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46909 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-46914 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46917 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2021-46917 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46918 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-46918 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46919 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46919 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46920 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46920 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46922 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46922 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46930 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-46930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46931 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46933 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2021-46933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2021-46938 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46939 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46939 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46943 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46950 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2021-46950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46951 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46951 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46956 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46959 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46960 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46962 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46963 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46971 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46976 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46980 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46984 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-46998 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47000 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47001 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47009 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47014 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-47015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47017 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47020 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47026 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47034 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47035 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2021-47038 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47044 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47046 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47051 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47055 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47058 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2021-47061 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47063 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47065 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2021-47068 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47073 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47082 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47087 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-47095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47097 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47100 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47101 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47112 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47114 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47117 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47118 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47119 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47130 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47136 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-47137 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2021-47138 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-47139 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47142 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47150 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47153 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47160 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47164 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47165 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47168 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47169 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47170 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47171 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47173 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47173 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47174 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47175 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47179 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47179 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47180 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-0487 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-0487 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48626 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-48626 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0160 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-35827 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52454 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52469 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-52469 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52470 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52474 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-52474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52476 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52477 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52500 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-52508 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52509 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52572 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-52575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52590 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52607 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52628 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7042 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7192 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7192 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-22099 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-22099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26600 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26642 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). * CVE-2021-46911: Fixed kernel panic (bsc#1220400). * CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). * CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). * CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). * CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). * CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). * CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). * CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). * CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). * CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). * CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). * CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). * CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). * CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). * CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). * CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). * CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). * CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). * CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). * CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). * CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). * CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). * CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). * CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). * CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). * CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). * CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). * CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). * CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). * CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). * CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). * CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). * CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). * CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). * CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). * CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). * CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). * CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). * CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). * CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). * CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). * CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). * CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). * CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). * CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). * CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). * CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). * CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). * CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). * CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). * CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). * CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). * CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). * CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). * CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). * CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). * CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). * CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). * CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). * CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). * CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). * CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). * CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). * CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). * CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). * CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). * CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: * fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). * group-source-files.pl: Quote filenames (boo#1221077). * kernel-binary: certs: Avoid trailing space * mm: fix gup_pud_range (bsc#1220824). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1489=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1489=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1489=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1489=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1489=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1489=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-1489=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-1489=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1489=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1489=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.158.1 * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (noarch) * kernel-devel-5.3.18-150300.59.158.1 * kernel-docs-html-5.3.18-150300.59.158.1 * kernel-source-vanilla-5.3.18-150300.59.158.1 * kernel-source-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.158.1 * kernel-debug-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-debug-devel-5.3.18-150300.59.158.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.158.1 * kernel-debug-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-debug-debugsource-5.3.18-150300.59.158.1 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.158.1 * kernel-kvmsmall-devel-5.3.18-150300.59.158.1 * kernel-debug-debuginfo-5.3.18-150300.59.158.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.158.1 * kernel-debug-livepatch-devel-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kselftests-kmp-default-5.3.18-150300.59.158.1 * dlm-kmp-default-5.3.18-150300.59.158.1 * cluster-md-kmp-default-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-default-extra-debuginfo-5.3.18-150300.59.158.1 * kernel-default-livepatch-5.3.18-150300.59.158.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-qa-5.3.18-150300.59.158.1 * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.158.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * gfs2-kmp-default-5.3.18-150300.59.158.1 * kernel-default-livepatch-devel-5.3.18-150300.59.158.1 * kernel-default-extra-5.3.18-150300.59.158.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * ocfs2-kmp-default-5.3.18-150300.59.158.1 * kernel-default-base-rebuild-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-default-optional-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_43-debugsource-1-150300.7.3.5 * kernel-livepatch-5_3_18-150300_59_158-default-1-150300.7.3.5 * kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-1-150300.7.3.5 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_158-preempt-1-150300.7.3.5 * kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-1-150300.7.3.5 * openSUSE Leap 15.3 (aarch64 x86_64) * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-livepatch-devel-5.3.18-150300.59.158.1 * kselftests-kmp-preempt-5.3.18-150300.59.158.1 * dlm-kmp-preempt-5.3.18-150300.59.158.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.158.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * ocfs2-kmp-preempt-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-preempt-5.3.18-150300.59.158.1 * kernel-preempt-extra-5.3.18-150300.59.158.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * cluster-md-kmp-preempt-5.3.18-150300.59.158.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-optional-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * gfs2-kmp-preempt-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.158.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64) * gfs2-kmp-64kb-5.3.18-150300.59.158.1 * dtb-al-5.3.18-150300.59.158.1 * dtb-xilinx-5.3.18-150300.59.158.1 * ocfs2-kmp-64kb-5.3.18-150300.59.158.1 * dtb-marvell-5.3.18-150300.59.158.1 * kernel-64kb-extra-5.3.18-150300.59.158.1 * kselftests-kmp-64kb-5.3.18-150300.59.158.1 * dtb-freescale-5.3.18-150300.59.158.1 * dtb-exynos-5.3.18-150300.59.158.1 * dtb-rockchip-5.3.18-150300.59.158.1 * dtb-broadcom-5.3.18-150300.59.158.1 * dtb-arm-5.3.18-150300.59.158.1 * dtb-mediatek-5.3.18-150300.59.158.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-optional-5.3.18-150300.59.158.1 * dtb-cavium-5.3.18-150300.59.158.1 * dtb-renesas-5.3.18-150300.59.158.1 * dtb-socionext-5.3.18-150300.59.158.1 * cluster-md-kmp-64kb-5.3.18-150300.59.158.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * dtb-amlogic-5.3.18-150300.59.158.1 * dtb-apm-5.3.18-150300.59.158.1 * dtb-allwinner-5.3.18-150300.59.158.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.158.1 * dtb-sprd-5.3.18-150300.59.158.1 * dtb-qcom-5.3.18-150300.59.158.1 * dtb-lg-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-64kb-5.3.18-150300.59.158.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * dtb-altera-5.3.18-150300.59.158.1 * dtb-nvidia-5.3.18-150300.59.158.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-livepatch-devel-5.3.18-150300.59.158.1 * dtb-hisilicon-5.3.18-150300.59.158.1 * dtb-zte-5.3.18-150300.59.158.1 * dlm-kmp-64kb-5.3.18-150300.59.158.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.158.1 * dtb-amd-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-livepatch-5.3.18-150300.59.158.1 * kernel-livepatch-5_3_18-150300_59_158-default-1-150300.7.3.5 * kernel-default-livepatch-devel-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-5.3.18-150300.59.158.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * dlm-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * cluster-md-kmp-default-5.3.18-150300.59.158.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.158.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * gfs2-kmp-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.158.1 * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.158.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.158.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36780.html * https://www.suse.com/security/cve/CVE-2020-36781.html * https://www.suse.com/security/cve/CVE-2020-36782.html * https://www.suse.com/security/cve/CVE-2020-36783.html * https://www.suse.com/security/cve/CVE-2021-23134.html * https://www.suse.com/security/cve/CVE-2021-29155.html * https://www.suse.com/security/cve/CVE-2021-46908.html * https://www.suse.com/security/cve/CVE-2021-46909.html * https://www.suse.com/security/cve/CVE-2021-46911.html * https://www.suse.com/security/cve/CVE-2021-46914.html * https://www.suse.com/security/cve/CVE-2021-46917.html * https://www.suse.com/security/cve/CVE-2021-46918.html * https://www.suse.com/security/cve/CVE-2021-46919.html * https://www.suse.com/security/cve/CVE-2021-46920.html * https://www.suse.com/security/cve/CVE-2021-46921.html * https://www.suse.com/security/cve/CVE-2021-46922.html * https://www.suse.com/security/cve/CVE-2021-46930.html * https://www.suse.com/security/cve/CVE-2021-46931.html * https://www.suse.com/security/cve/CVE-2021-46933.html * https://www.suse.com/security/cve/CVE-2021-46938.html * https://www.suse.com/security/cve/CVE-2021-46939.html * https://www.suse.com/security/cve/CVE-2021-46943.html * https://www.suse.com/security/cve/CVE-2021-46944.html * https://www.suse.com/security/cve/CVE-2021-46950.html * https://www.suse.com/security/cve/CVE-2021-46951.html * https://www.suse.com/security/cve/CVE-2021-46956.html * https://www.suse.com/security/cve/CVE-2021-46958.html * https://www.suse.com/security/cve/CVE-2021-46959.html * https://www.suse.com/security/cve/CVE-2021-46960.html * https://www.suse.com/security/cve/CVE-2021-46961.html * https://www.suse.com/security/cve/CVE-2021-46962.html * https://www.suse.com/security/cve/CVE-2021-46963.html * https://www.suse.com/security/cve/CVE-2021-46971.html * https://www.suse.com/security/cve/CVE-2021-46976.html * https://www.suse.com/security/cve/CVE-2021-46980.html * https://www.suse.com/security/cve/CVE-2021-46981.html * https://www.suse.com/security/cve/CVE-2021-46983.html * https://www.suse.com/security/cve/CVE-2021-46984.html * https://www.suse.com/security/cve/CVE-2021-46988.html * https://www.suse.com/security/cve/CVE-2021-46990.html * https://www.suse.com/security/cve/CVE-2021-46991.html * https://www.suse.com/security/cve/CVE-2021-46992.html * https://www.suse.com/security/cve/CVE-2021-46998.html * https://www.suse.com/security/cve/CVE-2021-47000.html * https://www.suse.com/security/cve/CVE-2021-47001.html * https://www.suse.com/security/cve/CVE-2021-47003.html * https://www.suse.com/security/cve/CVE-2021-47006.html * https://www.suse.com/security/cve/CVE-2021-47009.html * https://www.suse.com/security/cve/CVE-2021-47013.html * https://www.suse.com/security/cve/CVE-2021-47014.html * https://www.suse.com/security/cve/CVE-2021-47015.html * https://www.suse.com/security/cve/CVE-2021-47017.html * https://www.suse.com/security/cve/CVE-2021-47020.html * https://www.suse.com/security/cve/CVE-2021-47026.html * https://www.suse.com/security/cve/CVE-2021-47034.html * https://www.suse.com/security/cve/CVE-2021-47035.html * https://www.suse.com/security/cve/CVE-2021-47038.html * https://www.suse.com/security/cve/CVE-2021-47044.html * https://www.suse.com/security/cve/CVE-2021-47045.html * https://www.suse.com/security/cve/CVE-2021-47046.html * https://www.suse.com/security/cve/CVE-2021-47049.html * https://www.suse.com/security/cve/CVE-2021-47051.html * https://www.suse.com/security/cve/CVE-2021-47055.html * https://www.suse.com/security/cve/CVE-2021-47056.html * https://www.suse.com/security/cve/CVE-2021-47058.html * https://www.suse.com/security/cve/CVE-2021-47061.html * https://www.suse.com/security/cve/CVE-2021-47063.html * https://www.suse.com/security/cve/CVE-2021-47065.html * https://www.suse.com/security/cve/CVE-2021-47068.html * https://www.suse.com/security/cve/CVE-2021-47069.html * https://www.suse.com/security/cve/CVE-2021-47070.html * https://www.suse.com/security/cve/CVE-2021-47071.html * https://www.suse.com/security/cve/CVE-2021-47073.html * https://www.suse.com/security/cve/CVE-2021-47077.html * https://www.suse.com/security/cve/CVE-2021-47082.html * https://www.suse.com/security/cve/CVE-2021-47087.html * https://www.suse.com/security/cve/CVE-2021-47095.html * https://www.suse.com/security/cve/CVE-2021-47097.html * https://www.suse.com/security/cve/CVE-2021-47100.html * https://www.suse.com/security/cve/CVE-2021-47101.html * https://www.suse.com/security/cve/CVE-2021-47109.html * https://www.suse.com/security/cve/CVE-2021-47110.html * https://www.suse.com/security/cve/CVE-2021-47112.html * https://www.suse.com/security/cve/CVE-2021-47114.html * https://www.suse.com/security/cve/CVE-2021-47117.html * https://www.suse.com/security/cve/CVE-2021-47118.html * https://www.suse.com/security/cve/CVE-2021-47119.html * https://www.suse.com/security/cve/CVE-2021-47120.html * https://www.suse.com/security/cve/CVE-2021-47130.html * https://www.suse.com/security/cve/CVE-2021-47136.html * https://www.suse.com/security/cve/CVE-2021-47137.html * https://www.suse.com/security/cve/CVE-2021-47138.html * https://www.suse.com/security/cve/CVE-2021-47139.html * https://www.suse.com/security/cve/CVE-2021-47141.html * https://www.suse.com/security/cve/CVE-2021-47142.html * https://www.suse.com/security/cve/CVE-2021-47144.html * https://www.suse.com/security/cve/CVE-2021-47150.html * https://www.suse.com/security/cve/CVE-2021-47153.html * https://www.suse.com/security/cve/CVE-2021-47160.html * https://www.suse.com/security/cve/CVE-2021-47161.html * https://www.suse.com/security/cve/CVE-2021-47164.html * https://www.suse.com/security/cve/CVE-2021-47165.html * https://www.suse.com/security/cve/CVE-2021-47166.html * https://www.suse.com/security/cve/CVE-2021-47167.html * https://www.suse.com/security/cve/CVE-2021-47168.html * https://www.suse.com/security/cve/CVE-2021-47169.html * https://www.suse.com/security/cve/CVE-2021-47170.html * https://www.suse.com/security/cve/CVE-2021-47171.html * https://www.suse.com/security/cve/CVE-2021-47172.html * https://www.suse.com/security/cve/CVE-2021-47173.html * https://www.suse.com/security/cve/CVE-2021-47174.html * https://www.suse.com/security/cve/CVE-2021-47175.html * https://www.suse.com/security/cve/CVE-2021-47176.html * https://www.suse.com/security/cve/CVE-2021-47177.html * https://www.suse.com/security/cve/CVE-2021-47179.html * https://www.suse.com/security/cve/CVE-2021-47180.html * https://www.suse.com/security/cve/CVE-2021-47181.html * https://www.suse.com/security/cve/CVE-2021-47183.html * https://www.suse.com/security/cve/CVE-2021-47185.html * https://www.suse.com/security/cve/CVE-2021-47189.html * https://www.suse.com/security/cve/CVE-2022-0487.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2022-48626.html * https://www.suse.com/security/cve/CVE-2023-0160.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-28746.html * https://www.suse.com/security/cve/CVE-2023-35827.html * https://www.suse.com/security/cve/CVE-2023-52454.html * https://www.suse.com/security/cve/CVE-2023-52469.html * https://www.suse.com/security/cve/CVE-2023-52470.html * https://www.suse.com/security/cve/CVE-2023-52474.html * https://www.suse.com/security/cve/CVE-2023-52476.html * https://www.suse.com/security/cve/CVE-2023-52477.html * https://www.suse.com/security/cve/CVE-2023-52492.html * https://www.suse.com/security/cve/CVE-2023-52500.html * https://www.suse.com/security/cve/CVE-2023-52508.html * https://www.suse.com/security/cve/CVE-2023-52509.html * https://www.suse.com/security/cve/CVE-2023-52572.html * https://www.suse.com/security/cve/CVE-2023-52575.html * https://www.suse.com/security/cve/CVE-2023-52583.html * https://www.suse.com/security/cve/CVE-2023-52590.html * https://www.suse.com/security/cve/CVE-2023-52591.html * https://www.suse.com/security/cve/CVE-2023-52607.html * https://www.suse.com/security/cve/CVE-2023-52628.html * https://www.suse.com/security/cve/CVE-2023-6270.html * https://www.suse.com/security/cve/CVE-2023-6356.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6535.html * https://www.suse.com/security/cve/CVE-2023-6536.html * https://www.suse.com/security/cve/CVE-2023-7042.html * https://www.suse.com/security/cve/CVE-2023-7192.html * https://www.suse.com/security/cve/CVE-2024-22099.html * https://www.suse.com/security/cve/CVE-2024-26600.html * https://www.suse.com/security/cve/CVE-2024-26614.html * https://www.suse.com/security/cve/CVE-2024-26642.html * https://www.suse.com/security/cve/CVE-2024-26704.html * https://www.suse.com/security/cve/CVE-2024-26733.html * https://bugzilla.suse.com/show_bug.cgi?id=1184942 * https://bugzilla.suse.com/show_bug.cgi?id=1186060 * https://bugzilla.suse.com/show_bug.cgi?id=1192145 * https://bugzilla.suse.com/show_bug.cgi?id=1194516 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209657 * https://bugzilla.suse.com/show_bug.cgi?id=1212514 * https://bugzilla.suse.com/show_bug.cgi?id=1213456 * https://bugzilla.suse.com/show_bug.cgi?id=1217987 * https://bugzilla.suse.com/show_bug.cgi?id=1217988 * https://bugzilla.suse.com/show_bug.cgi?id=1217989 * https://bugzilla.suse.com/show_bug.cgi?id=1218336 * https://bugzilla.suse.com/show_bug.cgi?id=1218447 * https://bugzilla.suse.com/show_bug.cgi?id=1218479 * https://bugzilla.suse.com/show_bug.cgi?id=1218562 * https://bugzilla.suse.com/show_bug.cgi?id=1219170 * https://bugzilla.suse.com/show_bug.cgi?id=1219264 * https://bugzilla.suse.com/show_bug.cgi?id=1220320 * https://bugzilla.suse.com/show_bug.cgi?id=1220340 * https://bugzilla.suse.com/show_bug.cgi?id=1220366 * https://bugzilla.suse.com/show_bug.cgi?id=1220400 * https://bugzilla.suse.com/show_bug.cgi?id=1220411 * https://bugzilla.suse.com/show_bug.cgi?id=1220413 * https://bugzilla.suse.com/show_bug.cgi?id=1220414 * https://bugzilla.suse.com/show_bug.cgi?id=1220425 * https://bugzilla.suse.com/show_bug.cgi?id=1220426 * https://bugzilla.suse.com/show_bug.cgi?id=1220429 * https://bugzilla.suse.com/show_bug.cgi?id=1220432 * https://bugzilla.suse.com/show_bug.cgi?id=1220442 * https://bugzilla.suse.com/show_bug.cgi?id=1220445 * https://bugzilla.suse.com/show_bug.cgi?id=1220465 * https://bugzilla.suse.com/show_bug.cgi?id=1220468 * https://bugzilla.suse.com/show_bug.cgi?id=1220475 * https://bugzilla.suse.com/show_bug.cgi?id=1220484 * https://bugzilla.suse.com/show_bug.cgi?id=1220486 * https://bugzilla.suse.com/show_bug.cgi?id=1220487 * https://bugzilla.suse.com/show_bug.cgi?id=1220516 * https://bugzilla.suse.com/show_bug.cgi?id=1220521 * https://bugzilla.suse.com/show_bug.cgi?id=1220528 * https://bugzilla.suse.com/show_bug.cgi?id=1220529 * https://bugzilla.suse.com/show_bug.cgi?id=1220532 * https://bugzilla.suse.com/show_bug.cgi?id=1220554 * https://bugzilla.suse.com/show_bug.cgi?id=1220556 * https://bugzilla.suse.com/show_bug.cgi?id=1220557 * https://bugzilla.suse.com/show_bug.cgi?id=1220560 * https://bugzilla.suse.com/show_bug.cgi?id=1220561 * https://bugzilla.suse.com/show_bug.cgi?id=1220566 * https://bugzilla.suse.com/show_bug.cgi?id=1220575 * https://bugzilla.suse.com/show_bug.cgi?id=1220580 * https://bugzilla.suse.com/show_bug.cgi?id=1220583 * https://bugzilla.suse.com/show_bug.cgi?id=1220611 * https://bugzilla.suse.com/show_bug.cgi?id=1220615 * https://bugzilla.suse.com/show_bug.cgi?id=1220621 * https://bugzilla.suse.com/show_bug.cgi?id=1220625 * https://bugzilla.suse.com/show_bug.cgi?id=1220630 * https://bugzilla.suse.com/show_bug.cgi?id=1220631 * https://bugzilla.suse.com/show_bug.cgi?id=1220638 * https://bugzilla.suse.com/show_bug.cgi?id=1220639 * https://bugzilla.suse.com/show_bug.cgi?id=1220640 * https://bugzilla.suse.com/show_bug.cgi?id=1220641 * https://bugzilla.suse.com/show_bug.cgi?id=1220662 * https://bugzilla.suse.com/show_bug.cgi?id=1220663 * https://bugzilla.suse.com/show_bug.cgi?id=1220669 * https://bugzilla.suse.com/show_bug.cgi?id=1220670 * https://bugzilla.suse.com/show_bug.cgi?id=1220677 * https://bugzilla.suse.com/show_bug.cgi?id=1220678 * https://bugzilla.suse.com/show_bug.cgi?id=1220685 * https://bugzilla.suse.com/show_bug.cgi?id=1220687 * https://bugzilla.suse.com/show_bug.cgi?id=1220688 * https://bugzilla.suse.com/show_bug.cgi?id=1220692 * https://bugzilla.suse.com/show_bug.cgi?id=1220697 * https://bugzilla.suse.com/show_bug.cgi?id=1220703 * https://bugzilla.suse.com/show_bug.cgi?id=1220706 * https://bugzilla.suse.com/show_bug.cgi?id=1220733 * https://bugzilla.suse.com/show_bug.cgi?id=1220734 * https://bugzilla.suse.com/show_bug.cgi?id=1220739 * https://bugzilla.suse.com/show_bug.cgi?id=1220743 * https://bugzilla.suse.com/show_bug.cgi?id=1220745 * https://bugzilla.suse.com/show_bug.cgi?id=1220749 * https://bugzilla.suse.com/show_bug.cgi?id=1220751 * https://bugzilla.suse.com/show_bug.cgi?id=1220753 * https://bugzilla.suse.com/show_bug.cgi?id=1220758 * https://bugzilla.suse.com/show_bug.cgi?id=1220759 * https://bugzilla.suse.com/show_bug.cgi?id=1220764 * https://bugzilla.suse.com/show_bug.cgi?id=1220768 * https://bugzilla.suse.com/show_bug.cgi?id=1220769 * https://bugzilla.suse.com/show_bug.cgi?id=1220777 * https://bugzilla.suse.com/show_bug.cgi?id=1220779 * https://bugzilla.suse.com/show_bug.cgi?id=1220785 * https://bugzilla.suse.com/show_bug.cgi?id=1220790 * https://bugzilla.suse.com/show_bug.cgi?id=1220794 * https://bugzilla.suse.com/show_bug.cgi?id=1220824 * https://bugzilla.suse.com/show_bug.cgi?id=1220826 * https://bugzilla.suse.com/show_bug.cgi?id=1220829 * https://bugzilla.suse.com/show_bug.cgi?id=1220836 * https://bugzilla.suse.com/show_bug.cgi?id=1220846 * https://bugzilla.suse.com/show_bug.cgi?id=1220850 * https://bugzilla.suse.com/show_bug.cgi?id=1220861 * https://bugzilla.suse.com/show_bug.cgi?id=1220871 * https://bugzilla.suse.com/show_bug.cgi?id=1220883 * https://bugzilla.suse.com/show_bug.cgi?id=1220946 * https://bugzilla.suse.com/show_bug.cgi?id=1220954 * https://bugzilla.suse.com/show_bug.cgi?id=1220969 * https://bugzilla.suse.com/show_bug.cgi?id=1220979 * https://bugzilla.suse.com/show_bug.cgi?id=1220982 * https://bugzilla.suse.com/show_bug.cgi?id=1220985 * https://bugzilla.suse.com/show_bug.cgi?id=1220987 * https://bugzilla.suse.com/show_bug.cgi?id=1221015 * https://bugzilla.suse.com/show_bug.cgi?id=1221044 * https://bugzilla.suse.com/show_bug.cgi?id=1221058 * https://bugzilla.suse.com/show_bug.cgi?id=1221061 * https://bugzilla.suse.com/show_bug.cgi?id=1221077 * https://bugzilla.suse.com/show_bug.cgi?id=1221088 * https://bugzilla.suse.com/show_bug.cgi?id=1221276 * https://bugzilla.suse.com/show_bug.cgi?id=1221293 * https://bugzilla.suse.com/show_bug.cgi?id=1221532 * https://bugzilla.suse.com/show_bug.cgi?id=1221534 * https://bugzilla.suse.com/show_bug.cgi?id=1221541 * https://bugzilla.suse.com/show_bug.cgi?id=1221548 * https://bugzilla.suse.com/show_bug.cgi?id=1221552 * https://bugzilla.suse.com/show_bug.cgi?id=1221575 * https://bugzilla.suse.com/show_bug.cgi?id=1221605 * https://bugzilla.suse.com/show_bug.cgi?id=1221606 * https://bugzilla.suse.com/show_bug.cgi?id=1221608 * https://bugzilla.suse.com/show_bug.cgi?id=1221830 * https://bugzilla.suse.com/show_bug.cgi?id=1221931 * https://bugzilla.suse.com/show_bug.cgi?id=1221932 * https://bugzilla.suse.com/show_bug.cgi?id=1221934 * https://bugzilla.suse.com/show_bug.cgi?id=1221935 * https://bugzilla.suse.com/show_bug.cgi?id=1221949 * https://bugzilla.suse.com/show_bug.cgi?id=1221952 * https://bugzilla.suse.com/show_bug.cgi?id=1221965 * https://bugzilla.suse.com/show_bug.cgi?id=1221966 * https://bugzilla.suse.com/show_bug.cgi?id=1221969 * https://bugzilla.suse.com/show_bug.cgi?id=1221973 * https://bugzilla.suse.com/show_bug.cgi?id=1221974 * https://bugzilla.suse.com/show_bug.cgi?id=1221978 * https://bugzilla.suse.com/show_bug.cgi?id=1221989 * https://bugzilla.suse.com/show_bug.cgi?id=1221990 * https://bugzilla.suse.com/show_bug.cgi?id=1221991 * https://bugzilla.suse.com/show_bug.cgi?id=1221992 * https://bugzilla.suse.com/show_bug.cgi?id=1221993 * https://bugzilla.suse.com/show_bug.cgi?id=1221994 * https://bugzilla.suse.com/show_bug.cgi?id=1221996 * https://bugzilla.suse.com/show_bug.cgi?id=1221997 * https://bugzilla.suse.com/show_bug.cgi?id=1221998 * https://bugzilla.suse.com/show_bug.cgi?id=1221999 * https://bugzilla.suse.com/show_bug.cgi?id=1222000 * https://bugzilla.suse.com/show_bug.cgi?id=1222001 * https://bugzilla.suse.com/show_bug.cgi?id=1222002 * https://bugzilla.suse.com/show_bug.cgi?id=1222003 * https://bugzilla.suse.com/show_bug.cgi?id=1222004 * https://bugzilla.suse.com/show_bug.cgi?id=1222117 * https://bugzilla.suse.com/show_bug.cgi?id=1222422 * https://bugzilla.suse.com/show_bug.cgi?id=1222585 * https://bugzilla.suse.com/show_bug.cgi?id=1222619 * https://bugzilla.suse.com/show_bug.cgi?id=1222660 * https://bugzilla.suse.com/show_bug.cgi?id=1222664 * https://bugzilla.suse.com/show_bug.cgi?id=1222669 * https://bugzilla.suse.com/show_bug.cgi?id=1222706 * https://jira.suse.com/browse/PED-5759 * https://jira.suse.com/browse/SLE-13706 * https://jira.suse.com/browse/SLE-15131 * https://jira.suse.com/browse/SLE-15172 * https://jira.suse.com/browse/SLE-15176

1 0

SUSE-SU-2024:1663-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:1663-1 Rating: important References: * bsc#1141539 * bsc#1177529 * bsc#1190576 * bsc#1192145 * bsc#1192837 * bsc#1193629 * bsc#1196869 * bsc#1200313 * bsc#1201308 * bsc#1201489 * bsc#1203906 * bsc#1203935 * bsc#1204614 * bsc#1207361 * bsc#1211592 * bsc#1213573 * bsc#1217408 * bsc#1218562 * bsc#1218917 * bsc#1219104 * bsc#1219126 * bsc#1219141 * bsc#1219169 * bsc#1219170 * bsc#1219264 * bsc#1220342 * bsc#1220492 * bsc#1220569 * bsc#1220761 * bsc#1220901 * bsc#1220915 * bsc#1220935 * bsc#1221042 * bsc#1221044 * bsc#1221080 * bsc#1221084 * bsc#1221088 * bsc#1221162 * bsc#1221299 * bsc#1221612 * bsc#1221617 * bsc#1221645 * bsc#1221791 * bsc#1221825 * bsc#1222011 * bsc#1222051 * bsc#1222247 * bsc#1222266 * bsc#1222294 * bsc#1222307 * bsc#1222357 * bsc#1222368 * bsc#1222379 * bsc#1222416 * bsc#1222422 * bsc#1222424 * bsc#1222427 * bsc#1222428 * bsc#1222430 * bsc#1222431 * bsc#1222435 * bsc#1222437 * bsc#1222445 * bsc#1222449 * bsc#1222482 * bsc#1222503 * bsc#1222520 * bsc#1222536 * bsc#1222549 * bsc#1222550 * bsc#1222557 * bsc#1222559 * bsc#1222585 * bsc#1222586 * bsc#1222596 * bsc#1222609 * bsc#1222610 * bsc#1222613 * bsc#1222615 * bsc#1222618 * bsc#1222624 * bsc#1222630 * bsc#1222632 * bsc#1222660 * bsc#1222662 * bsc#1222664 * bsc#1222666 * bsc#1222669 * bsc#1222671 * bsc#1222677 * bsc#1222678 * bsc#1222680 * bsc#1222703 * bsc#1222704 * bsc#1222706 * bsc#1222709 * bsc#1222710 * bsc#1222720 * bsc#1222721 * bsc#1222724 * bsc#1222726 * bsc#1222727 * bsc#1222764 * bsc#1222772 * bsc#1222773 * bsc#1222776 * bsc#1222781 * bsc#1222784 * bsc#1222785 * bsc#1222787 * bsc#1222790 * bsc#1222791 * bsc#1222792 * bsc#1222796 * bsc#1222798 * bsc#1222801 * bsc#1222812 * bsc#1222824 * bsc#1222829 * bsc#1222832 * bsc#1222836 * bsc#1222838 * bsc#1222866 * bsc#1222867 * bsc#1222869 * bsc#1222876 * bsc#1222878 * bsc#1222879 * bsc#1222881 * bsc#1222883 * bsc#1222888 * bsc#1222894 * bsc#1222901 * bsc#1222968 * bsc#1223012 * bsc#1223014 * bsc#1223016 * bsc#1223024 * bsc#1223030 * bsc#1223033 * bsc#1223034 * bsc#1223035 * bsc#1223036 * bsc#1223037 * bsc#1223041 * bsc#1223042 * bsc#1223051 * bsc#1223052 * bsc#1223056 * bsc#1223057 * bsc#1223058 * bsc#1223060 * bsc#1223061 * bsc#1223065 * bsc#1223066 * bsc#1223067 * bsc#1223068 * bsc#1223076 * bsc#1223078 * bsc#1223111 * bsc#1223115 * bsc#1223118 * bsc#1223187 * bsc#1223189 * bsc#1223190 * bsc#1223191 * bsc#1223196 * bsc#1223197 * bsc#1223198 * bsc#1223275 * bsc#1223323 * bsc#1223369 * bsc#1223380 * bsc#1223473 * bsc#1223474 * bsc#1223475 * bsc#1223477 * bsc#1223478 * bsc#1223479 * bsc#1223481 * bsc#1223482 * bsc#1223484 * bsc#1223487 * bsc#1223490 * bsc#1223496 * bsc#1223498 * bsc#1223499 * bsc#1223501 * bsc#1223502 * bsc#1223503 * bsc#1223505 * bsc#1223509 * bsc#1223511 * bsc#1223512 * bsc#1223513 * bsc#1223516 * bsc#1223517 * bsc#1223518 * bsc#1223519 * bsc#1223520 * bsc#1223522 * bsc#1223523 * bsc#1223525 * bsc#1223536 * bsc#1223539 * bsc#1223574 * bsc#1223595 * bsc#1223598 * bsc#1223634 * bsc#1223640 * bsc#1223643 * bsc#1223644 * bsc#1223645 * bsc#1223646 * bsc#1223648 * bsc#1223655 * bsc#1223657 * bsc#1223660 * bsc#1223661 * bsc#1223663 * bsc#1223664 * bsc#1223668 * bsc#1223686 * bsc#1223693 * bsc#1223705 * bsc#1223714 * bsc#1223735 * bsc#1223745 * bsc#1223784 * bsc#1223785 * bsc#1223790 * bsc#1223816 * bsc#1223821 * bsc#1223822 * bsc#1223824 * bsc#1223827 * bsc#1223834 * bsc#1223875 * bsc#1223876 * bsc#1223877 * bsc#1223878 * bsc#1223879 * bsc#1223894 * bsc#1223921 * bsc#1223922 * bsc#1223923 * bsc#1223924 * bsc#1223929 * bsc#1223931 * bsc#1223932 * bsc#1223934 * bsc#1223941 * bsc#1223948 * bsc#1223949 * bsc#1223950 * bsc#1223951 * bsc#1223952 * bsc#1223953 * bsc#1223956 * bsc#1223957 * bsc#1223960 * bsc#1223962 * bsc#1223963 * bsc#1223964 * jsc#PED-1166 * jsc#PED-1168 * jsc#PED-1170 * jsc#PED-1218 * jsc#PED-1220 * jsc#PED-1222 * jsc#PED-1223 * jsc#PED-1225 * jsc#PED-1565 * jsc#PED-2849 * jsc#PED-376 * jsc#PED-542 * jsc#PED-7167 * jsc#PED-7619 * jsc#SLE-18378 * jsc#SLE-18383 * jsc#SLE-18385 * jsc#SLE-18978 * jsc#SLE-19249 * jsc#SLE-19253 Cross-References: * CVE-2021-47047 * CVE-2021-47181 * CVE-2021-47182 * CVE-2021-47183 * CVE-2021-47184 * CVE-2021-47185 * CVE-2021-47187 * CVE-2021-47188 * CVE-2021-47189 * CVE-2021-47191 * CVE-2021-47192 * CVE-2021-47193 * CVE-2021-47194 * CVE-2021-47195 * CVE-2021-47196 * CVE-2021-47197 * CVE-2021-47198 * CVE-2021-47199 * CVE-2021-47200 * CVE-2021-47201 * CVE-2021-47202 * CVE-2021-47203 * CVE-2021-47204 * CVE-2021-47205 * CVE-2021-47206 * CVE-2021-47207 * CVE-2021-47209 * CVE-2021-47210 * CVE-2021-47211 * CVE-2021-47212 * CVE-2021-47214 * CVE-2021-47215 * CVE-2021-47216 * CVE-2021-47217 * CVE-2021-47218 * CVE-2021-47219 * CVE-2022-48631 * CVE-2022-48632 * CVE-2022-48634 * CVE-2022-48636 * CVE-2022-48637 * CVE-2022-48638 * CVE-2022-48639 * CVE-2022-48640 * CVE-2022-48642 * CVE-2022-48644 * CVE-2022-48646 * CVE-2022-48647 * CVE-2022-48648 * CVE-2022-48650 * CVE-2022-48651 * CVE-2022-48652 * CVE-2022-48653 * CVE-2022-48654 * CVE-2022-48655 * CVE-2022-48656 * CVE-2022-48657 * CVE-2022-48658 * CVE-2022-48659 * CVE-2022-48660 * CVE-2022-48662 * CVE-2022-48663 * CVE-2022-48667 * CVE-2022-48668 * CVE-2022-48671 * CVE-2022-48672 * CVE-2022-48673 * CVE-2022-48675 * CVE-2022-48686 * CVE-2022-48687 * CVE-2022-48688 * CVE-2022-48690 * CVE-2022-48692 * CVE-2022-48693 * CVE-2022-48694 * CVE-2022-48695 * CVE-2022-48697 * CVE-2022-48698 * CVE-2022-48700 * CVE-2022-48701 * CVE-2022-48702 * CVE-2022-48703 * CVE-2022-48704 * CVE-2023-2860 * CVE-2023-52488 * CVE-2023-52503 * CVE-2023-52561 * CVE-2023-52585 * CVE-2023-52589 * CVE-2023-52590 * CVE-2023-52591 * CVE-2023-52593 * CVE-2023-52614 * CVE-2023-52616 * CVE-2023-52620 * CVE-2023-52627 * CVE-2023-52635 * CVE-2023-52636 * CVE-2023-52645 * CVE-2023-52652 * CVE-2023-6270 * CVE-2024-0639 * CVE-2024-0841 * CVE-2024-22099 * CVE-2024-23307 * CVE-2024-23848 * CVE-2024-23850 * CVE-2024-26601 * CVE-2024-26610 * CVE-2024-26656 * CVE-2024-26660 * CVE-2024-26671 * CVE-2024-26673 * CVE-2024-26675 * CVE-2024-26680 * CVE-2024-26681 * CVE-2024-26684 * CVE-2024-26685 * CVE-2024-26687 * CVE-2024-26688 * CVE-2024-26689 * CVE-2024-26696 * CVE-2024-26697 * CVE-2024-26702 * CVE-2024-26704 * CVE-2024-26718 * CVE-2024-26722 * CVE-2024-26727 * CVE-2024-26733 * CVE-2024-26736 * CVE-2024-26737 * CVE-2024-26739 * CVE-2024-26743 * CVE-2024-26744 * CVE-2024-26745 * CVE-2024-26747 * CVE-2024-26749 * CVE-2024-26751 * CVE-2024-26754 * CVE-2024-26760 * CVE-2024-267600 * CVE-2024-26763 * CVE-2024-26764 * CVE-2024-26766 * CVE-2024-26769 * CVE-2024-26771 * CVE-2024-26772 * CVE-2024-26773 * CVE-2024-26776 * CVE-2024-26779 * CVE-2024-26783 * CVE-2024-26787 * CVE-2024-26790 * CVE-2024-26792 * CVE-2024-26793 * CVE-2024-26798 * CVE-2024-26805 * CVE-2024-26807 * CVE-2024-26816 * CVE-2024-26817 * CVE-2024-26820 * CVE-2024-26825 * CVE-2024-26830 * CVE-2024-26833 * CVE-2024-26836 * CVE-2024-26843 * CVE-2024-26848 * CVE-2024-26852 * CVE-2024-26853 * CVE-2024-26855 * CVE-2024-26856 * CVE-2024-26857 * CVE-2024-26861 * CVE-2024-26862 * CVE-2024-26866 * CVE-2024-26872 * CVE-2024-26875 * CVE-2024-26878 * CVE-2024-26879 * CVE-2024-26881 * CVE-2024-26882 * CVE-2024-26883 * CVE-2024-26884 * CVE-2024-26885 * CVE-2024-26891 * CVE-2024-26893 * CVE-2024-26895 * CVE-2024-26896 * CVE-2024-26897 * CVE-2024-26898 * CVE-2024-26901 * CVE-2024-26903 * CVE-2024-26917 * CVE-2024-26927 * CVE-2024-26948 * CVE-2024-26950 * CVE-2024-26951 * CVE-2024-26955 * CVE-2024-26956 * CVE-2024-26960 * CVE-2024-26965 * CVE-2024-26966 * CVE-2024-26969 * CVE-2024-26970 * CVE-2024-26972 * CVE-2024-26981 * CVE-2024-26982 * CVE-2024-26993 * CVE-2024-27013 * CVE-2024-27014 * CVE-2024-27030 * CVE-2024-27038 * CVE-2024-27039 * CVE-2024-27041 * CVE-2024-27043 * CVE-2024-27046 * CVE-2024-27056 * CVE-2024-27062 * CVE-2024-27389 CVSS scores: * CVE-2021-47047 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2021-47181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47182 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47191 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47192 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47194 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47194 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47195 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47196 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47198 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47199 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47203 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47204 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47206 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47209 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47210 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47211 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47212 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47214 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47216 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47217 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47218 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47219 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48634 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48637 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48638 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48639 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48642 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48644 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48648 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48650 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48653 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48654 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48654 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48655 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48655 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48656 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48657 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48658 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48658 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48659 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48659 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48660 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48660 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48667 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2022-48668 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2022-48671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48671 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48672 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-48672 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48673 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48675 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48686 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48686 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48687 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-48687 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48688 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48693 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48697 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48698 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48700 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48701 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48702 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2022-48703 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52488 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52503 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-52561 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52585 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52589 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52590 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52593 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-52614 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52616 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52620 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52627 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52645 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52652 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-0639 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0841 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0841 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-22099 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-22099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23848 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-23848 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23850 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26601 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26656 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26660 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26673 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26675 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26680 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26681 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26684 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26687 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26696 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26697 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26718 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26736 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26737 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26743 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26745 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26747 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26749 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26751 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26763 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-26764 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26779 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26790 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26792 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26793 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26807 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26816 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26820 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26825 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26833 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26836 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26843 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26848 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26861 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26866 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26872 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26875 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26878 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26879 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26881 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26882 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26882 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26883 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26884 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26885 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26885 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26891 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26893 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26895 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26896 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26898 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26898 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26901 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-26901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26903 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26903 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26917 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26927 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26955 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26956 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26966 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26993 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-27013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27014 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27030 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-27038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27039 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27041 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27043 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27046 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 219 vulnerabilities, contains 20 features and has 45 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). * CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). * CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). * CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). * CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). * CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). * CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). * CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). * CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). * CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). * CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). * CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). * CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). * CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). * CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). * CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). * CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). * CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). * CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). * CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). * CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). * CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). * CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). * CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). * CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). * CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). * CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). * CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). * CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). * CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). * CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). * CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). * CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). * CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). * CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). * CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). * CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). * CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). * CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). * CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). * CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). * CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). * CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). * CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). * CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). * CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). * CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). * CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). * CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). * CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772). * CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). * CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). * CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). * CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). * CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). * CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). * CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596). * CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). * CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). * CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609). * CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). * CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). * CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). * CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). * CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). * CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). * CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). * CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). * CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). * CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). * CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). * CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). * CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). * CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). * CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). * CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). * CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). * CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). * CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). * CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). * CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). * CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). * CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). * CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). * CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). * CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). * CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). * CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). * CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). * CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). * CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). * CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). * CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). * CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). * CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). * CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). * CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). * CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). * CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). * CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). * CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). * CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). * CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). * CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). * CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). * CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). * CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). * CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). * CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). * CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb- audio (bsc#1222869). * CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790). * CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888). * CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) * CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). * CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). * CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). * CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). * CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666). * CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). * CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). * CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: * ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). * ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). * ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). * ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). * ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). * ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git- fixes). * ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable- fixes). * ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable- fixes). * ALSA: scarlett2: Add correct product series name to messages (stable-fixes). * ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). * ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). * ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). * ASoC: meson: axg-card: make links nonatomic (git-fixes). * ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). * ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). * ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). * ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). * ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). * Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). * Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). * Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). * Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable- fixes). * Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). * Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). * Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). * Bluetooth: add quirk for broken address properties (git-fixes). * Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable- fixes). * Bluetooth: btintel: Fixe build regression (git-fixes). * Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable- fixes). * Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). * Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). * Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). * Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). * Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). * HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). * HID: logitech-dj: allow mice to use all types of reports (git-fixes). * HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). * Input: allocate keycode for Display refresh rate toggle (stable-fixes). * Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails (stable-fixes). * NFC: trf7970a: disable all regulators on removal (git-fixes). * NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). * PCI/AER: Block runtime suspend when handling errors (git-fixes). * PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). * PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). * PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). * PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). * PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). * PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). * RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). * RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). * RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) * README.BRANCH: Correct email address for Petr Tesarik * README.BRANCH: Remove copy of branch name * Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes). * Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" (stable-fixes). * Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes). * Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275) * Revert "usb: cdc-wdm: close race between read and workqueue" (git-fixes). * Revert "usb: phy: generic: Get the vbus supply" (git-fixes). * USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). * USB: serial: add device ID for VeriFone adapter (stable-fixes). * USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). * USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable- fixes). * USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable- fixes). * USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). * USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). * USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). * USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable- fixes). * USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). * USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). * USB: serial: option: support Quectel EM060K sub-models (stable-fixes). * ahci: asm1064: asm1166: do not limit reported ports (git-fixes). * ahci: asm1064: correct count of reported ports (stable-fixes). * arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) * arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git- fixes) * arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git- fixes) * arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) * arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git- fixes) * arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) * arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) * arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). * ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). * batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). * bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). * bcache: Remove dead references to cache_readaheads (git-fixes). * bcache: Remove unnecessary NULL point check in node allocations (git-fixes). * bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). * bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). * bcache: avoid oversize memory allocation by small stripe_size (git-fixes). * bcache: bset: Fix comment typos (git-fixes). * bcache: check return value from btree_node_alloc_replacement() (git-fixes). * bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). * bcache: fix error info in register_bcache() (git-fixes). * bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). * bcache: fixup btree_cache_wait list damage (git-fixes). * bcache: fixup init dirty data errors (git-fixes). * bcache: fixup lock c->root error (git-fixes). * bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git- fixes). * bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). * bcache: move uapi header bcache.h to bcache code directory (git-fixes). * bcache: prevent potential division by zero error (git-fixes). * bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). * bcache: remove redundant assignment to variable cur_idx (git-fixes). * bcache: remove the backing_dev_name field from struct cached_dev (git- fixes). * bcache: remove the cache_dev_name field from struct cache (git-fixes). * bcache: remove unnecessary flush_workqueue (git-fixes). * bcache: remove unused bch_mark_cache_readahead function def in stats.h (git- fixes). * bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). * bcache: replace snprintf in show functions with sysfs_emit (git-fixes). * bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). * bcache: use bvec_kmap_local in bch_data_verify (git-fixes). * bcache: use bvec_kmap_local in bio_csum (git-fixes). * bcache: use default_groups in kobj_type (git-fixes). * bcache:: fix repeated words in comments (git-fixes). * ceph: stop copying to iter at EOF on sync reads (bsc#1223068). * ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). * clk: Get runtime PM before walking tree during disable_unused (git-fixes). * clk: Initialize struct clk_core kref earlier (stable-fixes). * clk: Mark 'all_lists' as const (stable-fixes). * clk: Print an info line before disabling unused clocks (stable-fixes). * clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). * clk: remove extra empty line (stable-fixes). * comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). * dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). * dm cache: add cond_resched() to various workqueue loops (git-fixes). * dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git- fixes). * dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). * dm crypt: avoid accessing uninitialized tasklet (git-fixes). * dm flakey: do not corrupt the zero page (git-fixes). * dm flakey: fix a bug with 32-bit highmem systems (git-fixes). * dm flakey: fix a crash with invalid table line (git-fixes). * dm flakey: fix logic when corrupting a bio (git-fixes). * dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). * dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). * dm integrity: fix out-of-range warning (git-fixes). * dm integrity: reduce vmalloc space footprint on 32-bit architectures (git- fixes). * dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). * dm raid: fix false positive for requeue needed during reshape (git-fixes). * dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git- fixes). * dm stats: check for and propagate alloc_percpu failure (git-fixes). * dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git- fixes). * dm thin metadata: check fail_io before using data_sm (git-fixes). * dm thin: add cond_resched() to various workqueue loops (git-fixes). * dm thin: fix deadlock when swapping to thin device (bsc#1177529). * dm verity: do not perform FEC for failed readahead IO (git-fixes). * dm verity: fix error handling for check_at_most_once on FEC (git-fixes). * dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). * dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). * dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). * dm-raid: fix lockdep waring in "pers->hot_add_disk" (git-fixes). * dm-verity, dm-crypt: align "struct bvec_iter" correctly (git-fixes). * dm-verity: align struct dm_verity_fec_io properly (git-fixes). * dm: add cond_resched() to dm_wq_work() (git-fixes). * dm: call the resume method on internal suspend (git-fixes). * dm: do not lock fs when the map is NULL during suspend or resume (git- fixes). * dm: do not lock fs when the map is NULL in process of resume (git-fixes). * dm: remove flush_scheduled_work() during local_exit() (git-fixes). * dm: send just one event on resize, not two (git-fixes). * dma: xilinx_dpdma: Fix locking (git-fixes). * dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). * dmaengine: owl: fix register access functions (git-fixes). * dmaengine: tegra186: Fix residual calculation (git-fixes). * docs: Document the FAN_FS_ERROR event (stable-fixes). * drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). * drm/amd/display: Do not recursively call manual trigger programming (stable- fixes). * drm/amd/display: Fix nanosec stat overflow (stable-fixes). * drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). * drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). * drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). * drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). * drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). * drm/amdgpu: always force full reset for SOC21 (stable-fixes). * drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). * drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). * drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). * drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). * drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). * drm/ast: Fix soft lockup (git-fixes). * drm/client: Fully protect modes[] with dev->mode_config.mutex (stable- fixes). * drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git- fixes). * drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). * drm/i915: Disable port sync when bigjoiner is used (stable-fixes). * drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). * drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) * drm/panel: ili9341: Respect deferred probe (git-fixes). * drm/panel: ili9341: Use predefined error codes (git-fixes). * drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). * drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). * drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). * drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). * drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). * drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). * drm: nv04: Fix out of bounds access (git-fixes). * drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable- fixes). * dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). * fbdev: fix incorrect address computation in deferred IO (git-fixes). * fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). * fbmon: prevent division by zero in fb_videomode_from_videomode() (stable- fixes). * fix build warning * fuse: do not unhash root (bsc#1223951). * fuse: fix root lookup with nonzero generation (bsc#1223950). * hwmon: (amc6821) add of_match table (stable-fixes). * i2c: pxa: hide unused icr_bits[] variable (git-fixes). * i2c: smbus: fix NULL function pointer dereference (git-fixes). * i40e: Fix VF MAC filter removal (git-fixes). * idma64: Do not try to serve interrupts when device is powered off (git- fixes). * iio: accel: mxc4005: Interrupt handling fixes (git-fixes). * iio:imu: adis16475: Fix sync mode setting (git-fixes). * init/main.c: Fix potential static_command_line memory overflow (git-fixes). * iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). * iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes). * iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE (git-fixes). * iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). * iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). * iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). * iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). * iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes). * iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). * iommu/iova: Fix alloc iova overflows issue (git-fixes). * iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). * iommu/rockchip: Fix unwind goto issue (git-fixes). * iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). * iommu/vt-d: Allocate local memory for page request queue (git-fixes). * iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). * iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). * iommu: Fix error unwind in iommu_group_alloc() (git-fixes). * ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). * kABI: Adjust trace_iterator.wait_index (git-fixes). * kprobes: Fix double free of kretprobe_holder (bsc#1220901). * kprobes: Fix possible use-after-free issue on kprobe registration (git- fixes). * libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). * libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). * livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). * md/raid1: fix choose next idle in read_balance() (git-fixes). * md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). * md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git- fixes). * media: cec: core: remove length check of Timer Status (stable-fixes). * media: sta2x11: fix irq handler cast (stable-fixes). * mei: me: add arrow lake point H DID (stable-fixes). * mei: me: add arrow lake point S DID (stable-fixes). * mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). * mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). * mmc: sdhci-msm: pervent access to suspended controller (git-fixes). * mtd: diskonchip: work around ubsan link failure (stable-fixes). * nd_btt: Make BTT lanes preemptible (git-fixes). * net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). * net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). * net: fix skb leak in __skb_tstamp_tx() (git-fixes). * net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). * net: mld: fix reference count leak in mld_{query | report}_work() (git- fixes). * net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). * net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). * net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). * net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). * net: vlan: fix underflow for the real_dev refcnt (git-fixes). * netfilter: br_netfilter: Drop dst references before setting (git-fixes). * netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git- fixes). * netfilter: nft_ct: fix l3num expectations with inet pseudo family (git- fixes). * nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640). * nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). * nilfs2: fix OOB in nilfs_set_de_type (git-fixes). * nilfs2: fix OOB in nilfs_set_de_type (git-fixes). * nouveau: fix function cast warning (git-fixes). * nouveau: fix instmem race condition around ptr stores (git-fixes). * nvdimm/namespace: drop nested variable in create_namespace_pmem() (git- fixes). * nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). * nvdimm: Fix badblocks clear off-by-one error (git-fixes). * nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). * nvdimm: Fix firmware activation deadlock scenarios (git-fixes). * nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git- fixes). * pci_iounmap(): Fix MMIO mapping leak (git-fixes). * phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). * pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). * platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git- fixes). * platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). * powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). * powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). * powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). * powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). * powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). * powerpc: Refactor verification of MSR_RI (bsc#1223191). * printk: Add this_cpu_in_panic() (bsc#1223574). * printk: Adjust mapping for 32bit seq macros (bsc#1223574). * printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). * printk: Disable passing console lock owner completely during panic() (bsc#1223574). * printk: Drop console_sem during panic (bsc#1223574). * printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). * printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). * printk: Wait for all reserved records with pr_flush() (bsc#1223574). * printk: nbcon: Relocate 32bit seq macros (bsc#1223574). * printk: ringbuffer: Clarify special lpos values (bsc#1223574). * printk: ringbuffer: Cleanup reader terminology (bsc#1223574). * printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). * printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). * printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). * pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). * ring-buffer: Do not set shortest_full when full target is hit (git-fixes). * ring-buffer: Fix full_waiters_pending in poll (git-fixes). * ring-buffer: Fix resetting of shortest_full (git-fixes). * ring-buffer: Fix waking up ring buffer readers (git-fixes). * ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). * ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git- fixes). * ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). * s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). * s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). * s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). * s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). * s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). * s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). * s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). * s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). * s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). * s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238). * s390: Fixed kernel backtrack (bsc#1141539 git-fixes). * serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). * serial: core: Provide port lock wrappers (stable-fixes). * serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). * serial: mxs-auart: add spinlock around changing cts state (git-fixes). * slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). * speakup: Avoid crash on very long word (git-fixes). * speakup: Fix 8bit characters from direct synth (git-fixes). * tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). * thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). * thunderbolt: Fix wake configurations after device unplug (stable-fixes). * tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git- fixes). * tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). * tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). * tracing: Remove precision vsnprintf() check from print event (git-fixes). * tracing: Show size of requested perf buffer (git-fixes). * tracing: Use .flush() call to wake up readers (git-fixes). * usb: Disable USB3 LPM at shutdown (stable-fixes). * usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). * usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). * usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). * usb: gadget: f_fs: Fix a race condition when processing setup packets (git- fixes). * usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). * usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). * usb: ohci: Prevent missed ohci interrupts (git-fixes). * usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). * usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). * usb: typec: tcpm: Check for port partner validity before consuming it (git- fixes). * usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). * usb: typec: ucsi: Ack unsupported commands (stable-fixes). * usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). * usb: typec: ucsi: Fix connector check on init (git-fixes). * usb: udc: remove warning when queue disabled ep (stable-fixes). * vdpa/mlx5: Allow CVQ size changes (git-fixes). * virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). * wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). * wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git- fixes). * wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). * wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable- fixes). * wifi: nl80211: do not free NULL coalescing rule (git-fixes). * x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git- fixes). * x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). * x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). * x86/xen: Add some null pointer checking to smp.c (git-fixes). * x86/xen: add CPU dependencies for 32-bit build (git-fixes). * x86/xen: fix percpu vcpu_info allocation (git-fixes). * xen-netback: properly sync TX responses (git-fixes). * xen-netfront: Add missing skb_mark_for_recycle (git-fixes). * xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git- fixes). * xen/xenbus: document will_handle argument for xenbus_watch_path() (git- fixes). * xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-1663=1 openSUSE-SLE-15.5-2024-1663=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1663=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-1663=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-1663=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.52.1 * kernel-source-rt-5.14.21-150500.13.52.1 * openSUSE Leap 15.5 (x86_64) * gfs2-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.52.1 * kernel-livepatch-5_14_21-150500_13_52-rt-1-150500.11.5.1 * reiserfs-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.52.1 * kernel-rt-debugsource-5.14.21-150500.13.52.1 * dlm-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-optional-5.14.21-150500.13.52.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-extra-5.14.21-150500.13.52.1 * kernel-syms-rt-5.14.21-150500.13.52.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-1-150500.11.5.1 * kernel-rt_debug-devel-5.14.21-150500.13.52.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-5.14.21-150500.13.52.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.52.1 * kernel-rt-debuginfo-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-livepatch-5.14.21-150500.13.52.1 * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-1-150500.11.5.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kselftests-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-vdso-5.14.21-150500.13.52.1 * cluster-md-kmp-rt-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-devel-5.14.21-150500.13.52.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.52.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.52.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.52.1 * kernel-rt_debug-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-debugsource-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-source-rt-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_13_52-rt-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-1-150500.11.5.1 * SUSE Real Time Module 15-SP5 (x86_64) * gfs2-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.52.1 * kernel-rt-debugsource-5.14.21-150500.13.52.1 * dlm-kmp-rt-5.14.21-150500.13.52.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-syms-rt-5.14.21-150500.13.52.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-devel-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-5.14.21-150500.13.52.1 * kernel-rt-debuginfo-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-5.14.21-150500.13.52.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-vdso-5.14.21-150500.13.52.1 * cluster-md-kmp-rt-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-devel-5.14.21-150500.13.52.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.52.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-devel-rt-5.14.21-150500.13.52.1 * kernel-source-rt-5.14.21-150500.13.52.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.52.1 * kernel-rt_debug-5.14.21-150500.13.52.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47047.html * https://www.suse.com/security/cve/CVE-2021-47181.html * https://www.suse.com/security/cve/CVE-2021-47182.html * https://www.suse.com/security/cve/CVE-2021-47183.html * https://www.suse.com/security/cve/CVE-2021-47184.html * https://www.suse.com/security/cve/CVE-2021-47185.html * https://www.suse.com/security/cve/CVE-2021-47187.html * https://www.suse.com/security/cve/CVE-2021-47188.html * https://www.suse.com/security/cve/CVE-2021-47189.html * https://www.suse.com/security/cve/CVE-2021-47191.html * https://www.suse.com/security/cve/CVE-2021-47192.html * https://www.suse.com/security/cve/CVE-2021-47193.html * https://www.suse.com/security/cve/CVE-2021-47194.html * https://www.suse.com/security/cve/CVE-2021-47195.html * https://www.suse.com/security/cve/CVE-2021-47196.html * https://www.suse.com/security/cve/CVE-2021-47197.html * https://www.suse.com/security/cve/CVE-2021-47198.html * https://www.suse.com/security/cve/CVE-2021-47199.html * https://www.suse.com/security/cve/CVE-2021-47200.html * https://www.suse.com/security/cve/CVE-2021-47201.html * https://www.suse.com/security/cve/CVE-2021-47202.html * https://www.suse.com/security/cve/CVE-2021-47203.html * https://www.suse.com/security/cve/CVE-2021-47204.html * https://www.suse.com/security/cve/CVE-2021-47205.html * https://www.suse.com/security/cve/CVE-2021-47206.html * https://www.suse.com/security/cve/CVE-2021-47207.html * https://www.suse.com/security/cve/CVE-2021-47209.html * https://www.suse.com/security/cve/CVE-2021-47210.html * https://www.suse.com/security/cve/CVE-2021-47211.html * https://www.suse.com/security/cve/CVE-2021-47212.html * https://www.suse.com/security/cve/CVE-2021-47214.html * https://www.suse.com/security/cve/CVE-2021-47215.html * https://www.suse.com/security/cve/CVE-2021-47216.html * https://www.suse.com/security/cve/CVE-2021-47217.html * https://www.suse.com/security/cve/CVE-2021-47218.html * https://www.suse.com/security/cve/CVE-2021-47219.html * https://www.suse.com/security/cve/CVE-2022-48631.html * https://www.suse.com/security/cve/CVE-2022-48632.html * https://www.suse.com/security/cve/CVE-2022-48634.html * https://www.suse.com/security/cve/CVE-2022-48636.html * https://www.suse.com/security/cve/CVE-2022-48637.html * https://www.suse.com/security/cve/CVE-2022-48638.html * https://www.suse.com/security/cve/CVE-2022-48639.html * https://www.suse.com/security/cve/CVE-2022-48640.html * https://www.suse.com/security/cve/CVE-2022-48642.html * https://www.suse.com/security/cve/CVE-2022-48644.html * https://www.suse.com/security/cve/CVE-2022-48646.html * https://www.suse.com/security/cve/CVE-2022-48647.html * https://www.suse.com/security/cve/CVE-2022-48648.html * https://www.suse.com/security/cve/CVE-2022-48650.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48652.html * https://www.suse.com/security/cve/CVE-2022-48653.html * https://www.suse.com/security/cve/CVE-2022-48654.html * https://www.suse.com/security/cve/CVE-2022-48655.html * https://www.suse.com/security/cve/CVE-2022-48656.html * https://www.suse.com/security/cve/CVE-2022-48657.html * https://www.suse.com/security/cve/CVE-2022-48658.html * https://www.suse.com/security/cve/CVE-2022-48659.html * https://www.suse.com/security/cve/CVE-2022-48660.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2022-48663.html * https://www.suse.com/security/cve/CVE-2022-48667.html * https://www.suse.com/security/cve/CVE-2022-48668.html * https://www.suse.com/security/cve/CVE-2022-48671.html * https://www.suse.com/security/cve/CVE-2022-48672.html * https://www.suse.com/security/cve/CVE-2022-48673.html * https://www.suse.com/security/cve/CVE-2022-48675.html * https://www.suse.com/security/cve/CVE-2022-48686.html * https://www.suse.com/security/cve/CVE-2022-48687.html * https://www.suse.com/security/cve/CVE-2022-48688.html * https://www.suse.com/security/cve/CVE-2022-48690.html * https://www.suse.com/security/cve/CVE-2022-48692.html * https://www.suse.com/security/cve/CVE-2022-48693.html * https://www.suse.com/security/cve/CVE-2022-48694.html * https://www.suse.com/security/cve/CVE-2022-48695.html * https://www.suse.com/security/cve/CVE-2022-48697.html * https://www.suse.com/security/cve/CVE-2022-48698.html * https://www.suse.com/security/cve/CVE-2022-48700.html * https://www.suse.com/security/cve/CVE-2022-48701.html * https://www.suse.com/security/cve/CVE-2022-48702.html * https://www.suse.com/security/cve/CVE-2022-48703.html * https://www.suse.com/security/cve/CVE-2022-48704.html * https://www.suse.com/security/cve/CVE-2023-2860.html * https://www.suse.com/security/cve/CVE-2023-52488.html * https://www.suse.com/security/cve/CVE-2023-52503.html * https://www.suse.com/security/cve/CVE-2023-52561.html * https://www.suse.com/security/cve/CVE-2023-52585.html * https://www.suse.com/security/cve/CVE-2023-52589.html * https://www.suse.com/security/cve/CVE-2023-52590.html * https://www.suse.com/security/cve/CVE-2023-52591.html * https://www.suse.com/security/cve/CVE-2023-52593.html * https://www.suse.com/security/cve/CVE-2023-52614.html * https://www.suse.com/security/cve/CVE-2023-52616.html * https://www.suse.com/security/cve/CVE-2023-52620.html * https://www.suse.com/security/cve/CVE-2023-52627.html * https://www.suse.com/security/cve/CVE-2023-52635.html * https://www.suse.com/security/cve/CVE-2023-52636.html * https://www.suse.com/security/cve/CVE-2023-52645.html * https://www.suse.com/security/cve/CVE-2023-52652.html * https://www.suse.com/security/cve/CVE-2023-6270.html * https://www.suse.com/security/cve/CVE-2024-0639.html * https://www.suse.com/security/cve/CVE-2024-0841.html * https://www.suse.com/security/cve/CVE-2024-22099.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-23848.html * https://www.suse.com/security/cve/CVE-2024-23850.html * https://www.suse.com/security/cve/CVE-2024-26601.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26656.html * https://www.suse.com/security/cve/CVE-2024-26660.html * https://www.suse.com/security/cve/CVE-2024-26671.html * https://www.suse.com/security/cve/CVE-2024-26673.html * https://www.suse.com/security/cve/CVE-2024-26675.html * https://www.suse.com/security/cve/CVE-2024-26680.html * https://www.suse.com/security/cve/CVE-2024-26681.html * https://www.suse.com/security/cve/CVE-2024-26684.html * https://www.suse.com/security/cve/CVE-2024-26685.html * https://www.suse.com/security/cve/CVE-2024-26687.html * https://www.suse.com/security/cve/CVE-2024-26688.html * https://www.suse.com/security/cve/CVE-2024-26689.html * https://www.suse.com/security/cve/CVE-2024-26696.html * https://www.suse.com/security/cve/CVE-2024-26697.html * https://www.suse.com/security/cve/CVE-2024-26702.html * https://www.suse.com/security/cve/CVE-2024-26704.html * https://www.suse.com/security/cve/CVE-2024-26718.html * https://www.suse.com/security/cve/CVE-2024-26722.html * https://www.suse.com/security/cve/CVE-2024-26727.html * https://www.suse.com/security/cve/CVE-2024-26733.html * https://www.suse.com/security/cve/CVE-2024-26736.html * https://www.suse.com/security/cve/CVE-2024-26737.html * https://www.suse.com/security/cve/CVE-2024-26739.html * https://www.suse.com/security/cve/CVE-2024-26743.html * https://www.suse.com/security/cve/CVE-2024-26744.html * https://www.suse.com/security/cve/CVE-2024-26745.html * https://www.suse.com/security/cve/CVE-2024-26747.html * https://www.suse.com/security/cve/CVE-2024-26749.html * https://www.suse.com/security/cve/CVE-2024-26751.html * https://www.suse.com/security/cve/CVE-2024-26754.html * https://www.suse.com/security/cve/CVE-2024-26760.html * https://www.suse.com/security/cve/CVE-2024-267600.html * https://www.suse.com/security/cve/CVE-2024-26763.html * https://www.suse.com/security/cve/CVE-2024-26764.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26769.html * https://www.suse.com/security/cve/CVE-2024-26771.html * https://www.suse.com/security/cve/CVE-2024-26772.html * https://www.suse.com/security/cve/CVE-2024-26773.html * https://www.suse.com/security/cve/CVE-2024-26776.html * https://www.suse.com/security/cve/CVE-2024-26779.html * https://www.suse.com/security/cve/CVE-2024-26783.html * https://www.suse.com/security/cve/CVE-2024-26787.html * https://www.suse.com/security/cve/CVE-2024-26790.html * https://www.suse.com/security/cve/CVE-2024-26792.html * https://www.suse.com/security/cve/CVE-2024-26793.html * https://www.suse.com/security/cve/CVE-2024-26798.html * https://www.suse.com/security/cve/CVE-2024-26805.html * https://www.suse.com/security/cve/CVE-2024-26807.html * https://www.suse.com/security/cve/CVE-2024-26816.html * https://www.suse.com/security/cve/CVE-2024-26817.html * https://www.suse.com/security/cve/CVE-2024-26820.html * https://www.suse.com/security/cve/CVE-2024-26825.html * https://www.suse.com/security/cve/CVE-2024-26830.html * https://www.suse.com/security/cve/CVE-2024-26833.html * https://www.suse.com/security/cve/CVE-2024-26836.html * https://www.suse.com/security/cve/CVE-2024-26843.html * https://www.suse.com/security/cve/CVE-2024-26848.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26853.html * https://www.suse.com/security/cve/CVE-2024-26855.html * https://www.suse.com/security/cve/CVE-2024-26856.html * https://www.suse.com/security/cve/CVE-2024-26857.html * https://www.suse.com/security/cve/CVE-2024-26861.html * https://www.suse.com/security/cve/CVE-2024-26862.html * https://www.suse.com/security/cve/CVE-2024-26866.html * https://www.suse.com/security/cve/CVE-2024-26872.html * https://www.suse.com/security/cve/CVE-2024-26875.html * https://www.suse.com/security/cve/CVE-2024-26878.html * https://www.suse.com/security/cve/CVE-2024-26879.html * https://www.suse.com/security/cve/CVE-2024-26881.html * https://www.suse.com/security/cve/CVE-2024-26882.html * https://www.suse.com/security/cve/CVE-2024-26883.html * https://www.suse.com/security/cve/CVE-2024-26884.html * https://www.suse.com/security/cve/CVE-2024-26885.html * https://www.suse.com/security/cve/CVE-2024-26891.html * https://www.suse.com/security/cve/CVE-2024-26893.html * https://www.suse.com/security/cve/CVE-2024-26895.html * https://www.suse.com/security/cve/CVE-2024-26896.html * https://www.suse.com/security/cve/CVE-2024-26897.html * https://www.suse.com/security/cve/CVE-2024-26898.html * https://www.suse.com/security/cve/CVE-2024-26901.html * https://www.suse.com/security/cve/CVE-2024-26903.html * https://www.suse.com/security/cve/CVE-2024-26917.html * https://www.suse.com/security/cve/CVE-2024-26927.html * https://www.suse.com/security/cve/CVE-2024-26948.html * https://www.suse.com/security/cve/CVE-2024-26950.html * https://www.suse.com/security/cve/CVE-2024-26951.html * https://www.suse.com/security/cve/CVE-2024-26955.html * https://www.suse.com/security/cve/CVE-2024-26956.html * https://www.suse.com/security/cve/CVE-2024-26960.html * https://www.suse.com/security/cve/CVE-2024-26965.html * https://www.suse.com/security/cve/CVE-2024-26966.html * https://www.suse.com/security/cve/CVE-2024-26969.html * https://www.suse.com/security/cve/CVE-2024-26970.html * https://www.suse.com/security/cve/CVE-2024-26972.html * https://www.suse.com/security/cve/CVE-2024-26981.html * https://www.suse.com/security/cve/CVE-2024-26982.html * https://www.suse.com/security/cve/CVE-2024-26993.html * https://www.suse.com/security/cve/CVE-2024-27013.html * https://www.suse.com/security/cve/CVE-2024-27014.html * https://www.suse.com/security/cve/CVE-2024-27030.html * https://www.suse.com/security/cve/CVE-2024-27038.html * https://www.suse.com/security/cve/CVE-2024-27039.html * https://www.suse.com/security/cve/CVE-2024-27041.html * https://www.suse.com/security/cve/CVE-2024-27043.html * https://www.suse.com/security/cve/CVE-2024-27046.html * https://www.suse.com/security/cve/CVE-2024-27056.html * https://www.suse.com/security/cve/CVE-2024-27062.html * https://www.suse.com/security/cve/CVE-2024-27389.html * https://bugzilla.suse.com/show_bug.cgi?id=1141539 * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1190576 * https://bugzilla.suse.com/show_bug.cgi?id=1192145 * https://bugzilla.suse.com/show_bug.cgi?id=1192837 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1196869 * https://bugzilla.suse.com/show_bug.cgi?id=1200313 * https://bugzilla.suse.com/show_bug.cgi?id=1201308 * https://bugzilla.suse.com/show_bug.cgi?id=1201489 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1203935 * https://bugzilla.suse.com/show_bug.cgi?id=1204614 * https://bugzilla.suse.com/show_bug.cgi?id=1207361 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1213573 * https://bugzilla.suse.com/show_bug.cgi?id=1217408 * https://bugzilla.suse.com/show_bug.cgi?id=1218562 * https://bugzilla.suse.com/show_bug.cgi?id=1218917 * https://bugzilla.suse.com/show_bug.cgi?id=1219104 * https://bugzilla.suse.com/show_bug.cgi?id=1219126 * https://bugzilla.suse.com/show_bug.cgi?id=1219141 * https://bugzilla.suse.com/show_bug.cgi?id=1219169 * https://bugzilla.suse.com/show_bug.cgi?id=1219170 * https://bugzilla.suse.com/show_bug.cgi?id=1219264 * https://bugzilla.suse.com/show_bug.cgi?id=1220342 * https://bugzilla.suse.com/show_bug.cgi?id=1220492 * https://bugzilla.suse.com/show_bug.cgi?id=1220569 * https://bugzilla.suse.com/show_bug.cgi?id=1220761 * https://bugzilla.suse.com/show_bug.cgi?id=1220901 * https://bugzilla.suse.com/show_bug.cgi?id=1220915 * https://bugzilla.suse.com/show_bug.cgi?id=1220935 * https://bugzilla.suse.com/show_bug.cgi?id=1221042 * https://bugzilla.suse.com/show_bug.cgi?id=1221044 * https://bugzilla.suse.com/show_bug.cgi?id=1221080 * https://bugzilla.suse.com/show_bug.cgi?id=1221084 * https://bugzilla.suse.com/show_bug.cgi?id=1221088 * https://bugzilla.suse.com/show_bug.cgi?id=1221162 * https://bugzilla.suse.com/show_bug.cgi?id=1221299 * https://bugzilla.suse.com/show_bug.cgi?id=1221612 * https://bugzilla.suse.com/show_bug.cgi?id=1221617 * https://bugzilla.suse.com/show_bug.cgi?id=1221645 * https://bugzilla.suse.com/show_bug.cgi?id=1221791 * https://bugzilla.suse.com/show_bug.cgi?id=1221825 * https://bugzilla.suse.com/show_bug.cgi?id=1222011 * https://bugzilla.suse.com/show_bug.cgi?id=1222051 * https://bugzilla.suse.com/show_bug.cgi?id=1222247 * https://bugzilla.suse.com/show_bug.cgi?id=1222266 * https://bugzilla.suse.com/show_bug.cgi?id=1222294 * https://bugzilla.suse.com/show_bug.cgi?id=1222307 * https://bugzilla.suse.com/show_bug.cgi?id=1222357 * https://bugzilla.suse.com/show_bug.cgi?id=1222368 * https://bugzilla.suse.com/show_bug.cgi?id=1222379 * https://bugzilla.suse.com/show_bug.cgi?id=1222416 * https://bugzilla.suse.com/show_bug.cgi?id=1222422 * https://bugzilla.suse.com/show_bug.cgi?id=1222424 * https://bugzilla.suse.com/show_bug.cgi?id=1222427 * https://bugzilla.suse.com/show_bug.cgi?id=1222428 * https://bugzilla.suse.com/show_bug.cgi?id=1222430 * https://bugzilla.suse.com/show_bug.cgi?id=1222431 * https://bugzilla.suse.com/show_bug.cgi?id=1222435 * https://bugzilla.suse.com/show_bug.cgi?id=1222437 * https://bugzilla.suse.com/show_bug.cgi?id=1222445 * https://bugzilla.suse.com/show_bug.cgi?id=1222449 * https://bugzilla.suse.com/show_bug.cgi?id=1222482 * https://bugzilla.suse.com/show_bug.cgi?id=1222503 * https://bugzilla.suse.com/show_bug.cgi?id=1222520 * https://bugzilla.suse.com/show_bug.cgi?id=1222536 * https://bugzilla.suse.com/show_bug.cgi?id=1222549 * https://bugzilla.suse.com/show_bug.cgi?id=1222550 * https://bugzilla.suse.com/show_bug.cgi?id=1222557 * https://bugzilla.suse.com/show_bug.cgi?id=1222559 * https://bugzilla.suse.com/show_bug.cgi?id=1222585 * https://bugzilla.suse.com/show_bug.cgi?id=1222586 * https://bugzilla.suse.com/show_bug.cgi?id=1222596 * https://bugzilla.suse.com/show_bug.cgi?id=1222609 * https://bugzilla.suse.com/show_bug.cgi?id=1222610 * https://bugzilla.suse.com/show_bug.cgi?id=1222613 * https://bugzilla.suse.com/show_bug.cgi?id=1222615 * https://bugzilla.suse.com/show_bug.cgi?id=1222618 * https://bugzilla.suse.com/show_bug.cgi?id=1222624 * https://bugzilla.suse.com/show_bug.cgi?id=1222630 * https://bugzilla.suse.com/show_bug.cgi?id=1222632 * https://bugzilla.suse.com/show_bug.cgi?id=1222660 * https://bugzilla.suse.com/show_bug.cgi?id=1222662 * https://bugzilla.suse.com/show_bug.cgi?id=1222664 * https://bugzilla.suse.com/show_bug.cgi?id=1222666 * https://bugzilla.suse.com/show_bug.cgi?id=1222669 * https://bugzilla.suse.com/show_bug.cgi?id=1222671 * https://bugzilla.suse.com/show_bug.cgi?id=1222677 * https://bugzilla.suse.com/show_bug.cgi?id=1222678 * https://bugzilla.suse.com/show_bug.cgi?id=1222680 * https://bugzilla.suse.com/show_bug.cgi?id=1222703 * https://bugzilla.suse.com/show_bug.cgi?id=1222704 * https://bugzilla.suse.com/show_bug.cgi?id=1222706 * https://bugzilla.suse.com/show_bug.cgi?id=1222709 * https://bugzilla.suse.com/show_bug.cgi?id=1222710 * https://bugzilla.suse.com/show_bug.cgi?id=1222720 * https://bugzilla.suse.com/show_bug.cgi?id=1222721 * https://bugzilla.suse.com/show_bug.cgi?id=1222724 * https://bugzilla.suse.com/show_bug.cgi?id=1222726 * https://bugzilla.suse.com/show_bug.cgi?id=1222727 * https://bugzilla.suse.com/show_bug.cgi?id=1222764 * https://bugzilla.suse.com/show_bug.cgi?id=1222772 * https://bugzilla.suse.com/show_bug.cgi?id=1222773 * https://bugzilla.suse.com/show_bug.cgi?id=1222776 * https://bugzilla.suse.com/show_bug.cgi?id=1222781 * https://bugzilla.suse.com/show_bug.cgi?id=1222784 * https://bugzilla.suse.com/show_bug.cgi?id=1222785 * https://bugzilla.suse.com/show_bug.cgi?id=1222787 * https://bugzilla.suse.com/show_bug.cgi?id=1222790 * https://bugzilla.suse.com/show_bug.cgi?id=1222791 * https://bugzilla.suse.com/show_bug.cgi?id=1222792 * https://bugzilla.suse.com/show_bug.cgi?id=1222796 * https://bugzilla.suse.com/show_bug.cgi?id=1222798 * https://bugzilla.suse.com/show_bug.cgi?id=1222801 * https://bugzilla.suse.com/show_bug.cgi?id=1222812 * https://bugzilla.suse.com/show_bug.cgi?id=1222824 * https://bugzilla.suse.com/show_bug.cgi?id=1222829 * https://bugzilla.suse.com/show_bug.cgi?id=1222832 * https://bugzilla.suse.com/show_bug.cgi?id=1222836 * https://bugzilla.suse.com/show_bug.cgi?id=1222838 * https://bugzilla.suse.com/show_bug.cgi?id=1222866 * https://bugzilla.suse.com/show_bug.cgi?id=1222867 * https://bugzilla.suse.com/show_bug.cgi?id=1222869 * https://bugzilla.suse.com/show_bug.cgi?id=1222876 * https://bugzilla.suse.com/show_bug.cgi?id=1222878 * https://bugzilla.suse.com/show_bug.cgi?id=1222879 * https://bugzilla.suse.com/show_bug.cgi?id=1222881 * https://bugzilla.suse.com/show_bug.cgi?id=1222883 * https://bugzilla.suse.com/show_bug.cgi?id=1222888 * https://bugzilla.suse.com/show_bug.cgi?id=1222894 * https://bugzilla.suse.com/show_bug.cgi?id=1222901 * https://bugzilla.suse.com/show_bug.cgi?id=1222968 * https://bugzilla.suse.com/show_bug.cgi?id=1223012 * https://bugzilla.suse.com/show_bug.cgi?id=1223014 * https://bugzilla.suse.com/show_bug.cgi?id=1223016 * https://bugzilla.suse.com/show_bug.cgi?id=1223024 * https://bugzilla.suse.com/show_bug.cgi?id=1223030 * https://bugzilla.suse.com/show_bug.cgi?id=1223033 * https://bugzilla.suse.com/show_bug.cgi?id=1223034 * https://bugzilla.suse.com/show_bug.cgi?id=1223035 * https://bugzilla.suse.com/show_bug.cgi?id=1223036 * https://bugzilla.suse.com/show_bug.cgi?id=1223037 * https://bugzilla.suse.com/show_bug.cgi?id=1223041 * https://bugzilla.suse.com/show_bug.cgi?id=1223042 * https://bugzilla.suse.com/show_bug.cgi?id=1223051 * https://bugzilla.suse.com/show_bug.cgi?id=1223052 * https://bugzilla.suse.com/show_bug.cgi?id=1223056 * https://bugzilla.suse.com/show_bug.cgi?id=1223057 * https://bugzilla.suse.com/show_bug.cgi?id=1223058 * https://bugzilla.suse.com/show_bug.cgi?id=1223060 * https://bugzilla.suse.com/show_bug.cgi?id=1223061 * https://bugzilla.suse.com/show_bug.cgi?id=1223065 * https://bugzilla.suse.com/show_bug.cgi?id=1223066 * https://bugzilla.suse.com/show_bug.cgi?id=1223067 * https://bugzilla.suse.com/show_bug.cgi?id=1223068 * https://bugzilla.suse.com/show_bug.cgi?id=1223076 * https://bugzilla.suse.com/show_bug.cgi?id=1223078 * https://bugzilla.suse.com/show_bug.cgi?id=1223111 * https://bugzilla.suse.com/show_bug.cgi?id=1223115 * https://bugzilla.suse.com/show_bug.cgi?id=1223118 * https://bugzilla.suse.com/show_bug.cgi?id=1223187 * https://bugzilla.suse.com/show_bug.cgi?id=1223189 * https://bugzilla.suse.com/show_bug.cgi?id=1223190 * https://bugzilla.suse.com/show_bug.cgi?id=1223191 * https://bugzilla.suse.com/show_bug.cgi?id=1223196 * https://bugzilla.suse.com/show_bug.cgi?id=1223197 * https://bugzilla.suse.com/show_bug.cgi?id=1223198 * https://bugzilla.suse.com/show_bug.cgi?id=1223275 * https://bugzilla.suse.com/show_bug.cgi?id=1223323 * https://bugzilla.suse.com/show_bug.cgi?id=1223369 * https://bugzilla.suse.com/show_bug.cgi?id=1223380 * https://bugzilla.suse.com/show_bug.cgi?id=1223473 * https://bugzilla.suse.com/show_bug.cgi?id=1223474 * https://bugzilla.suse.com/show_bug.cgi?id=1223475 * https://bugzilla.suse.com/show_bug.cgi?id=1223477 * https://bugzilla.suse.com/show_bug.cgi?id=1223478 * https://bugzilla.suse.com/show_bug.cgi?id=1223479 * https://bugzilla.suse.com/show_bug.cgi?id=1223481 * https://bugzilla.suse.com/show_bug.cgi?id=1223482 * https://bugzilla.suse.com/show_bug.cgi?id=1223484 * https://bugzilla.suse.com/show_bug.cgi?id=1223487 * https://bugzilla.suse.com/show_bug.cgi?id=1223490 * https://bugzilla.suse.com/show_bug.cgi?id=1223496 * https://bugzilla.suse.com/show_bug.cgi?id=1223498 * https://bugzilla.suse.com/show_bug.cgi?id=1223499 * https://bugzilla.suse.com/show_bug.cgi?id=1223501 * https://bugzilla.suse.com/show_bug.cgi?id=1223502 * https://bugzilla.suse.com/show_bug.cgi?id=1223503 * https://bugzilla.suse.com/show_bug.cgi?id=1223505 * https://bugzilla.suse.com/show_bug.cgi?id=1223509 * https://bugzilla.suse.com/show_bug.cgi?id=1223511 * https://bugzilla.suse.com/show_bug.cgi?id=1223512 * https://bugzilla.suse.com/show_bug.cgi?id=1223513 * https://bugzilla.suse.com/show_bug.cgi?id=1223516 * https://bugzilla.suse.com/show_bug.cgi?id=1223517 * https://bugzilla.suse.com/show_bug.cgi?id=1223518 * https://bugzilla.suse.com/show_bug.cgi?id=1223519 * https://bugzilla.suse.com/show_bug.cgi?id=1223520 * https://bugzilla.suse.com/show_bug.cgi?id=1223522 * https://bugzilla.suse.com/show_bug.cgi?id=1223523 * https://bugzilla.suse.com/show_bug.cgi?id=1223525 * https://bugzilla.suse.com/show_bug.cgi?id=1223536 * https://bugzilla.suse.com/show_bug.cgi?id=1223539 * https://bugzilla.suse.com/show_bug.cgi?id=1223574 * https://bugzilla.suse.com/show_bug.cgi?id=1223595 * https://bugzilla.suse.com/show_bug.cgi?id=1223598 * https://bugzilla.suse.com/show_bug.cgi?id=1223634 * https://bugzilla.suse.com/show_bug.cgi?id=1223640 * https://bugzilla.suse.com/show_bug.cgi?id=1223643 * https://bugzilla.suse.com/show_bug.cgi?id=1223644 * https://bugzilla.suse.com/show_bug.cgi?id=1223645 * https://bugzilla.suse.com/show_bug.cgi?id=1223646 * https://bugzilla.suse.com/show_bug.cgi?id=1223648 * https://bugzilla.suse.com/show_bug.cgi?id=1223655 * https://bugzilla.suse.com/show_bug.cgi?id=1223657 * https://bugzilla.suse.com/show_bug.cgi?id=1223660 * https://bugzilla.suse.com/show_bug.cgi?id=1223661 * https://bugzilla.suse.com/show_bug.cgi?id=1223663 * https://bugzilla.suse.com/show_bug.cgi?id=1223664 * https://bugzilla.suse.com/show_bug.cgi?id=1223668 * https://bugzilla.suse.com/show_bug.cgi?id=1223686 * https://bugzilla.suse.com/show_bug.cgi?id=1223693 * https://bugzilla.suse.com/show_bug.cgi?id=1223705 * https://bugzilla.suse.com/show_bug.cgi?id=1223714 * https://bugzilla.suse.com/show_bug.cgi?id=1223735 * https://bugzilla.suse.com/show_bug.cgi?id=1223745 * https://bugzilla.suse.com/show_bug.cgi?id=1223784 * https://bugzilla.suse.com/show_bug.cgi?id=1223785 * https://bugzilla.suse.com/show_bug.cgi?id=1223790 * https://bugzilla.suse.com/show_bug.cgi?id=1223816 * https://bugzilla.suse.com/show_bug.cgi?id=1223821 * https://bugzilla.suse.com/show_bug.cgi?id=1223822 * https://bugzilla.suse.com/show_bug.cgi?id=1223824 * https://bugzilla.suse.com/show_bug.cgi?id=1223827 * https://bugzilla.suse.com/show_bug.cgi?id=1223834 * https://bugzilla.suse.com/show_bug.cgi?id=1223875 * https://bugzilla.suse.com/show_bug.cgi?id=1223876 * https://bugzilla.suse.com/show_bug.cgi?id=1223877 * https://bugzilla.suse.com/show_bug.cgi?id=1223878 * https://bugzilla.suse.com/show_bug.cgi?id=1223879 * https://bugzilla.suse.com/show_bug.cgi?id=1223894 * https://bugzilla.suse.com/show_bug.cgi?id=1223921 * https://bugzilla.suse.com/show_bug.cgi?id=1223922 * https://bugzilla.suse.com/show_bug.cgi?id=1223923 * https://bugzilla.suse.com/show_bug.cgi?id=1223924 * https://bugzilla.suse.com/show_bug.cgi?id=1223929 * https://bugzilla.suse.com/show_bug.cgi?id=1223931 * https://bugzilla.suse.com/show_bug.cgi?id=1223932 * https://bugzilla.suse.com/show_bug.cgi?id=1223934 * https://bugzilla.suse.com/show_bug.cgi?id=1223941 * https://bugzilla.suse.com/show_bug.cgi?id=1223948 * https://bugzilla.suse.com/show_bug.cgi?id=1223949 * https://bugzilla.suse.com/show_bug.cgi?id=1223950 * https://bugzilla.suse.com/show_bug.cgi?id=1223951 * https://bugzilla.suse.com/show_bug.cgi?id=1223952 * https://bugzilla.suse.com/show_bug.cgi?id=1223953 * https://bugzilla.suse.com/show_bug.cgi?id=1223956 * https://bugzilla.suse.com/show_bug.cgi?id=1223957 * https://bugzilla.suse.com/show_bug.cgi?id=1223960 * https://bugzilla.suse.com/show_bug.cgi?id=1223962 * https://bugzilla.suse.com/show_bug.cgi?id=1223963 * https://bugzilla.suse.com/show_bug.cgi?id=1223964 * https://jira.suse.com/browse/PED-1166 * https://jira.suse.com/browse/PED-1168 * https://jira.suse.com/browse/PED-1170 * https://jira.suse.com/browse/PED-1218 * https://jira.suse.com/browse/PED-1220 * https://jira.suse.com/browse/PED-1222 * https://jira.suse.com/browse/PED-1223 * https://jira.suse.com/browse/PED-1225 * https://jira.suse.com/browse/PED-1565 * https://jira.suse.com/browse/PED-2849 * https://jira.suse.com/browse/PED-376 * https://jira.suse.com/browse/PED-542 * https://jira.suse.com/browse/PED-7167 * https://jira.suse.com/browse/PED-7619 * https://jira.suse.com/browse/SLE-18378 * https://jira.suse.com/browse/SLE-18383 * https://jira.suse.com/browse/SLE-18385 * https://jira.suse.com/browse/SLE-18978 * https://jira.suse.com/browse/SLE-19249 * https://jira.suse.com/browse/SLE-19253

1 0

SUSE-SU-2024:1855-1: important: Security update for python-PyMySQL
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-PyMySQL Announcement ID: SUSE-SU-2024:1855-1 Rating: important References: * bsc#1225070 Cross-References: * CVE-2024-36039 CVSS scores: * CVE-2024-36039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyMySQL fixes the following issues: * CVE-2024-36039: Fixed SQL injection if used with untrusted JSON input (bsc#1225070). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1855=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1855=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1855=1 ## Package List: * openSUSE Leap 15.5 (noarch) * python3-PyMySQL-0.7.11-150000.3.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * python3-PyMySQL-0.7.11-150000.3.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * python3-PyMySQL-0.7.11-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36039.html * https://bugzilla.suse.com/show_bug.cgi?id=1225070

1 0

SUSE-SU-2024:1856-1: important: Security update for freerdp
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for freerdp Announcement ID: SUSE-SU-2024:1856-1 Rating: important References: * bsc#1223346 * bsc#1223347 * bsc#1223348 * bsc#1223353 Cross-References: * CVE-2024-32658 * CVE-2024-32659 * CVE-2024-32660 * CVE-2024-32661 CVSS scores: * CVE-2024-32658 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-32659 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2024-32660 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-32661 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353). * CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))` (bsc#1223346) * CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347) * CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1856=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1856=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1856=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1856=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1856=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1856=1 ## Package List: * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * freerdp-wayland-2.4.0-150400.3.32.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * freerdp-server-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * uwac0-0-devel-2.4.0-150400.3.32.1 * freerdp-server-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-2.4.0-150400.3.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * freerdp-wayland-2.4.0-150400.3.32.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * freerdp-server-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * uwac0-0-devel-2.4.0-150400.3.32.1 * freerdp-server-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-2.4.0-150400.3.32.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * freerdp-wayland-2.4.0-150400.3.32.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * freerdp-server-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * uwac0-0-devel-2.4.0-150400.3.32.1 * freerdp-server-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-2.4.0-150400.3.32.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32658.html * https://www.suse.com/security/cve/CVE-2024-32659.html * https://www.suse.com/security/cve/CVE-2024-32660.html * https://www.suse.com/security/cve/CVE-2024-32661.html * https://bugzilla.suse.com/show_bug.cgi?id=1223346 * https://bugzilla.suse.com/show_bug.cgi?id=1223347 * https://bugzilla.suse.com/show_bug.cgi?id=1223348 * https://bugzilla.suse.com/show_bug.cgi?id=1223353

1 0

SUSE-SU-2024:1857-1: moderate: Security update for python-requests
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-requests Announcement ID: SUSE-SU-2024:1857-1 Rating: moderate References: * bsc#1224788 Cross-References: * CVE-2024-35195 CVSS scores: * CVE-2024-35195 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1857=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1857=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1857=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1857=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1857=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1857=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-requests-2.31.0-150400.6.12.1 * openSUSE Leap 15.5 (noarch) * python311-requests-2.31.0-150400.6.12.1 * openSUSE Leap 15.6 (noarch) * python311-requests-2.31.0-150400.6.12.1 * Public Cloud Module 15-SP4 (noarch) * python311-requests-2.31.0-150400.6.12.1 * Python 3 Module 15-SP5 (noarch) * python311-requests-2.31.0-150400.6.12.1 * Python 3 Module 15-SP6 (noarch) * python311-requests-2.31.0-150400.6.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35195.html * https://bugzilla.suse.com/show_bug.cgi?id=1224788

1 0

SUSE-SU-2024:1858-1: important: Security update for MozillaThunderbird
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for MozillaThunderbird Announcement ID: SUSE-SU-2024:1858-1 Rating: important References: * bsc#1224056 Cross-References: * CVE-2024-4367 * CVE-2024-4767 * CVE-2024-4768 * CVE-2024-4769 * CVE-2024-4770 * CVE-2024-4777 CVSS scores: * CVE-2024-4367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-4767 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-4768 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-4769 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-4770 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-4777 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to version 115.11 (bsc#1224056): * CVE-2024-4367: Arbitrary JavaScript execution in PDF.js * CVE-2024-4767: IndexedDB files retained in private browsing mode * CVE-2024-4768: Potential permissions request bypass via clickjacking * CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770: Use-after-free could occur when printing to PDF * CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 * fixed: Splitter arrow between task list and task description did not behave as expected * fixed: Calendar Event Attendees dialog had incorrectly sized rows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1858=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1858=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1858=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1858=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1858=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1858=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-1858=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4367.html * https://www.suse.com/security/cve/CVE-2024-4767.html * https://www.suse.com/security/cve/CVE-2024-4768.html * https://www.suse.com/security/cve/CVE-2024-4769.html * https://www.suse.com/security/cve/CVE-2024-4770.html * https://www.suse.com/security/cve/CVE-2024-4777.html * https://bugzilla.suse.com/show_bug.cgi?id=1224056

1 0

SUSE-SU-2024:1859-1: important: Security update for java-1_8_0-ibm
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2024:1859-1 Rating: important References: * bsc#1222979 * bsc#1222983 * bsc#1222984 * bsc#1222986 * bsc#1222987 * bsc#1223470 * bsc#1224164 Cross-References: * CVE-2023-38264 * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21085 * CVE-2024-21094 CVSS scores: * CVE-2023-38264 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): * CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164). * CVE-2024-21094: Fixed C2 compilation fails with "Exceeded _node_regs array" (bsc#1222986). * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). * CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). * CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979). * CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1859=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1859=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-1859=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1859=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1859=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1859=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1859=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1859=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1859=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1859=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1859=1 ## Package List: * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-src-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.6 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.6 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-src-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP6 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP6 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP6 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38264.html * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21085.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222984 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987 * https://bugzilla.suse.com/show_bug.cgi?id=1223470 * https://bugzilla.suse.com/show_bug.cgi?id=1224164

1 0

SUSE-SU-2024:1860-1: important: Security update for uriparser
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for uriparser Announcement ID: SUSE-SU-2024:1860-1 Rating: important References: * bsc#1223887 * bsc#1223888 Cross-References: * CVE-2024-34402 * CVE-2024-34403 CVSS scores: * CVE-2024-34402 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2024-34403 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for uriparser fixes the following issues: * CVE-2024-34402: Fixed integer overflow protection in ComposeQueryEngine (bsc#1223887). * CVE-2024-34403: Fixed integer overflow protection in ComposeQueryMallocExMm (bsc#1223888). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1860=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1860=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1860=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1860=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * openSUSE Leap 15.5 (x86_64) * liburiparser1-32bit-debuginfo-0.8.5-150000.3.8.1 * liburiparser1-32bit-0.8.5-150000.3.8.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * openSUSE Leap 15.6 (x86_64) * liburiparser1-32bit-debuginfo-0.8.5-150000.3.8.1 * liburiparser1-32bit-0.8.5-150000.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34402.html * https://www.suse.com/security/cve/CVE-2024-34403.html * https://bugzilla.suse.com/show_bug.cgi?id=1223887 * https://bugzilla.suse.com/show_bug.cgi?id=1223888

1 0

SUSE-SU-2024:1861-1: important: Security update for python3-sqlparse
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python3-sqlparse Announcement ID: SUSE-SU-2024:1861-1 Rating: important References: * bsc#1223603 Cross-References: * CVE-2024-4340 CVSS scores: * CVE-2024-4340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.3 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-sqlparse fixes the following issues: * CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1861=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1861=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1861=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1861=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1861=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1861=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1861=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1861=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1861=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1861=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * openSUSE Leap 15.5 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * Basesystem Module 15-SP5 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * Basesystem Module 15-SP6 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Proxy 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Server 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-sqlparse-0.4.2-150300.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4340.html * https://bugzilla.suse.com/show_bug.cgi?id=1223603

1 0

SUSE-SU-2024:1862-1: moderate: Security update for python
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python Announcement ID: SUSE-SU-2024:1862-1 Rating: moderate References: * bsc#1214675 * bsc#1219306 * bsc#1219559 * bsc#1220970 * bsc#1221854 * bsc#1222537 Cross-References: * CVE-2022-48560 * CVE-2023-27043 * CVE-2023-52425 * CVE-2024-0450 CVSS scores: * CVE-2022-48560 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48560 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-52425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52425 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0450 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for python fixes the following issues: * CVE-2023-52425: Fixed using the system libexpat (bsc#1219559). * CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr() (bsc#1222537). * CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq (bsc#1214675). * CVE-2024-0450: Detect the vulnerability of the "quoted-overlap" zipbomb (bsc#1221854). Bug fixes: * Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306). * Build with -std=gnu89 to build correctly with gcc14 (bsc#1220970). * Switch from %patchN style to the %patch -P N one. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1862=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1862=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1862=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1862=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-devel-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-idle-2.7.18-150000.65.1 * python-demo-2.7.18-150000.65.1 * python-tk-debuginfo-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-tk-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 * openSUSE Leap 15.5 (x86_64) * python-32bit-2.7.18-150000.65.1 * python-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-2.7.18-150000.65.1 * openSUSE Leap 15.5 (noarch) * python-doc-2.7.18-150000.65.1 * python-doc-pdf-2.7.18-150000.65.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-devel-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-idle-2.7.18-150000.65.1 * python-demo-2.7.18-150000.65.1 * python-tk-debuginfo-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-tk-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 * openSUSE Leap 15.6 (x86_64) * python-32bit-2.7.18-150000.65.1 * python-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-2.7.18-150000.65.1 * openSUSE Leap 15.6 (noarch) * python-doc-2.7.18-150000.65.1 * python-doc-pdf-2.7.18-150000.65.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-devel-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48560.html * https://www.suse.com/security/cve/CVE-2023-27043.html * https://www.suse.com/security/cve/CVE-2023-52425.html * https://www.suse.com/security/cve/CVE-2024-0450.html * https://bugzilla.suse.com/show_bug.cgi?id=1214675 * https://bugzilla.suse.com/show_bug.cgi?id=1219306 * https://bugzilla.suse.com/show_bug.cgi?id=1219559 * https://bugzilla.suse.com/show_bug.cgi?id=1220970 * https://bugzilla.suse.com/show_bug.cgi?id=1221854 * https://bugzilla.suse.com/show_bug.cgi?id=1222537

1 0

SUSE-SU-2024:1863-1: moderate: Security update for python-Jinja2
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-Jinja2 Announcement ID: SUSE-SU-2024:1863-1 Rating: moderate References: * bsc#1218722 * bsc#1223980 Cross-References: * CVE-2024-22195 * CVE-2024-34064 CVSS scores: * CVE-2024-22195 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-22195 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-34064 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Jinja2 fixes the following issues: * Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1863=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1863=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1863=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1863=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1863=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1863=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1863=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1863=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1863=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1863=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1863=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1863=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1863=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * openSUSE Leap Micro 5.4 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * openSUSE Leap 15.5 (noarch) * python-Jinja2-emacs-2.10.1-150000.3.13.1 * python-Jinja2-vim-2.10.1-150000.3.13.1 * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * Basesystem Module 15-SP5 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * Basesystem Module 15-SP6 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22195.html * https://www.suse.com/security/cve/CVE-2024-34064.html * https://bugzilla.suse.com/show_bug.cgi?id=1218722 * https://bugzilla.suse.com/show_bug.cgi?id=1223980

1 0

SUSE-SU-2024:1864-1: moderate: Security update for python-Jinja2
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-Jinja2 Announcement ID: SUSE-SU-2024:1864-1 Rating: moderate References: * bsc#1218722 * bsc#1223980 Cross-References: * CVE-2024-22195 * CVE-2024-34064 CVSS scores: * CVE-2024-22195 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-22195 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-34064 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Jinja2 fixes the following issues: * Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1864=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1864=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1864=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1864=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1864=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-Jinja2-3.1.2-150400.12.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22195.html * https://www.suse.com/security/cve/CVE-2024-34064.html * https://bugzilla.suse.com/show_bug.cgi?id=1218722 * https://bugzilla.suse.com/show_bug.cgi?id=1223980

1 0

SUSE-SU-2024:1865-1: moderate: Security update for wireshark
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for wireshark Announcement ID: SUSE-SU-2024:1865-1 Rating: moderate References: * bsc#1224259 * bsc#1224274 * bsc#1224276 Cross-References: * CVE-2024-4853 * CVE-2024-4854 * CVE-2024-4855 CVSS scores: * CVE-2024-4853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-4854 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-4855 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues: Update to version 3.6.22: * CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops (bsc#1224274) * CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet (bsc#1224259) * CVE-2024-4855: The editcap command line utility could crash when injecting secrets while writing multiple files (bsc#1224276) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1865=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1865=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1865=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1865=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-debuginfo-3.6.23-150000.3.115.1 * wireshark-ui-qt-3.6.23-150000.3.115.1 * wireshark-debugsource-3.6.23-150000.3.115.1 * wireshark-ui-qt-debuginfo-3.6.23-150000.3.115.1 * wireshark-devel-3.6.23-150000.3.115.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.23-150000.3.115.1 * wireshark-debuginfo-3.6.23-150000.3.115.1 * libwiretap12-3.6.23-150000.3.115.1 * wireshark-3.6.23-150000.3.115.1 * libwireshark15-3.6.23-150000.3.115.1 * libwiretap12-debuginfo-3.6.23-150000.3.115.1 * wireshark-ui-qt-3.6.23-150000.3.115.1 * wireshark-debugsource-3.6.23-150000.3.115.1 * wireshark-ui-qt-debuginfo-3.6.23-150000.3.115.1 * libwsutil13-3.6.23-150000.3.115.1 * libwireshark15-debuginfo-3.6.23-150000.3.115.1 * wireshark-devel-3.6.23-150000.3.115.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.23-150000.3.115.1 * wireshark-debuginfo-3.6.23-150000.3.115.1 * libwiretap12-3.6.23-150000.3.115.1 * wireshark-3.6.23-150000.3.115.1 * libwireshark15-3.6.23-150000.3.115.1 * libwiretap12-debuginfo-3.6.23-150000.3.115.1 * wireshark-debugsource-3.6.23-150000.3.115.1 * libwsutil13-3.6.23-150000.3.115.1 * libwireshark15-debuginfo-3.6.23-150000.3.115.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.23-150000.3.115.1 * wireshark-debuginfo-3.6.23-150000.3.115.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4853.html * https://www.suse.com/security/cve/CVE-2024-4854.html * https://www.suse.com/security/cve/CVE-2024-4855.html * https://bugzilla.suse.com/show_bug.cgi?id=1224259 * https://bugzilla.suse.com/show_bug.cgi?id=1224274 * https://bugzilla.suse.com/show_bug.cgi?id=1224276

1 0

SUSE-SU-2024:1866-1: moderate: Security update for python-aiohttp
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-aiohttp Announcement ID: SUSE-SU-2024:1866-1 Rating: moderate References: * bsc#1223098 Cross-References: * CVE-2024-27306 CVSS scores: * CVE-2024-27306 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-aiohttp fixes the following issues: * CVE-2024-27306: Fixed XSS on index pages for static file handling (bsc#1223098) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1866=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1866=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1866=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1866=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1866=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1866=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-3.9.3-150400.10.21.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 ## References: * https://www.suse.com/security/cve/CVE-2024-27306.html * https://bugzilla.suse.com/show_bug.cgi?id=1223098

1 0

SUSE-SU-2024:1867-1: moderate: Security update for fwupdate
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for fwupdate Announcement ID: SUSE-SU-2024:1867-1 Rating: moderate References: * bsc#1209188 * bsc#1221301 Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update of fwupdate fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). * Update the email address of security team in SBAT (bsc#1221301) * elf_aarch64_efi.lds: set the memory permission explicitly to avoid ld warning like "LOAD segment with RWX permissions" ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1867=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1867=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1867=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1867=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1867=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1867=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1867=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1867=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1867=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1867=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1867=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1867=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1867=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1867=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1867=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1867=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1867=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2024-1867=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * openSUSE Leap 15.6 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * Basesystem Module 15-SP5 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * Basesystem Module 15-SP6 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Manager Proxy 4.3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Manager Retail Branch Server 4.3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Manager Server 4.3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 * https://bugzilla.suse.com/show_bug.cgi?id=1221301

1 0

SUSE-SU-2024:1872-1: moderate: Security update for python-tqdm
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-tqdm Announcement ID: SUSE-SU-2024:1872-1 Rating: moderate References: * bsc#1223880 Cross-References: * CVE-2024-34062 CVSS scores: * CVE-2024-34062 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-tqdm fixes the following issues: Update to version 4.66.4: * rich: fix completion * cli: eval safety (CVE-2024-34062, bsc#1223880) * pandas: add DataFrame.progress_map * notebook: fix HTML padding * keras: fix resuming training when verbose>=2 * fix format_num negative fractions missing leading zero * fix Python 3.12 DeprecationWarning on import ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1872=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1872=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1872=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1872=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1872=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1872=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1872=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1872=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1872=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1872=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1872=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * openSUSE Leap 15.5 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * openSUSE Leap 15.6 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * Public Cloud Module 15-SP4 (noarch) * python311-tqdm-4.66.4-150400.9.12.1 * Python 3 Module 15-SP5 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * Python 3 Module 15-SP6 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34062.html * https://bugzilla.suse.com/show_bug.cgi?id=1223880

1 0

SUSE-SU-2024:1498-2: low: Security update for java-11-openjdk
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for java-11-openjdk Announcement ID: SUSE-SU-2024:1498-2 Rating: low References: * bsc#1213470 * bsc#1222979 * bsc#1222983 * bsc#1222984 * bsc#1222986 * bsc#1222987 Cross-References: * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21085 * CVE-2024-21094 CVSS scores: * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: * CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) * CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) * CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) * CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: \- Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes \+ JDK-8318340: Improve RSA key implementations * Other changes \+ JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS \+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. \+ JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the border incorrectly \+ JDK-8058176: [mlvm] tests should not allow code cache exhaustion \+ JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic \+ JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out \+ JDK-8156889: ListKeychainStore.sh fails in some virtualized environments \+ JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting \+ JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java \+ JDK-8169475: WheelModifier.java fails by timeout \+ JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test \+ JDK-8186610: move ModuleUtils to top-level testlibrary \+ JDK-8192864: defmeth tests can hide failures \+ JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails \+ JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing \+ JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed \+ JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up \+ JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails \+ JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests \+ JDK-8207214: Broken links in JDK API serialized-form page \+ JDK-8207855: Make applications/jcstress invoke tests in batches \+ JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly \+ JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected \+ JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system \+ JDK-8208699: remove unneeded imports from runtime tests \+ JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing \+ JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests \+ JDK-8209549: remove VMPropsExt from TEST.ROOT \+ JDK-8209595: MonitorVmStartTerminate.java timed out \+ JDK-8209946: [TESTBUG] CDS tests should use "@run driver" \+ JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location \+ JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary \+ JDK-8213622: Windows VS2013 build failure - "'snprintf': identifier not found" \+ JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL \+ JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled \+ JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules \+ JDK-8214915: CtwRunner misses export for jdk.internal.access \+ JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException \+ JDK-8217475: Unexpected StackOverflowError in "process reaper" thread \+ JDK-8218754: JDK-8068225 regression in JDIBreakpointTest \+ JDK-8219475: javap man page needs to be updated \+ JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't \+ JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host \+ JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates \+ JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java \+ JDK-8226905: unproblem list applications/ctw/modules/ _tests on windows \+ JDK-8226910: make it possible to use jtreg 's -match via run-test framework \+ JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry \+ JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException \+ JDK-8232839: JDI AfterThreadDeathTest.java failed due to "FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()" \+ JDK-8233453: MLVM deoptimize stress test timed out \+ JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception \+ JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails \+ JDK-8237777: "Dumping core ..." is shown despite claiming that "# No core dump will be written." \+ JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout \+ JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel \+ JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails \+ JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to "(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8" \+ JDK-8246222: Rename javac test T6395981.java to be more informative \+ JDK-8247818: GCC 10 warning stringop- overflow with symbol code \+ JDK-8249087: Always initialize _body[0..1] in Symbol constructor \+ JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies \+ JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR \+ JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with "AssertionError: All pixels are not black" \+ JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails \+ JDK-8253820: Save test images and dumps with timestamps from client sanity suite \+ JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay \+ JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU \+ JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java \+ JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed \+ JDK-8259801: Enable XML Signature secure validation mode by default \+ JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details \+ JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. \+ JDK-8269025: jsig/Testjsig.java doesn't check exit code \+ JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest \+ JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code \+ JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code \+ JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags \+ JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags \+ JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags \+ JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags \+ JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes \+ JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags \+ JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags \+ JDK-8273803: Zero: Handle "zero" variant in CommandLineOptionTest.java \+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 \+ JDK-8274621: NullPointerException because listenAddress[0] is null \+ JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC \+ JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 \+ JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB \+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+ JDK-8281717: Cover logout method for several LoginModule \+ JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) \+ JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile \+ JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests \+ JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released \+ JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java \+ JDK-8287113: JFR: Periodic task thread uses period for method sampling events \+ JDK-8289511: Improve test coverage for XPath Axes: child \+ JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" \+ JDK-8289948: Improve test coverage for XPath functions: Node Set Functions \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed \+ JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with "isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN" \+ JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar \+ JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" \+ JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG" \+ JDK-8294158: HTML formatting for PassFailJFrame instructions \+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure \+ JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport \+ JDK-8294535: Add screen capture functionality to PassFailJFrame \+ JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM \+ JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout \+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found \+ JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF \+ JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with "List wasn't garbage collected" \+ JDK-8301310: The SendRawSysexMessage test may cause a JVM crash \+ JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again \+ JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library \+ JDK-8302017: Allocate BadPaddingException only if it will be thrown \+ JDK-8302109: Trivial fixes to btree tests \+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java \+ JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java \+ JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM \+ JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 \+ JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 \+ JDK-8305502: adjust timeouts in three more M&M tests \+ JDK-8305505: NPE in javazic compiler \+ JDK-8305972: Update XML Security for Java to 3.0.2 \+ JDK-8306072: Open source several AWT MouseInfo related tests \+ JDK-8306076: Open source AWT misc tests \+ JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests \+ JDK-8306640: Open source several AWT TextArea related tests \+ JDK-8306652: Open source AWT MenuItem related tests \+ JDK-8306681: Open source more AWT DnD related tests \+ JDK-8306683: Open source several clipboard and color AWT tests \+ JDK-8306752: Open source several container and component AWT tests \+ JDK-8306753: Open source several container AWT tests \+ JDK-8306755: Open source few Swing JComponent and AbstractButton tests \+ JDK-8306812: Open source several AWT Miscellaneous tests \+ JDK-8306871: Open source more AWT Drag & Drop tests \+ JDK-8306996: Open source Swing MenuItem related tests \+ JDK-8307123: Fix deprecation warnings in DPrinter \+ JDK-8307130: Open source few Swing JMenu tests \+ JDK-8307299: Move more DnD tests to open \+ JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests \+ JDK-8307381: Open Source JFrame, JIF related Swing Tests \+ JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition \+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating \+ JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files \+ JDK-8308223: failure handler missed jcmd.vm.info command \+ JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee \+ JDK-8308245: Add -proc:full to describe current default annotation processing policy \+ JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use \+ JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal \+ JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication \+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop \+ JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory \+ JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing \+ JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers \+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails \+ JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt \+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out \+ JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform \+ JDK-8311511: Improve description of NativeLibrary JFR event \+ JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java \+ JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 \+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+ JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources \+ JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns \+ JDK-8313643: Update HarfBuzz to 8.2.2 \+ JDK-8313816: Accessing jmethodID might lead to spurious crashes \+ JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp \+ JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+ JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case \+ JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder \+ JDK-8315042: NPE in PKCS7.parseOldSignedData \+ JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases \+ JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen \+ JDK-8315594: Open source few headless Swing misc tests \+ JDK-8315600: Open source few more headless Swing misc tests \+ JDK-8315602: Open source swing security manager test \+ JDK-8315606: Open source few swing text/html tests \+ JDK-8315611: Open source swing text/html and tree test \+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+ JDK-8315731: Open source several Swing Text related tests \+ JDK-8315761: Open source few swing JList and JMenuBar tests \+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location \+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests \+ JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit \+ JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly \+ JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information \+ JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js \+ JDK-8318154: Improve stability of WheelModifier.java test \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 \+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests \+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" \+ JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late \+ JDK-8318951: Additional negative value check in JPEG decoding \+ JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+ JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+ JDK-8319124: Update XML Security for Java to 3.0.3 \+ JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes \+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh \+ JDK-8320001: javac crashes while adding type annotations to the return type of a constructor \+ JDK-8320208: Update Public Suffix List to b5bf572 \+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity \+ JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly \+ JDK-8320798: Console read line with zero out should zero out underlying buffer \+ JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 \+ JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp \+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions \+ JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode \+ JDK-8321408: Add Certainly roots R1 and E1 \+ JDK-8321480: ISO 4217 Amendment 176 Update \+ JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries \+ JDK-8322417: Console read line with zero out should zero out when throwing exception \+ JDK-8322725: (tz) Update Timezone Data to 2023d \+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray \+ JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert \+ JDK-8322772: Clean up code after JDK-8322417 \+ JDK-8323008: filter out harmful -std_ flags added by autoconf from CXX \+ JDK-8323243: JNI invocation of an abstract instance method corrupts the stack \+ JDK-8323515: Create test alias "all" for all test roots \+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed \+ JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" \+ JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) \+ JDK-8324347: Enable "maybe- uninitialized" warning for FreeType 2.13.1 \+ JDK-8324659: GHA: Generic jtreg errors are not reported \+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+ JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled \+ JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist \+ JDK-8327391: Add SipHash attribution file \+ JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 * Removed the possibility to use the system timezone-java (bsc#1213470) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1498=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1498=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1498=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-headless-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-demo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1 * java-11-openjdk-src-11.0.23.0-150000.3.113.1 * java-11-openjdk-11.0.23.0-150000.3.113.1 * java-11-openjdk-jmods-11.0.23.0-150000.3.113.1 * openSUSE Leap 15.6 (noarch) * java-11-openjdk-javadoc-11.0.23.0-150000.3.113.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-headless-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-demo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1 * java-11-openjdk-11.0.23.0-150000.3.113.1 * SUSE Package Hub 15 15-SP6 (noarch) * java-11-openjdk-javadoc-11.0.23.0-150000.3.113.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21085.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1213470 * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222984 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987

1 0

SUSE-SU-2024:2052-1: important: Security update for libaom
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for libaom Announcement ID: SUSE-SU-2024:2052-1 Rating: important References: * bsc#1226020 Cross-References: * CVE-2024-5171 CVSS scores: * CVE-2024-5171 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-5171 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libaom fixes the following issues: * CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2052=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2052=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2052=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2052=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2052=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2052=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2052=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2052=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2052=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2052=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2052=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Manager Proxy 4.3 (x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * aom-tools-debuginfo-3.2.0-150400.3.6.1 * aom-tools-3.2.0-150400.3.6.1 * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom-devel-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * libaom-devel-doc-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libaom3-32bit-debuginfo-3.2.0-150400.3.6.1 * libaom3-32bit-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libaom3-64bit-3.2.0-150400.3.6.1 * libaom3-64bit-debuginfo-3.2.0-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * aom-tools-debuginfo-3.2.0-150400.3.6.1 * aom-tools-3.2.0-150400.3.6.1 * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom-devel-3.2.0-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * libaom-devel-doc-3.2.0-150400.3.6.1 * openSUSE Leap 15.5 (x86_64) * libaom3-32bit-debuginfo-3.2.0-150400.3.6.1 * libaom3-32bit-3.2.0-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5171.html * https://bugzilla.suse.com/show_bug.cgi?id=1226020

1 0

SUSE-SU-2024:1079-2: important: Security update for netty, netty-tcnative
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2024:1079-2 Rating: important References: * bsc#1222045 Cross-References: * CVE-2024-29025 CVSS scores: * CVE-2024-29025 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: * CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1079=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-1079=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1079=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-4.1.108-150200.4.23.1 * netty-tcnative-2.0.65-150200.3.19.1 * openSUSE Leap 15.6 (noarch) * netty-poms-4.1.108-150200.4.23.1 * netty-javadoc-4.1.108-150200.4.23.1 * netty-tcnative-javadoc-2.0.65-150200.3.19.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.65-150200.3.19.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-4.1.108-150200.4.23.1 * SUSE Package Hub 15 15-SP6 (noarch) * netty-poms-4.1.108-150200.4.23.1 * netty-javadoc-4.1.108-150200.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29025.html * https://bugzilla.suse.com/show_bug.cgi?id=1222045

1 0

SUSE-SU-2024:1486-2: moderate: Security update for cosign
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for cosign Announcement ID: SUSE-SU-2024:1486-2 Rating: moderate References: * bsc#1222835 * bsc#1222837 * jsc#SLE-23879 Cross-References: * CVE-2024-29902 * CVE-2024-29903 CVSS scores: * CVE-2024-29902 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-29903 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: * CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835) * CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837) Other fixes: \- Updated to 2.2.4 (jsc#SLE-23879) * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1486=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1486=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.2.4-150400.3.20.1 * cosign-2.2.4-150400.3.20.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.2.4-150400.3.20.1 * cosign-2.2.4-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29902.html * https://www.suse.com/security/cve/CVE-2024-29903.html * https://bugzilla.suse.com/show_bug.cgi?id=1222835 * https://bugzilla.suse.com/show_bug.cgi?id=1222837 * https://jira.suse.com/browse/SLE-23879

1 0

SUSE-SU-2024:2186-1: important: Security update for gnome-settings-daemon
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for gnome-settings-daemon Announcement ID: SUSE-SU-2024:2186-1 Rating: important References: * bsc#1226423 Cross-References: * CVE-2024-38394 CVSS scores: * CVE-2024-38394 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for gnome-settings-daemon fixes the following issues: * CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2186=1 SUSE-2024-2186=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2186=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gnome-settings-daemon-debugsource-45.1-150600.3.3.1 * gnome-settings-daemon-debuginfo-45.1-150600.3.3.1 * gnome-settings-daemon-45.1-150600.3.3.1 * gnome-settings-daemon-devel-45.1-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * gnome-settings-daemon-lang-45.1-150600.3.3.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * gnome-settings-daemon-debugsource-45.1-150600.3.3.1 * gnome-settings-daemon-debuginfo-45.1-150600.3.3.1 * gnome-settings-daemon-45.1-150600.3.3.1 * gnome-settings-daemon-devel-45.1-150600.3.3.1 * Desktop Applications Module 15-SP6 (noarch) * gnome-settings-daemon-lang-45.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38394.html * https://bugzilla.suse.com/show_bug.cgi?id=1226423

1 0

SUSE-SU-2024:2187-1: moderate: Security update for ntfs-3g_ntfsprogs
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for ntfs-3g_ntfsprogs Announcement ID: SUSE-SU-2024:2187-1 Rating: moderate References: * bsc#1226007 Cross-References: * CVE-2023-52890 CVSS scores: * CVE-2023-52890 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ntfs-3g_ntfsprogs fixes the following issue: * CVE-2023-52890: fix a use after free in ntfs_uppercase_mbs (bsc#1226007) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2187=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2187=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2187=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2187=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2187=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-2187=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfsprogs-extra-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfsprogs-extra-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfsprogs-extra-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfsprogs-extra-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libntfs-3g-devel-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52890.html * https://bugzilla.suse.com/show_bug.cgi?id=1226007

1 0

SUSE-SU-2024:2776-1: moderate: Security update for dri3proto, presentproto, wayland-protocols, xwayland
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for dri3proto, presentproto, wayland-protocols, xwayland Announcement ID: SUSE-SU-2024:2776-1 Rating: moderate References: * bsc#1219892 * bsc#1222309 * bsc#1222310 * bsc#1222312 * bsc#1222442 * jsc#PED-9498 Cross-References: * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 CVSS scores: * CVE-2024-31080 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-31081 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-31083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities, contains one feature and has two security fixes can now be installed. ## Description: This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: * Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name * Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol * Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled * Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note * Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: * Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: optionally force disposal * wayland: Force disposal of windows buffers for root on destroy * xwayland: Check for pointer in xwl_seat_leave_ptr() * xwayland: remove includedir from pkgconfig * disable DPMS on sle15 due to missing proto package * Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Restore the ResizeWindow handler * xwayland: Handle rootful resize in ResizeWindow * xwayland: Move XRandR emulation to the ResizeWindow hook * xwayland: Use correct xwl_window lookup function in xwl_set_shape * eglstreams has been dropped * Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows" * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased * Update to 23.2.6 * This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5. * Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. * Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2776=1 openSUSE-SLE-15.6-2024-2776=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2776=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2776=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2776=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2776=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-2776=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xwayland-devel-24.1.1-150600.5.3.1 * xwayland-debuginfo-24.1.1-150600.5.3.1 * xwayland-debugsource-24.1.1-150600.5.3.1 * xwayland-24.1.1-150600.5.3.1 * presentproto-devel-1.3-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * wayland-protocols-devel-1.36-150600.4.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * presentproto-devel-1.3-150600.3.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * wayland-protocols-devel-1.36-150600.4.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * xwayland-debugsource-24.1.1-150600.5.3.1 * xwayland-24.1.1-150600.5.3.1 * xwayland-debuginfo-24.1.1-150600.5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31080.html * https://www.suse.com/security/cve/CVE-2024-31081.html * https://www.suse.com/security/cve/CVE-2024-31083.html * https://bugzilla.suse.com/show_bug.cgi?id=1219892 * https://bugzilla.suse.com/show_bug.cgi?id=1222309 * https://bugzilla.suse.com/show_bug.cgi?id=1222310 * https://bugzilla.suse.com/show_bug.cgi?id=1222312 * https://bugzilla.suse.com/show_bug.cgi?id=1222442 * https://jira.suse.com/browse/PED-9498

1 0

openSUSE-SU-2024:0252-1: important: Security update for opera
by opensuse-security＠opensuse.org 18 Aug '24

18 Aug '24

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0252-1 Rating: important References: Cross-References: CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 Affected Products: openSUSE Leap 15.5:NonFree ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 112.0.5197.53 * CHR-9814 Update Chromium on desktop-stable-126-5197 to 126.0.6478.226 * DNA-116974 Site settings popup size not expanding causing display issues * DNA-117115 Tab islands are extending partially after Workspace change * DNA-117708 H.264 SW decoding only possible if HW decoding is possible * DNA-117792 Crash at content::RenderWidgetHostImpl:: ForwardMouseEventWithLatencyInfo(blink:: WebMouseEvent const&, ui::LatencyInfo const&) - The update to chromium >= 126.0.6478.182 fixes following issues: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 - Update to 112.0.5197.30 * CHR-9416 Updating Chromium on desktop-stable-* branches Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5:NonFree: zypper in -t patch openSUSE-2024-252=1 Package List: - openSUSE Leap 15.5:NonFree (x86_64): opera-112.0.5197.53-lp155.3.57.1 References: https://www.suse.com/security/cve/CVE-2024-6772.html https://www.suse.com/security/cve/CVE-2024-6773.html https://www.suse.com/security/cve/CVE-2024-6774.html https://www.suse.com/security/cve/CVE-2024-6775.html https://www.suse.com/security/cve/CVE-2024-6776.html https://www.suse.com/security/cve/CVE-2024-6777.html https://www.suse.com/security/cve/CVE-2024-6778.html https://www.suse.com/security/cve/CVE-2024-6779.html

1 0

openSUSE-SU-2024:0253-1: moderate: Security update for python-Pillow
by opensuse-security＠opensuse.org 18 Aug '24

18 Aug '24

openSUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0253-1 Rating: moderate References: #1205416 Cross-References: CVE-2022-45198 CVSS scores: CVE-2022-45198 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45198 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2022-45198: Fixed improper handling of highly compressed GIF data (boo#1205416) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-253=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): python3-Pillow-8.4.0-bp155.3.9.1 python3-Pillow-tk-8.4.0-bp155.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-45198.html https://bugzilla.suse.com/1205416

1 0

openSUSE-SU-2024:0251-1: important: Security update for python-Django
by opensuse-security＠opensuse.org 18 Aug '24

18 Aug '24

openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0251-1 Rating: important References: #1207565 #1227590 #1227593 #1227594 #1227595 Cross-References: CVE-2023-23969 CVE-2024-38875 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVSS scores: CVE-2023-23969 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-23969 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-38875 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-39329 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2024-39330 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2024-39614 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2023-23969: Potential denial-of-service via Accept-Language headers (boo#1207565) - CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (boo#1227590) - CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (boo#1227593) - CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (boo#1227594) - CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language-variant() (boo#1227595) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-251=1 Package List: References: https://www.suse.com/security/cve/CVE-2023-23969.html https://www.suse.com/security/cve/CVE-2024-38875.html https://www.suse.com/security/cve/CVE-2024-39329.html https://www.suse.com/security/cve/CVE-2024-39330.html https://www.suse.com/security/cve/CVE-2024-39614.html https://bugzilla.suse.com/1207565 https://bugzilla.suse.com/1227590 https://bugzilla.suse.com/1227593 https://bugzilla.suse.com/1227594 https://bugzilla.suse.com/1227595

1 0

SUSE-SU-2024:2947-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 16 Aug '24

16 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:2947-1 Rating: important References: * bsc#1082555 * bsc#1193454 * bsc#1193554 * bsc#1193787 * bsc#1194324 * bsc#1194869 * bsc#1195357 * bsc#1195668 * bsc#1195927 * bsc#1195957 * bsc#1196018 * bsc#1196823 * bsc#1197146 * bsc#1197246 * bsc#1197762 * bsc#1202346 * bsc#1202686 * bsc#1208783 * bsc#1209636 * bsc#1213123 * bsc#1215492 * bsc#1215587 * bsc#1216834 * bsc#1219832 * bsc#1220138 * bsc#1220185 * bsc#1220186 * bsc#1220187 * bsc#1220869 * bsc#1220876 * bsc#1220942 * bsc#1220952 * bsc#1221010 * bsc#1221044 * bsc#1221647 * bsc#1221654 * bsc#1221656 * bsc#1221659 * bsc#1221777 * bsc#1222011 * bsc#1222323 * bsc#1222326 * bsc#1222328 * bsc#1222625 * bsc#1222702 * bsc#1222728 * bsc#1222799 * bsc#1222809 * bsc#1222810 * bsc#1223021 * bsc#1223180 * bsc#1223635 * bsc#1223652 * bsc#1223675 * bsc#1223778 * bsc#1223806 * bsc#1223813 * bsc#1223815 * bsc#1223836 * bsc#1223863 * bsc#1224414 * bsc#1224499 * bsc#1224500 * bsc#1224512 * bsc#1224516 * bsc#1224517 * bsc#1224545 * bsc#1224548 * bsc#1224557 * bsc#1224572 * bsc#1224573 * bsc#1224585 * bsc#1224604 * bsc#1224636 * bsc#1224641 * bsc#1224683 * bsc#1224694 * bsc#1224700 * bsc#1224743 * bsc#1225088 * bsc#1225272 * bsc#1225301 * bsc#1225475 * bsc#1225489 * bsc#1225504 * bsc#1225505 * bsc#1225564 * bsc#1225573 * bsc#1225581 * bsc#1225586 * bsc#1225711 * bsc#1225717 * bsc#1225719 * bsc#1225744 * bsc#1225745 * bsc#1225746 * bsc#1225752 * bsc#1225753 * bsc#1225757 * bsc#1225767 * bsc#1225810 * bsc#1225815 * bsc#1225820 * bsc#1225829 * bsc#1225835 * bsc#1225838 * bsc#1225839 * bsc#1225843 * bsc#1225847 * bsc#1225851 * bsc#1225856 * bsc#1225895 * bsc#1225898 * bsc#1225903 * bsc#1226202 * bsc#1226502 * bsc#1226519 * bsc#1226551 * bsc#1226555 * bsc#1226565 * bsc#1226568 * bsc#1226570 * bsc#1226571 * bsc#1226574 * bsc#1226588 * bsc#1226607 * bsc#1226650 * bsc#1226698 * bsc#1226713 * bsc#1226716 * bsc#1226750 * bsc#1226757 * bsc#1226758 * bsc#1226775 * bsc#1226783 * bsc#1226785 * bsc#1226834 * bsc#1226837 * bsc#1226911 * bsc#1226990 * bsc#1226993 * bsc#1227090 * bsc#1227121 * bsc#1227157 * bsc#1227162 * bsc#1227362 * bsc#1227383 * bsc#1227432 * bsc#1227435 * bsc#1227447 * bsc#1227487 * bsc#1227549 * bsc#1227573 * bsc#1227618 * bsc#1227620 * bsc#1227626 * bsc#1227635 * bsc#1227661 * bsc#1227716 * bsc#1227722 * bsc#1227724 * bsc#1227725 * bsc#1227728 * bsc#1227729 * bsc#1227730 * bsc#1227732 * bsc#1227733 * bsc#1227750 * bsc#1227754 * bsc#1227755 * bsc#1227760 * bsc#1227762 * bsc#1227763 * bsc#1227764 * bsc#1227766 * bsc#1227770 * bsc#1227771 * bsc#1227772 * bsc#1227774 * bsc#1227779 * bsc#1227780 * bsc#1227783 * bsc#1227786 * bsc#1227787 * bsc#1227790 * bsc#1227792 * bsc#1227796 * bsc#1227797 * bsc#1227798 * bsc#1227800 * bsc#1227802 * bsc#1227806 * bsc#1227808 * bsc#1227810 * bsc#1227812 * bsc#1227813 * bsc#1227814 * bsc#1227816 * bsc#1227820 * bsc#1227823 * bsc#1227824 * bsc#1227828 * bsc#1227829 * bsc#1227836 * bsc#1227846 * bsc#1227849 * bsc#1227851 * bsc#1227862 * bsc#1227864 * bsc#1227865 * bsc#1227866 * bsc#1227870 * bsc#1227884 * bsc#1227886 * bsc#1227891 * bsc#1227893 * bsc#1227899 * bsc#1227900 * bsc#1227910 * bsc#1227913 * bsc#1227917 * bsc#1227919 * bsc#1227920 * bsc#1227921 * bsc#1227922 * bsc#1227923 * bsc#1227924 * bsc#1227925 * bsc#1227927 * bsc#1227928 * bsc#1227931 * bsc#1227932 * bsc#1227933 * bsc#1227935 * bsc#1227936 * bsc#1227938 * bsc#1227941 * bsc#1227942 * bsc#1227944 * bsc#1227945 * bsc#1227947 * bsc#1227948 * bsc#1227949 * bsc#1227950 * bsc#1227952 * bsc#1227953 * bsc#1227954 * bsc#1227956 * bsc#1227957 * bsc#1227963 * bsc#1227964 * bsc#1227965 * bsc#1227968 * bsc#1227969 * bsc#1227970 * bsc#1227971 * bsc#1227972 * bsc#1227975 * bsc#1227976 * bsc#1227981 * bsc#1227982 * bsc#1227985 * bsc#1227986 * bsc#1227987 * bsc#1227988 * bsc#1227989 * bsc#1227990 * bsc#1227991 * bsc#1227992 * bsc#1227993 * bsc#1227995 * bsc#1227996 * bsc#1227997 * bsc#1228000 * bsc#1228002 * bsc#1228003 * bsc#1228004 * bsc#1228005 * bsc#1228006 * bsc#1228007 * bsc#1228008 * bsc#1228009 * bsc#1228010 * bsc#1228011 * bsc#1228013 * bsc#1228014 * bsc#1228015 * bsc#1228019 * bsc#1228020 * bsc#1228025 * bsc#1228028 * bsc#1228035 * bsc#1228037 * bsc#1228038 * bsc#1228039 * bsc#1228040 * bsc#1228045 * bsc#1228054 * bsc#1228055 * bsc#1228056 * bsc#1228060 * bsc#1228061 * bsc#1228062 * bsc#1228063 * bsc#1228064 * bsc#1228066 * bsc#1228067 * bsc#1228068 * bsc#1228071 * bsc#1228079 * bsc#1228090 * bsc#1228114 * bsc#1228140 * bsc#1228190 * bsc#1228191 * bsc#1228195 * bsc#1228202 * bsc#1228226 * bsc#1228235 * bsc#1228237 * bsc#1228247 * bsc#1228327 * bsc#1228328 * bsc#1228330 * bsc#1228403 * bsc#1228405 * bsc#1228408 * bsc#1228409 * bsc#1228410 * bsc#1228418 * bsc#1228440 * bsc#1228459 * bsc#1228462 * bsc#1228470 * bsc#1228518 * bsc#1228520 * bsc#1228530 * bsc#1228561 * bsc#1228565 * bsc#1228580 * bsc#1228581 * bsc#1228591 * bsc#1228599 * bsc#1228617 * bsc#1228625 * bsc#1228626 * bsc#1228633 * bsc#1228640 * bsc#1228644 * bsc#1228649 * bsc#1228655 * bsc#1228665 * bsc#1228672 * bsc#1228680 * bsc#1228705 * bsc#1228723 * bsc#1228743 * bsc#1228756 * bsc#1228801 * bsc#1228850 * bsc#1228857 * jsc#PED-8582 * jsc#PED-8690 Cross-References: * CVE-2021-47086 * CVE-2021-47103 * CVE-2021-47186 * CVE-2021-47402 * CVE-2021-47546 * CVE-2021-47547 * CVE-2021-47588 * CVE-2021-47590 * CVE-2021-47591 * CVE-2021-47593 * CVE-2021-47598 * CVE-2021-47599 * CVE-2021-47606 * CVE-2021-47622 * CVE-2021-47623 * CVE-2021-47624 * CVE-2022-48713 * CVE-2022-48730 * CVE-2022-48732 * CVE-2022-48749 * CVE-2022-48756 * CVE-2022-48773 * CVE-2022-48774 * CVE-2022-48775 * CVE-2022-48776 * CVE-2022-48777 * CVE-2022-48778 * CVE-2022-48780 * CVE-2022-48783 * CVE-2022-48784 * CVE-2022-48785 * CVE-2022-48786 * CVE-2022-48787 * CVE-2022-48788 * CVE-2022-48789 * CVE-2022-48790 * CVE-2022-48791 * CVE-2022-48792 * CVE-2022-48793 * CVE-2022-48794 * CVE-2022-48796 * CVE-2022-48797 * CVE-2022-48798 * CVE-2022-48799 * CVE-2022-48800 * CVE-2022-48801 * CVE-2022-48802 * CVE-2022-48803 * CVE-2022-48804 * CVE-2022-48805 * CVE-2022-48806 * CVE-2022-48807 * CVE-2022-48809 * CVE-2022-48810 * CVE-2022-48811 * CVE-2022-48812 * CVE-2022-48813 * CVE-2022-48814 * CVE-2022-48815 * CVE-2022-48816 * CVE-2022-48817 * CVE-2022-48818 * CVE-2022-48820 * CVE-2022-48821 * CVE-2022-48822 * CVE-2022-48823 * CVE-2022-48824 * CVE-2022-48825 * CVE-2022-48826 * CVE-2022-48827 * CVE-2022-48828 * CVE-2022-48829 * CVE-2022-48830 * CVE-2022-48831 * CVE-2022-48834 * CVE-2022-48835 * CVE-2022-48836 * CVE-2022-48837 * CVE-2022-48838 * CVE-2022-48839 * CVE-2022-48840 * CVE-2022-48841 * CVE-2022-48842 * CVE-2022-48843 * CVE-2022-48844 * CVE-2022-48846 * CVE-2022-48847 * CVE-2022-48849 * CVE-2022-48850 * CVE-2022-48851 * CVE-2022-48852 * CVE-2022-48853 * CVE-2022-48855 * CVE-2022-48856 * CVE-2022-48857 * CVE-2022-48858 * CVE-2022-48859 * CVE-2022-48860 * CVE-2022-48861 * CVE-2022-48862 * CVE-2022-48863 * CVE-2022-48864 * CVE-2022-48866 * CVE-2023-1582 * CVE-2023-37453 * CVE-2023-52435 * CVE-2023-52573 * CVE-2023-52580 * CVE-2023-52591 * CVE-2023-52735 * CVE-2023-52751 * CVE-2023-52762 * CVE-2023-52775 * CVE-2023-52812 * CVE-2023-52857 * CVE-2023-52863 * CVE-2023-52885 * CVE-2023-52886 * CVE-2024-25741 * CVE-2024-26583 * CVE-2024-26584 * CVE-2024-26585 * CVE-2024-26615 * CVE-2024-26633 * CVE-2024-26635 * CVE-2024-26636 * CVE-2024-26641 * CVE-2024-26661 * CVE-2024-26663 * CVE-2024-26665 * CVE-2024-26800 * CVE-2024-26802 * CVE-2024-26813 * CVE-2024-26814 * CVE-2024-26863 * CVE-2024-26889 * CVE-2024-26920 * CVE-2024-26935 * CVE-2024-269355 * CVE-2024-26961 * CVE-2024-26976 * CVE-2024-27015 * CVE-2024-27019 * CVE-2024-27020 * CVE-2024-27025 * CVE-2024-27065 * CVE-2024-27402 * CVE-2024-27437 * CVE-2024-35805 * CVE-2024-35819 * CVE-2024-35837 * CVE-2024-35853 * CVE-2024-35854 * CVE-2024-35855 * CVE-2024-35889 * CVE-2024-35890 * CVE-2024-35893 * CVE-2024-35899 * CVE-2024-35934 * CVE-2024-35949 * CVE-2024-35961 * CVE-2024-35979 * CVE-2024-35995 * CVE-2024-36000 * CVE-2024-36004 * CVE-2024-36288 * CVE-2024-36889 * CVE-2024-36901 * CVE-2024-36902 * CVE-2024-36909 * CVE-2024-36910 * CVE-2024-36911 * CVE-2024-36912 * CVE-2024-36913 * CVE-2024-36914 * CVE-2024-36919 * CVE-2024-36923 * CVE-2024-36924 * CVE-2024-36926 * CVE-2024-36939 * CVE-2024-36941 * CVE-2024-36942 * CVE-2024-36944 * CVE-2024-36946 * CVE-2024-36947 * CVE-2024-36950 * CVE-2024-36952 * CVE-2024-36955 * CVE-2024-36959 * CVE-2024-36974 * CVE-2024-38548 * CVE-2024-38555 * CVE-2024-38558 * CVE-2024-38559 * CVE-2024-38570 * CVE-2024-38586 * CVE-2024-38588 * CVE-2024-38598 * CVE-2024-38628 * CVE-2024-39276 * CVE-2024-39371 * CVE-2024-39463 * CVE-2024-39472 * CVE-2024-39475 * CVE-2024-39482 * CVE-2024-39487 * CVE-2024-39488 * CVE-2024-39490 * CVE-2024-39493 * CVE-2024-39494 * CVE-2024-39497 * CVE-2024-39499 * CVE-2024-39500 * CVE-2024-39501 * CVE-2024-39502 * CVE-2024-39505 * CVE-2024-39506 * CVE-2024-39507 * CVE-2024-39508 * CVE-2024-39509 * CVE-2024-40900 * CVE-2024-40901 * CVE-2024-40902 * CVE-2024-40903 * CVE-2024-40904 * CVE-2024-40906 * CVE-2024-40908 * CVE-2024-40909 * CVE-2024-40911 * CVE-2024-40912 * CVE-2024-40916 * CVE-2024-40919 * CVE-2024-40923 * CVE-2024-40924 * CVE-2024-40927 * CVE-2024-40929 * CVE-2024-40931 * CVE-2024-40932 * CVE-2024-40934 * CVE-2024-40935 * CVE-2024-40937 * CVE-2024-40940 * CVE-2024-40941 * CVE-2024-40942 * CVE-2024-40943 * CVE-2024-40945 * CVE-2024-40953 * CVE-2024-40954 * CVE-2024-40956 * CVE-2024-40958 * CVE-2024-40959 * CVE-2024-40960 * CVE-2024-40961 * CVE-2024-40966 * CVE-2024-40967 * CVE-2024-40970 * CVE-2024-40972 * CVE-2024-40976 * CVE-2024-40977 * CVE-2024-40981 * CVE-2024-40982 * CVE-2024-40984 * CVE-2024-40987 * CVE-2024-40988 * CVE-2024-40989 * CVE-2024-40990 * CVE-2024-40994 * CVE-2024-40998 * CVE-2024-40999 * CVE-2024-41002 * CVE-2024-41004 * CVE-2024-41006 * CVE-2024-41009 * CVE-2024-41011 * CVE-2024-41012 * CVE-2024-41013 * CVE-2024-41014 * CVE-2024-41015 * CVE-2024-41016 * CVE-2024-41017 * CVE-2024-41040 * CVE-2024-41041 * CVE-2024-41044 * CVE-2024-41048 * CVE-2024-41057 * CVE-2024-41058 * CVE-2024-41059 * CVE-2024-41063 * CVE-2024-41064 * CVE-2024-41066 * CVE-2024-41069 * CVE-2024-41070 * CVE-2024-41071 * CVE-2024-41072 * CVE-2024-41076 * CVE-2024-41078 * CVE-2024-41081 * CVE-2024-41087 * CVE-2024-41090 * CVE-2024-41091 * CVE-2024-42070 * CVE-2024-42079 * CVE-2024-42093 * CVE-2024-42096 * CVE-2024-42105 * CVE-2024-42122 * CVE-2024-42124 * CVE-2024-42145 * CVE-2024-42161 * CVE-2024-42224 * CVE-2024-42230 CVSS scores: * CVE-2021-47086 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47546 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47547 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2021-47588 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47590 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47593 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47599 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47606 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47622 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47623 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2021-47624 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48713 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48749 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48756 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48774 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-48775 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48776 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48777 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48778 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48785 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48786 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-48787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48787 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48793 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48793 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48796 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48796 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48799 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48800 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48801 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48803 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48804 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48805 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48806 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48807 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48809 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48809 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48811 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48812 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48813 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48814 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48815 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48816 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48820 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48821 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48823 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48824 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48824 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48825 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2022-48826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48827 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48829 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48831 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48834 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2022-48834 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48835 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48836 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48836 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48837 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48837 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48838 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48840 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48840 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48841 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48841 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48842 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48842 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48843 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48843 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48844 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48846 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48846 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48847 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48847 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48851 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48851 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48852 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48852 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48855 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-48856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48856 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48857 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48858 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48858 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48859 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48860 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48861 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48862 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48863 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2022-48863 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48864 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48864 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48866 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-48866 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52435 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52435 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52573 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52735 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52762 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52775 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-52812 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-52857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52863 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25741 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L * CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26633 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26635 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-26636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26641 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-26661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26813 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26814 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26863 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26920 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26935 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26976 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27019 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-27020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27020 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27025 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-27065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27402 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-27437 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35837 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35890 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35893 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35899 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35934 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35949 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35979 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35995 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-36000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36004 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36288 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36889 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-36901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36902 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36909 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36910 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-36911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36923 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-36924 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36926 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36926 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36939 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36942 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-36944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-36947 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-36950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36952 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36955 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-36959 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38548 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38555 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38558 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-38559 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38570 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38570 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38586 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38588 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38598 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38628 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39276 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39463 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39472 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-39472 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39475 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39482 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2024-39482 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39487 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39488 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39490 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-39493 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39493 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39497 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39499 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-39500 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39501 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39502 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39505 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39506 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39507 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39508 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-39509 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40900 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40901 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-40902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40902 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40903 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40903 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40906 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40923 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40924 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40927 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40929 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40931 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-40932 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-40934 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-40935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40940 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40942 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40943 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40945 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40959 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40966 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40967 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40972 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40976 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40981 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-40982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40984 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40987 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-40988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40994 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40999 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-41002 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-41004 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-41006 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-41009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41009 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41012 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-41013 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-41014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41015 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-41016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-41017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41040 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41041 ( SUSE ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N * CVE-2024-41044 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2024-41048 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41057 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41057 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41058 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41058 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41063 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41063 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41064 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41064 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41066 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41066 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-41069 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41070 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41071 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-41072 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-41076 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-41078 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-41081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41090 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-41091 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2024-42070 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-42070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42079 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42079 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42093 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-42096 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42096 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42105 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-42105 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-42122 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42124 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42145 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42161 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42161 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42161 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42224 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42224 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42230 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42230 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42230 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 311 vulnerabilities, contains two features and has 50 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). * CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). * CVE-2021-47186: ipc: check for null after calling kmemdup (bsc#1222702). * CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). * CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). * CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). * CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). * CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). * CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). * CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571) * CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555). * CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). * CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) * CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). * CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071) * CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). * CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). * CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869) * CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). * CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). * CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). * CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). * CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). * CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). * CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). * CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). * CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). * CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). * CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). * CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323) * CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). * CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). * CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). * CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). * CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). * CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). * CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) * CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) * CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) * CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). * CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). * CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). * CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). * CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). * CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). * CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). * CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). * CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). * CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) * CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) * CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) * CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700) * CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585). * CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557). * CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). * CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) * CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) * CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). * CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). * CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). * CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). * CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). * CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). * CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). * CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). * CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). * CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). * CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). * CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). * CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). * CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). * CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). * CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). * CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). * CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). * CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). * CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). * CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). * CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). * CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). * CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) * CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). * CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). * CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). * CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722) * CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). * CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). * CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). * CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732). * CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non- allocated memory (bsc#1227762). * CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). * CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). * CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). * CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). * CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). * CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). * CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). * CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). * CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). * CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). * CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). * CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). * CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). * CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). * CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). * CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). * CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). * CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). * CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). * CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). * CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). * CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). * CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). * CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). * CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020). * CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). * CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). * CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). * CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). * CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410). * CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). * CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518) * CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520) * CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). * CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565) * CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). * CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). * CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580) * CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). * CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640). * CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). * CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). * CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). * CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). * CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617) * CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). * CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). * CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470) * CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). * CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). * CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). * CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591) * CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705) * CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) * CVE-2024-42161: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). * CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723) * CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: * ACPI: EC: Abort address space access upon error (stable-fixes). * ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable- fixes). * ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). * ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable- fixes). * ACPI: x86: Force StorageD3Enable on more products (stable-fixes). * ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). * ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). * ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). * ALSA: emux: improve patch ioctl data validation (stable-fixes). * ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git- fixes). * ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). * ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). * ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). * ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). * ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). * ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git- fixes). * ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). * ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). * ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). * ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). * arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) * arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) * arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) * arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) * arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git- fixes) * arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) * arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) * arm64/io: add constant-argument check (bsc#1226502 git-fixes) * arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) * arm64: tegra: Correct Tegra132 I2C alias (git-fixes) * ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). * ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). * ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable- fixes). * ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). * batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). * blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). * block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). * block, loop: support partitions without scanning (bsc#1227162). * Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable- fixes). * Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). * Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable- fixes). * Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). * Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). * Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). * bnxt_re: Fix imm_data endianness (git-fixes) * bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). * bpf: allow precision tracking for programs with subprogs (bsc#1225903). * bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). * bpf: clean up visit_insn()'s instruction processing (bsc#1225903). * bpf: correct loop detection for iterators convergence (bsc#1225903). * bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). * bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). * bpf: exact states comparison for iterator convergence checks (bsc#1225903). * bpf: extract __check_reg_arg() utility function (bsc#1225903). * bpf: extract same_callsites() as utility function (bsc#1225903). * bpf: extract setup_func_entry() utility function (bsc#1225903). * bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). * bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). * bpf: Fix memory leaks in __check_func_call (bsc#1225903). * bpf: fix propagate_precision() logic for inner frames (bsc#1225903). * bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). * bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). * bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). * bpf: improve precision backtrack logging (bsc#1225903). * bpf: Improve verifier u32 scalar equality checking (bsc#1225903). * bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). * bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). * bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). * bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). * bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). * bpf: print full verifier states on infinite loop detection (bsc#1225903). * bpf: regsafe() must not skip check_ids() (bsc#1225903). * bpf: reject non-exact register type matches in regsafe() (bsc#1225903). * bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). * bpf: reorganize struct bpf_reg_state fields (bsc#1225903). * bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). * bpf: states_equal() must build idmap for all function frames (bsc#1225903). * bpf: stop setting precise in current state (bsc#1225903). * bpf: support precision propagation in the presence of subprogs (bsc#1225903). * bpf: take into account liveness when propagating precision (bsc#1225903). * bpf: teach refsafe() to take into account ID remapping (bsc#1225903). * bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). * bpf: use check_ids() for active_lock comparison (bsc#1225903). * bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). * bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). * bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). * bpf: widening for callback iterators (bsc#1225903). * btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). * btrfs: harden identification of a stale device (bsc#1227162). * btrfs: match stale devices by dev_t (bsc#1227162). * btrfs: remove the cross file system checks from remap (bsc#1227157). * btrfs: use dev_t to match device in device_matched (bsc#1227162). * btrfs: validate device maj:min during open (bsc#1227162). * bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). * cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git- fixes). * can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). * can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). * ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). * cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). * crypto: aead,cipher - zeroize key buffer after use (stable-fixes). * crypto: ecdh - explicitly zeroize private_key (stable-fixes). * crypto: ecdsa - Fix the public key format description (git-fixes). * crypto: hisilicon/sec - Fix memory leak for sec resource release (stable- fixes). * csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). * decompress_bunzip2: fix rare decompression failure (git-fixes). * devres: Fix devm_krealloc() wasting memory (git-fixes). * devres: Fix memory leakage caused by driver API devm_free_percpu() (git- fixes). * dma: fix call order in dmam_free_coherent (git-fixes). * docs: crypto: async-tx-api: fix broken code example (git-fixes). * docs: Fix formatting of literal sections in fanotify docs (stable-fixes). * drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable- fixes). * drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). * drm/amd/display: Check for NULL pointer (stable-fixes). * drm/amd/display: Check index msg_id before read or write (stable-fixes). * drm/amd/display: Check pipe offset before setting vblank (stable-fixes). * drm/amd/display: Skip finding free audio for unknown engine_id (stable- fixes). * drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). * drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). * drm/amdgpu: avoid using null object of framebuffer (stable-fixes). * drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git- fixes). * drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). * drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). * drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). * drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). * drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). * drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). * drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). * drm/amd/pm: remove logically dead code for renoir (git-fixes). * drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git- fixes). * drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). * drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). * drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git- fixes). * drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git- fixes). * drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). * drm/lima: fix shared irq handling on driver remove (stable-fixes). * drm/lima: Mark simple_ondemand governor as softdep (git-fixes). * drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). * drm/meson: fix canvas release in bind function (git-fixes). * drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). * drm/mgag200: Set DDC timeout in milliseconds (git-fixes). * drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable- fixes). * drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git- fixes). * drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git- fixes). * drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). * drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). * drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). * drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). * drm/nouveau: prime: fix refcount underflow (git-fixes). * drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git- fixes). * drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). * drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). * drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). * drm/qxl: Add check for drm_cvt_mode (git-fixes). * drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). * drm/radeon/radeon_display: Decrease the size of allocated memory (stable- fixes). * drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). * drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). * drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). * eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). * exfat: check if cluster num is valid (git-fixes). * exfat: simplify is_valid_cluster() (git-fixes). * filelock: add a new locks_inode_context accessor function (git-fixes). * firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). * firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). * firmware: cs_dsp: Return error if block header overflows file (git-fixes). * firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). * firmware: cs_dsp: Validate payload length before processing block (git- fixes). * firmware: dmi: Stop decoding on broken entry (stable-fixes). * firmware: turris-mox-rwtm: Do not complete if there are no waiters (git- fixes). * firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). * firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). * fix build warning * fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). * ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). * fuse: verify {g,u}id mount options correctly (bsc#1228191). * gpio: mc33880: Convert comma to semicolon (git-fixes). * hfsplus: fix to avoid false alarm of circular locking (git-fixes). * hfsplus: fix uninit-value in copy_name (git-fixes). * HID: Add quirk for Logitech Casa touchpad (stable-fixes). * HID: wacom: Modify pen IDs (git-fixes). * hpet: Support 32-bit userspace (git-fixes). * hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). * hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). * hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). * i2c: mark HostNotify target address as used (git-fixes). * i2c: rcar: bring hardware to known state when probing (git-fixes). * i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) * i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) * i2c: testunit: avoid re-issued work after read message (git-fixes). * i2c: testunit: correct Kconfig description (git-fixes). * Input: elan_i2c - do not leave interrupt disabled on suspend failure (git- fixes). * Input: elantech - fix touchpad state on resume for Lenovo N24 (stable- fixes). * Input: ff-core - prefer struct_size over open coded arithmetic (stable- fixes). * Input: qt1050 - handle CHIP_ID reading error (git-fixes). * Input: silead - Always support 10 fingers (stable-fixes). * intel_th: pci: Add Granite Rapids SOC support (stable-fixes). * intel_th: pci: Add Granite Rapids support (stable-fixes). * intel_th: pci: Add Lunar Lake support (stable-fixes). * intel_th: pci: Add Meteor Lake-S support (stable-fixes). * intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). * iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). * ionic: clean interrupt before enabling queue to avoid credit race (git- fixes). * jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). * jfs: Fix array-index-out-of-bounds in diFree (git-fixes). * jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). * kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). * kABI: bpf: callback fixes kABI workaround (bsc#1225903). * kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). * kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903). * kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). * kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) * kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). * kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. * kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) * kernel-binary: vdso: Own module_dir * kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). * knfsd: LOOKUP can return an illegal error value (git-fixes). * kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). * kprobes: Make arch_check_ftrace_location static (git-fixes). * KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git- fixes). * KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings (bsc#1194869). * KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). * KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). * KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). * KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). * KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). * KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes). * KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). * KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). * KVM: x86: Add IBPB_BRTYPE support (bsc#1228079). * KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git- fixes). * KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). * KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git- fixes). * KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). * KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). * KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git- fixes). * KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). * KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). * KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). * KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git- fixes). * KVM: x86: Purge "highest ISR" cache when updating APICv state (git-fixes). * KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). * KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git- fixes). * leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). * leds: triggers: Flush pending brightness before activating trigger (git- fixes). * leds: trigger: Unregister sysfs attributes before calling deactivate() (git- fixes). * libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). * lib: objagg: Fix general protection fault (git-fixes). * lib: objagg: Fix spelling (git-fixes). * lib: test_objagg: Fix spelling (git-fixes). * lockd: set missing fl_flags field when retrieving args (git-fixes). * lockd: use locks_inode_context helper (git-fixes). * Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) * media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). * media: dvbdev: Initialize sbuf (stable-fixes). * media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). * media: dvb-frontends: tda18271c2dd: Remove casting during div (stable- fixes). * media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable- fixes). * media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). * media: dw2102: Do not translate i2c read into write (stable-fixes). * media: dw2102: fix a potential buffer overflow (git-fixes). * media: imon: Fix race getting ictx->lock (git-fixes). * media: s2255: Use refcount_t instead of atomic_t for num_channels (stable- fixes). * media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). * media: uvcvideo: Override default flags (git-fixes). * media: venus: fix use after free in vdec_close (git-fixes). * media: venus: flush all buffers in output plane streamoff (git-fixes). * mei: demote client disconnect warning on suspend to debug (stable-fixes). * mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). * mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). * net/dcb: check for detached device before executing callbacks (bsc#1215587). * netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). * netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). * netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). * netfilter: conntrack: work around exceeded receive window (bsc#1223180). * netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). * net: mana: Fix possible double free in error handling path (git-fixes). * net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). * net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). * net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git- fixes). * nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). * NFSD: Add an nfsd_file_fsync tracepoint (git-fixes). * NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git- fixes). * nfsd: Add errno mapping for EREMOTEIO (git-fixes). * NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes). * nfsd: add some comments to nfsd_file_do_acquire (git-fixes). * nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). * nfsd: allow reaping files still under writeback (git-fixes). * NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). * NFSD: Clean up nfsd3_proc_create() (git-fixes). * nfsd: Clean up nfsd_file_put() (git-fixes). * NFSD: Clean up nfsd_open_verified() (git-fixes). * NFSD: Clean up unused code after rhashtable conversion (git-fixes). * NFSD: Convert filecache to rhltable (git-fixes). * NFSD: Convert the filecache to use rhashtable (git-fixes). * NFSD: De-duplicate hash bucket indexing (git-fixes). * nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git- fixes). * nfsd: do not fsync nfsd_files on last close (git-fixes). * nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). * nfsd: do not kill nfsd_files because of lease break error (git-fixes). * nfsd: Do not leave work of closing files to a work queue (bsc#1228140). * nfsd: do not take/put an extra reference when putting a file (git-fixes). * NFSD enforce filehandle check for source file in COPY (git-fixes). * NFSD: Ensure nf_inode is never dereferenced (git-fixes). * nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). * NFSD: Fix licensing header in filecache.c (git-fixes). * nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). * nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). * NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes). * NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). * NFSD: Fix the filecache LRU shrinker (git-fixes). * nfsd: fix up the filecache laundrette scheduling (git-fixes). * nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). * NFSD: Flesh out a documenting comment for filecache.c (git-fixes). * NFSD: handle errors better in write_ports_addfd() (git-fixes). * NFSD: Instantiate a struct file when creating a regular NFSv4 file (git- fixes). * NFSD: Leave open files out of the filecache LRU (git-fixes). * nfsd: map EBADF (git-fixes). * NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes). * NFSD: nfsd_file_hash_remove can compute hashval (git-fixes). * nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). * NFSD: nfsd_file_put() can sleep (git-fixes). * NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). * NFSD: No longer record nf_hashval in the trace log (git-fixes). * NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes). * nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). * NFSD: Record number of flush calls (git-fixes). * NFSD: Refactor nfsd_create_setattr() (git-fixes). * NFSD: Refactor __nfsd_file_close_inode() (git-fixes). * NFSD: Refactor nfsd_file_gc() (git-fixes). * NFSD: Refactor nfsd_file_lru_scan() (git-fixes). * NFSD: Refactor NFSv3 CREATE (git-fixes). * NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes). * NFSD: Remove do_nfsd_create() (git-fixes). * NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). * NFSD: Remove nfsd_file::nf_hashval (git-fixes). * nfsd: remove the pages_flushed statistic from filecache (git-fixes). * nfsd: reorganize filecache.c (git-fixes). * NFSD: Replace the "init once" mechanism (git-fixes). * NFSD: Report average age of filecache items (git-fixes). * NFSD: Report count of calls to nfsd_file_acquire() (git-fixes). * NFSD: Report count of freed filecache items (git-fixes). * NFSD: Report filecache LRU size (git-fixes). * NFSD: Report the number of items evicted by the LRU walk (git-fixes). * nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). * nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). * nfsd: rework refcounting in filecache (git-fixes). * NFSD: Separate tracepoints for acquire and create (git-fixes). * NFSD: Set up an rhashtable for the filecache (git-fixes). * nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). * NFSD: simplify per-net file cache management (git-fixes). * nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). * nfsd: simplify the delayed disposal list code (git-fixes). * NFSD: Trace filecache LRU activity (git-fixes). * NFSD: Trace filecache opens (git-fixes). * NFSD: verify the opened dentry after setting a delegation (git-fixes). * NFSD: WARN when freeing an item still linked via nf_lru (git-fixes). * NFSD: Write verifier might go backwards (git-fixes). * NFSD: Zero counters when the filecache is re-initialized (git-fixes). * NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). * nfs: fix undefined behavior in nfs_block_bits() (git-fixes). * nfs: keep server info for remounts (git-fixes). * nfs: Leave pages in the pagecache if readpage failed (git-fixes). * NFSv4: Fixup smatch warning for ambiguous return (git-fixes). * NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) * nilfs2: add missing check for inode numbers on directory entries (git- fixes). * nilfs2: add missing check for inode numbers on directory entries (stable- fixes). * nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). * nilfs2: convert persistent object allocator to use kmap_local (git-fixes). * nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). * nilfs2: fix inode number range checks (git-fixes). * nilfs2: fix inode number range checks (stable-fixes). * nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). * nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). * nvme-auth: allow mixing of secret and hash lengths (git-fixes). * nvme-auth: use transformed key size to create resp (git-fixes). * nvme: avoid double free special payload (git-fixes). * nvme: ensure reset state check ordering (bsc#1215492). * nvme: fixup comment for nvme RDMA Provider Type (git-fixes). * nvme-multipath: find NUMA path only for online numa-node (git-fixes). * nvme-pci: add missing condition check for existence of mapped data (git- fixes). * nvme-pci: Fix the instructions for disabling power management (git-fixes). * nvmet: always initialize cqe.result (git-fixes). * nvmet-auth: fix nvmet_auth hash error handling (git-fixes). * nvmet: fix a possible leak when destroy a ctrl during qp establishment (git- fixes). * nvme: use ctrl state accessor (bsc#1215492). * ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). * ocfs2: remove redundant assignment to variable free_space (bsc#1228409). * ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). * orangefs: fix out-of-bounds fsid access (git-fixes). * PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). * PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). * PCI: Extend ACS configurability (bsc#1228090). * PCI: Fix resource double counting on remove & rescan (git-fixes). * PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git- fixes). * PCI: Introduce cleanup helpers for device reference counts and locks (git- fixes). * PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). * PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). * PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). * PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). * PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). * PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). * PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). * PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). * pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git- fixes). * pinctrl: freescale: mxs: Fix refcount of child (git-fixes). * pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git- fixes). * pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). * platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). * platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git- fixes). * platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). * platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). * platform/x86: lg-laptop: Change ACPI device id (stable-fixes). * platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). * platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet (stable-fixes). * platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). * platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable- fixes). * powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). * powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). * powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). * powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). * powerpc/rtas: clean up includes (bsc#1227487). * powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). * power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). * pwm: stm32: Always do lazy disabling (git-fixes). * RDMA/cache: Release GID table even if leak is detected (git-fixes) * RDMA/device: Return error earlier if port in not valid (git-fixes) * RDMA/hns: Check atomic wr length (git-fixes) * RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) * RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) * RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) * RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) * RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) * RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) * RDMA/hns: Fix unmatch exception handling when init eq table fails (git- fixes) * RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) * RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). * RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) * RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) * RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) * RDMA/restrack: Fix potential invalid address access (git-fixes) * RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) * regmap-i2c: Subtract reg size from max_write (stable-fixes). * Revert "ALSA: firewire-lib: obsolete workqueue for period update" (bsc#1208783). * Revert "ALSA: firewire-lib: operate for period elapse event in process context" (bsc#1208783). * Revert "leds: led-core: Fix refcount leak in of_led_get()" (git-fixes). * Revert "usb: musb: da8xx: Set phy in OTG mode by default" (stable-fixes). * rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). * rtc: cmos: Fix return value of nvmem callbacks (git-fixes). * rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). * rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). * rtlwifi: rtl8192de: Style clean-ups (stable-fixes). * s390: Implement __iowrite32_copy() (bsc#1226502) * s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) * saa7134: Unchecked i2c_transfer function result fixed (git-fixes). * sched/fair: Do not balance task to its current running CPU (git fixes (sched)). * sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). * scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). * scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). * scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). * scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). * scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). * scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). * scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). * scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). * scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). * scsi: qla2xxx: Complete command early within lock (bsc#1228850). * scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). * scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). * scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). * scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). * scsi: qla2xxx: Fix flash read failure (bsc#1228850). * scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). * scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). * scsi: qla2xxx: Indent help text (bsc#1228850). * scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). * scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). * scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). * scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). * scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). * scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). * scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). * selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). * selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). * selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). * selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). * selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). * selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). * selftests/bpf: fix __retval() being always ignored (bsc#1225903). * selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). * selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). * selftests/bpf: make test_align selftest more robust (bsc#1225903). * selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). * selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). * selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). * selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). * selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). * selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). * selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). * selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). * selftests/bpf: tests for iterating callbacks (bsc#1225903). * selftests/bpf: test widening for iterating callbacks (bsc#1225903). * selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). * selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). * selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). * selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). * selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). * selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). * soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). * spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable- fixes). * spi: mux: set ctlr->bits_per_word_mask (stable-fixes). * string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). * SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). * SUNRPC: Fix gss_free_in_token_pages() (git-fixes). * SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git- fixes). * sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). * SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). * supported.conf: * tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). * tpm: Prevent hwrng from activating during resume (bsc#1082555). * tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). * tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). * tpm, tpm: Implement usage counter for locality (bsc#1082555). * tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). * tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). * tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). * tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). * tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). * tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). * tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). * tracing: Build event generation tests only as modules (git-fixes). * tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). * tracing/osnoise: Add osnoise/options file (bsc#1228330) * tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) * tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) * tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) * tracing/osnoise: Make osnoise_instances static (bsc#1228330) * tracing/osnoise: Split workload start from the tracer start (bsc#1228330) * tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) * tracing/osnoise: Use built-in RCU list checking (bsc#1228330) * tracing/timerlat: Notify new max thread latency (bsc#1228330) * USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). * usb: cdns3: allocate TX FIFO size according to composite EP number (git- fixes). * usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). * usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). * usb: cdns3: improve handling of unaligned address case (git-fixes). * usb: cdns3: optimize OUT transfer by copying only actual received data (git- fixes). * usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git- fixes). * USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). * usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). * usb: dwc3: gadget: Force sending delayed status during soft disconnect (git- fixes). * usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git- fixes). * usb: gadget: call usb_gadget_check_config() to verify UDC capability (git- fixes). * usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable- fixes). * usb: gadget: printer: SS+ support (stable-fixes). * usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). * USB: serial: mos7840: fix crash on resume (git-fixes). * USB: serial: option: add Fibocom FM350-GL (stable-fixes). * USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). * USB: serial: option: add Rolling RW350-GL variants (stable-fixes). * USB: serial: option: add support for Foxconn T99W651 (stable-fixes). * USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). * USB: serial: option: add Telit generic core-dump composition (stable-fixes). * usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). * usb: xhci-plat: Do not include xhci.h (git-fixes). * USB: xhci-plat: fix legacy PHY double init (git-fixes). * wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). * wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). * wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). * wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). * wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). * wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). * wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). * wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). * wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable- fixes). * wifi: mac80211: disable softirqs for queued frame handling (git-fixes). * wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). * wifi: mac80211: handle tasklet frames before stopping (stable-fixes). * wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). * wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). * wifi: mwifiex: Fix interface type change (git-fixes). * wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git- fixes). * wifi: wilc1000: fix ies_len type in connect path (git-fixes). * workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). * workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). * x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). * x86/apic: Force native_apic_mem_read() to use the MOV instruction (git- fixes). * x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). * x86/bugs: Remove default case for fully switched enums (bsc#1227900). * x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). * x86/ibt,ftrace: Search for **fentry** location (git-fixes). * x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). * x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). * x86/mm: Fix enc_status_change_finish_noop() (git-fixes). * x86/purgatory: Switch to the position-independent small code model (git- fixes). * x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). * x86/srso: Remove 'pred_cmd' label (bsc#1227900). * x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) * x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). * xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). * xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). * xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). * xhci: Set correct transferred length for cancelled bulk transfers (stable- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-2947=1 openSUSE-SLE-15.5-2024-2947=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-2947=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * cluster-md-kmp-azure-5.14.21-150500.33.63.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * gfs2-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.63.1 * ocfs2-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-devel-5.14.21-150500.33.63.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * reiserfs-kmp-azure-5.14.21-150500.33.63.1 * dlm-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.63.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.63.1 * kselftests-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-optional-5.14.21-150500.33.63.1 * kernel-azure-extra-5.14.21-150500.33.63.1 * kernel-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-debugsource-5.14.21-150500.33.63.1 * kernel-syms-azure-5.14.21-150500.33.63.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.63.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.63.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-vdso-5.14.21-150500.33.63.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.63.1 * kernel-devel-azure-5.14.21-150500.33.63.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.63.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-debugsource-5.14.21-150500.33.63.1 * kernel-syms-azure-5.14.21-150500.33.63.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-devel-5.14.21-150500.33.63.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.63.1 * kernel-devel-azure-5.14.21-150500.33.63.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47086.html * https://www.suse.com/security/cve/CVE-2021-47103.html * https://www.suse.com/security/cve/CVE-2021-47186.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47546.html * https://www.suse.com/security/cve/CVE-2021-47547.html * https://www.suse.com/security/cve/CVE-2021-47588.html * https://www.suse.com/security/cve/CVE-2021-47590.html * https://www.suse.com/security/cve/CVE-2021-47591.html * https://www.suse.com/security/cve/CVE-2021-47593.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47599.html * https://www.suse.com/security/cve/CVE-2021-47606.html * https://www.suse.com/security/cve/CVE-2021-47622.html * https://www.suse.com/security/cve/CVE-2021-47623.html * https://www.suse.com/security/cve/CVE-2021-47624.html * https://www.suse.com/security/cve/CVE-2022-48713.html * https://www.suse.com/security/cve/CVE-2022-48730.html * https://www.suse.com/security/cve/CVE-2022-48732.html * https://www.suse.com/security/cve/CVE-2022-48749.html * https://www.suse.com/security/cve/CVE-2022-48756.html * https://www.suse.com/security/cve/CVE-2022-48773.html * https://www.suse.com/security/cve/CVE-2022-48774.html * https://www.suse.com/security/cve/CVE-2022-48775.html * https://www.suse.com/security/cve/CVE-2022-48776.html * https://www.suse.com/security/cve/CVE-2022-48777.html * https://www.suse.com/security/cve/CVE-2022-48778.html * https://www.suse.com/security/cve/CVE-2022-48780.html * https://www.suse.com/security/cve/CVE-2022-48783.html * https://www.suse.com/security/cve/CVE-2022-48784.html * https://www.suse.com/security/cve/CVE-2022-48785.html * https://www.suse.com/security/cve/CVE-2022-48786.html * https://www.suse.com/security/cve/CVE-2022-48787.html * https://www.suse.com/security/cve/CVE-2022-48788.html * https://www.suse.com/security/cve/CVE-2022-48789.html * https://www.suse.com/security/cve/CVE-2022-48790.html * https://www.suse.com/security/cve/CVE-2022-48791.html * https://www.suse.com/security/cve/CVE-2022-48792.html * https://www.suse.com/security/cve/CVE-2022-48793.html * https://www.suse.com/security/cve/CVE-2022-48794.html * https://www.suse.com/security/cve/CVE-2022-48796.html * https://www.suse.com/security/cve/CVE-2022-48797.html * https://www.suse.com/security/cve/CVE-2022-48798.html * https://www.suse.com/security/cve/CVE-2022-48799.html * https://www.suse.com/security/cve/CVE-2022-48800.html * https://www.suse.com/security/cve/CVE-2022-48801.html * https://www.suse.com/security/cve/CVE-2022-48802.html * https://www.suse.com/security/cve/CVE-2022-48803.html * https://www.suse.com/security/cve/CVE-2022-48804.html * https://www.suse.com/security/cve/CVE-2022-48805.html * https://www.suse.com/security/cve/CVE-2022-48806.html * https://www.suse.com/security/cve/CVE-2022-48807.html * https://www.suse.com/security/cve/CVE-2022-48809.html * https://www.suse.com/security/cve/CVE-2022-48810.html * https://www.suse.com/security/cve/CVE-2022-48811.html * https://www.suse.com/security/cve/CVE-2022-48812.html * https://www.suse.com/security/cve/CVE-2022-48813.html * https://www.suse.com/security/cve/CVE-2022-48814.html * https://www.suse.com/security/cve/CVE-2022-48815.html * https://www.suse.com/security/cve/CVE-2022-48816.html * https://www.suse.com/security/cve/CVE-2022-48817.html * https://www.suse.com/security/cve/CVE-2022-48818.html * https://www.suse.com/security/cve/CVE-2022-48820.html * https://www.suse.com/security/cve/CVE-2022-48821.html * https://www.suse.com/security/cve/CVE-2022-48822.html * https://www.suse.com/security/cve/CVE-2022-48823.html * https://www.suse.com/security/cve/CVE-2022-48824.html * https://www.suse.com/security/cve/CVE-2022-48825.html * https://www.suse.com/security/cve/CVE-2022-48826.html * https://www.suse.com/security/cve/CVE-2022-48827.html * https://www.suse.com/security/cve/CVE-2022-48828.html * https://www.suse.com/security/cve/CVE-2022-48829.html * https://www.suse.com/security/cve/CVE-2022-48830.html * https://www.suse.com/security/cve/CVE-2022-48831.html * https://www.suse.com/security/cve/CVE-2022-48834.html * https://www.suse.com/security/cve/CVE-2022-48835.html * https://www.suse.com/security/cve/CVE-2022-48836.html * https://www.suse.com/security/cve/CVE-2022-48837.html * https://www.suse.com/security/cve/CVE-2022-48838.html * https://www.suse.com/security/cve/CVE-2022-48839.html * https://www.suse.com/security/cve/CVE-2022-48840.html * https://www.suse.com/security/cve/CVE-2022-48841.html * https://www.suse.com/security/cve/CVE-2022-48842.html * https://www.suse.com/security/cve/CVE-2022-48843.html * https://www.suse.com/security/cve/CVE-2022-48844.html * https://www.suse.com/security/cve/CVE-2022-48846.html * https://www.suse.com/security/cve/CVE-2022-48847.html * https://www.suse.com/security/cve/CVE-2022-48849.html * https://www.suse.com/security/cve/CVE-2022-48850.html * https://www.suse.com/security/cve/CVE-2022-48851.html * https://www.suse.com/security/cve/CVE-2022-48852.html * https://www.suse.com/security/cve/CVE-2022-48853.html * https://www.suse.com/security/cve/CVE-2022-48855.html * https://www.suse.com/security/cve/CVE-2022-48856.html * https://www.suse.com/security/cve/CVE-2022-48857.html * https://www.suse.com/security/cve/CVE-2022-48858.html * https://www.suse.com/security/cve/CVE-2022-48859.html * https://www.suse.com/security/cve/CVE-2022-48860.html * https://www.suse.com/security/cve/CVE-2022-48861.html * https://www.suse.com/security/cve/CVE-2022-48862.html * https://www.suse.com/security/cve/CVE-2022-48863.html * https://www.suse.com/security/cve/CVE-2022-48864.html * https://www.suse.com/security/cve/CVE-2022-48866.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-52435.html * https://www.suse.com/security/cve/CVE-2023-52573.html * https://www.suse.com/security/cve/CVE-2023-52580.html * https://www.suse.com/security/cve/CVE-2023-52591.html * https://www.suse.com/security/cve/CVE-2023-52735.html * https://www.suse.com/security/cve/CVE-2023-52751.html * https://www.suse.com/security/cve/CVE-2023-52762.html * https://www.suse.com/security/cve/CVE-2023-52775.html * https://www.suse.com/security/cve/CVE-2023-52812.html * https://www.suse.com/security/cve/CVE-2023-52857.html * https://www.suse.com/security/cve/CVE-2023-52863.html * https://www.suse.com/security/cve/CVE-2023-52885.html * https://www.suse.com/security/cve/CVE-2023-52886.html * https://www.suse.com/security/cve/CVE-2024-25741.html * https://www.suse.com/security/cve/CVE-2024-26583.html * https://www.suse.com/security/cve/CVE-2024-26584.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26615.html * https://www.suse.com/security/cve/CVE-2024-26633.html * https://www.suse.com/security/cve/CVE-2024-26635.html * https://www.suse.com/security/cve/CVE-2024-26636.html * https://www.suse.com/security/cve/CVE-2024-26641.html * https://www.suse.com/security/cve/CVE-2024-26661.html * https://www.suse.com/security/cve/CVE-2024-26663.html * https://www.suse.com/security/cve/CVE-2024-26665.html * https://www.suse.com/security/cve/CVE-2024-26800.html * https://www.suse.com/security/cve/CVE-2024-26802.html * https://www.suse.com/security/cve/CVE-2024-26813.html * https://www.suse.com/security/cve/CVE-2024-26814.html * https://www.suse.com/security/cve/CVE-2024-26863.html * https://www.suse.com/security/cve/CVE-2024-26889.html * https://www.suse.com/security/cve/CVE-2024-26920.html * https://www.suse.com/security/cve/CVE-2024-26935.html * https://www.suse.com/security/cve/CVE-2024-269355.html * https://www.suse.com/security/cve/CVE-2024-26961.html * https://www.suse.com/security/cve/CVE-2024-26976.html * https://www.suse.com/security/cve/CVE-2024-27015.html * https://www.suse.com/security/cve/CVE-2024-27019.html * https://www.suse.com/security/cve/CVE-2024-27020.html * https://www.suse.com/security/cve/CVE-2024-27025.html * https://www.suse.com/security/cve/CVE-2024-27065.html * https://www.suse.com/security/cve/CVE-2024-27402.html * https://www.suse.com/security/cve/CVE-2024-27437.html * https://www.suse.com/security/cve/CVE-2024-35805.html * https://www.suse.com/security/cve/CVE-2024-35819.html * https://www.suse.com/security/cve/CVE-2024-35837.html * https://www.suse.com/security/cve/CVE-2024-35853.html * https://www.suse.com/security/cve/CVE-2024-35854.html * https://www.suse.com/security/cve/CVE-2024-35855.html * https://www.suse.com/security/cve/CVE-2024-35889.html * https://www.suse.com/security/cve/CVE-2024-35890.html * https://www.suse.com/security/cve/CVE-2024-35893.html * https://www.suse.com/security/cve/CVE-2024-35899.html * https://www.suse.com/security/cve/CVE-2024-35934.html * https://www.suse.com/security/cve/CVE-2024-35949.html * https://www.suse.com/security/cve/CVE-2024-35961.html * https://www.suse.com/security/cve/CVE-2024-35979.html * https://www.suse.com/security/cve/CVE-2024-35995.html * https://www.suse.com/security/cve/CVE-2024-36000.html * https://www.suse.com/security/cve/CVE-2024-36004.html * https://www.suse.com/security/cve/CVE-2024-36288.html * https://www.suse.com/security/cve/CVE-2024-36889.html * https://www.suse.com/security/cve/CVE-2024-36901.html * https://www.suse.com/security/cve/CVE-2024-36902.html * https://www.suse.com/security/cve/CVE-2024-36909.html * https://www.suse.com/security/cve/CVE-2024-36910.html * https://www.suse.com/security/cve/CVE-2024-36911.html * https://www.suse.com/security/cve/CVE-2024-36912.html * https://www.suse.com/security/cve/CVE-2024-36913.html * https://www.suse.com/security/cve/CVE-2024-36914.html * https://www.suse.com/security/cve/CVE-2024-36919.html * https://www.suse.com/security/cve/CVE-2024-36923.html * https://www.suse.com/security/cve/CVE-2024-36924.html * https://www.suse.com/security/cve/CVE-2024-36926.html * https://www.suse.com/security/cve/CVE-2024-36939.html * https://www.suse.com/security/cve/CVE-2024-36941.html * https://www.suse.com/security/cve/CVE-2024-36942.html * https://www.suse.com/security/cve/CVE-2024-36944.html * https://www.suse.com/security/cve/CVE-2024-36946.html * https://www.suse.com/security/cve/CVE-2024-36947.html * https://www.suse.com/security/cve/CVE-2024-36950.html * https://www.suse.com/security/cve/CVE-2024-36952.html * https://www.suse.com/security/cve/CVE-2024-36955.html * https://www.suse.com/security/cve/CVE-2024-36959.html * https://www.suse.com/security/cve/CVE-2024-36974.html * https://www.suse.com/security/cve/CVE-2024-38548.html * https://www.suse.com/security/cve/CVE-2024-38555.html * https://www.suse.com/security/cve/CVE-2024-38558.html * https://www.suse.com/security/cve/CVE-2024-38559.html * https://www.suse.com/security/cve/CVE-2024-38570.html * https://www.suse.com/security/cve/CVE-2024-38586.html * https://www.suse.com/security/cve/CVE-2024-38588.html * https://www.suse.com/security/cve/CVE-2024-38598.html * https://www.suse.com/security/cve/CVE-2024-38628.html * https://www.suse.com/security/cve/CVE-2024-39276.html * https://www.suse.com/security/cve/CVE-2024-39371.html * https://www.suse.com/security/cve/CVE-2024-39463.html * https://www.suse.com/security/cve/CVE-2024-39472.html * https://www.suse.com/security/cve/CVE-2024-39475.html * https://www.suse.com/security/cve/CVE-2024-39482.html * https://www.suse.com/security/cve/CVE-2024-39487.html * https://www.suse.com/security/cve/CVE-2024-39488.html * https://www.suse.com/security/cve/CVE-2024-39490.html * https://www.suse.com/security/cve/CVE-2024-39493.html * https://www.suse.com/security/cve/CVE-2024-39494.html * https://www.suse.com/security/cve/CVE-2024-39497.html * https://www.suse.com/security/cve/CVE-2024-39499.html * https://www.suse.com/security/cve/CVE-2024-39500.html * https://www.suse.com/security/cve/CVE-2024-39501.html * https://www.suse.com/security/cve/CVE-2024-39502.html * https://www.suse.com/security/cve/CVE-2024-39505.html * https://www.suse.com/security/cve/CVE-2024-39506.html * https://www.suse.com/security/cve/CVE-2024-39507.html * https://www.suse.com/security/cve/CVE-2024-39508.html * https://www.suse.com/security/cve/CVE-2024-39509.html * https://www.suse.com/security/cve/CVE-2024-40900.html * https://www.suse.com/security/cve/CVE-2024-40901.html * https://www.suse.com/security/cve/CVE-2024-40902.html * https://www.suse.com/security/cve/CVE-2024-40903.html * https://www.suse.com/security/cve/CVE-2024-40904.html * https://www.suse.com/security/cve/CVE-2024-40906.html * https://www.suse.com/security/cve/CVE-2024-40908.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40911.html * https://www.suse.com/security/cve/CVE-2024-40912.html * https://www.suse.com/security/cve/CVE-2024-40916.html * https://www.suse.com/security/cve/CVE-2024-40919.html * https://www.suse.com/security/cve/CVE-2024-40923.html * https://www.suse.com/security/cve/CVE-2024-40924.html * https://www.suse.com/security/cve/CVE-2024-40927.html * https://www.suse.com/security/cve/CVE-2024-40929.html * https://www.suse.com/security/cve/CVE-2024-40931.html * https://www.suse.com/security/cve/CVE-2024-40932.html * https://www.suse.com/security/cve/CVE-2024-40934.html * https://www.suse.com/security/cve/CVE-2024-40935.html * https://www.suse.com/security/cve/CVE-2024-40937.html * https://www.suse.com/security/cve/CVE-2024-40940.html * https://www.suse.com/security/cve/CVE-2024-40941.html * https://www.suse.com/security/cve/CVE-2024-40942.html * https://www.suse.com/security/cve/CVE-2024-40943.html * https://www.suse.com/security/cve/CVE-2024-40945.html * https://www.suse.com/security/cve/CVE-2024-40953.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-40956.html * https://www.suse.com/security/cve/CVE-2024-40958.html * https://www.suse.com/security/cve/CVE-2024-40959.html * https://www.suse.com/security/cve/CVE-2024-40960.html * https://www.suse.com/security/cve/CVE-2024-40961.html * https://www.suse.com/security/cve/CVE-2024-40966.html * https://www.suse.com/security/cve/CVE-2024-40967.html * https://www.suse.com/security/cve/CVE-2024-40970.html * https://www.suse.com/security/cve/CVE-2024-40972.html * https://www.suse.com/security/cve/CVE-2024-40976.html * https://www.suse.com/security/cve/CVE-2024-40977.html * https://www.suse.com/security/cve/CVE-2024-40981.html * https://www.suse.com/security/cve/CVE-2024-40982.html * https://www.suse.com/security/cve/CVE-2024-40984.html * https://www.suse.com/security/cve/CVE-2024-40987.html * https://www.suse.com/security/cve/CVE-2024-40988.html * https://www.suse.com/security/cve/CVE-2024-40989.html * https://www.suse.com/security/cve/CVE-2024-40990.html * https://www.suse.com/security/cve/CVE-2024-40994.html * https://www.suse.com/security/cve/CVE-2024-40998.html * https://www.suse.com/security/cve/CVE-2024-40999.html * https://www.suse.com/security/cve/CVE-2024-41002.html * https://www.suse.com/security/cve/CVE-2024-41004.html * https://www.suse.com/security/cve/CVE-2024-41006.html * https://www.suse.com/security/cve/CVE-2024-41009.html * https://www.suse.com/security/cve/CVE-2024-41011.html * https://www.suse.com/security/cve/CVE-2024-41012.html * https://www.suse.com/security/cve/CVE-2024-41013.html * https://www.suse.com/security/cve/CVE-2024-41014.html * https://www.suse.com/security/cve/CVE-2024-41015.html * https://www.suse.com/security/cve/CVE-2024-41016.html * https://www.suse.com/security/cve/CVE-2024-41017.html * https://www.suse.com/security/cve/CVE-2024-41040.html * https://www.suse.com/security/cve/CVE-2024-41041.html * https://www.suse.com/security/cve/CVE-2024-41044.html * https://www.suse.com/security/cve/CVE-2024-41048.html * https://www.suse.com/security/cve/CVE-2024-41057.html * https://www.suse.com/security/cve/CVE-2024-41058.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-41063.html * https://www.suse.com/security/cve/CVE-2024-41064.html * https://www.suse.com/security/cve/CVE-2024-41066.html * https://www.suse.com/security/cve/CVE-2024-41069.html * https://www.suse.com/security/cve/CVE-2024-41070.html * https://www.suse.com/security/cve/CVE-2024-41071.html * https://www.suse.com/security/cve/CVE-2024-41072.html * https://www.suse.com/security/cve/CVE-2024-41076.html * https://www.suse.com/security/cve/CVE-2024-41078.html * https://www.suse.com/security/cve/CVE-2024-41081.html * https://www.suse.com/security/cve/CVE-2024-41087.html * https://www.suse.com/security/cve/CVE-2024-41090.html * https://www.suse.com/security/cve/CVE-2024-41091.html * https://www.suse.com/security/cve/CVE-2024-42070.html * https://www.suse.com/security/cve/CVE-2024-42079.html * https://www.suse.com/security/cve/CVE-2024-42093.html * https://www.suse.com/security/cve/CVE-2024-42096.html * https://www.suse.com/security/cve/CVE-2024-42105.html * https://www.suse.com/security/cve/CVE-2024-42122.html * https://www.suse.com/security/cve/CVE-2024-42124.html * https://www.suse.com/security/cve/CVE-2024-42145.html * https://www.suse.com/security/cve/CVE-2024-42161.html * https://www.suse.com/security/cve/CVE-2024-42224.html * https://www.suse.com/security/cve/CVE-2024-42230.html * https://bugzilla.suse.com/show_bug.cgi?id=1082555 * https://bugzilla.suse.com/show_bug.cgi?id=1193454 * https://bugzilla.suse.com/show_bug.cgi?id=1193554 * https://bugzilla.suse.com/show_bug.cgi?id=1193787 * https://bugzilla.suse.com/show_bug.cgi?id=1194324 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1195357 * https://bugzilla.suse.com/show_bug.cgi?id=1195668 * https://bugzilla.suse.com/show_bug.cgi?id=1195927 * https://bugzilla.suse.com/show_bug.cgi?id=1195957 * https://bugzilla.suse.com/show_bug.cgi?id=1196018 * https://bugzilla.suse.com/show_bug.cgi?id=1196823 * https://bugzilla.suse.com/show_bug.cgi?id=1197146 * https://bugzilla.suse.com/show_bug.cgi?id=1197246 * https://bugzilla.suse.com/show_bug.cgi?id=1197762 * https://bugzilla.suse.com/show_bug.cgi?id=1202346 * https://bugzilla.suse.com/show_bug.cgi?id=1202686 * https://bugzilla.suse.com/show_bug.cgi?id=1208783 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1215492 * https://bugzilla.suse.com/show_bug.cgi?id=1215587 * https://bugzilla.suse.com/show_bug.cgi?id=1216834 * https://bugzilla.suse.com/show_bug.cgi?id=1219832 * https://bugzilla.suse.com/show_bug.cgi?id=1220138 * https://bugzilla.suse.com/show_bug.cgi?id=1220185 * https://bugzilla.suse.com/show_bug.cgi?id=1220186 * https://bugzilla.suse.com/show_bug.cgi?id=1220187 * https://bugzilla.suse.com/show_bug.cgi?id=1220869 * https://bugzilla.suse.com/show_bug.cgi?id=1220876 * https://bugzilla.suse.com/show_bug.cgi?id=1220942 * https://bugzilla.suse.com/show_bug.cgi?id=1220952 * https://bugzilla.suse.com/show_bug.cgi?id=1221010 * https://bugzilla.suse.com/show_bug.cgi?id=1221044 * https://bugzilla.suse.com/show_bug.cgi?id=1221647 * https://bugzilla.suse.com/show_bug.cgi?id=1221654 * https://bugzilla.suse.com/show_bug.cgi?id=1221656 * https://bugzilla.suse.com/show_bug.cgi?id=1221659 * https://bugzilla.suse.com/show_bug.cgi?id=1221777 * https://bugzilla.suse.com/show_bug.cgi?id=1222011 * https://bugzilla.suse.com/show_bug.cgi?id=1222323 * https://bugzilla.suse.com/show_bug.cgi?id=1222326 * https://bugzilla.suse.com/show_bug.cgi?id=1222328 * https://bugzilla.suse.com/show_bug.cgi?id=1222625 * https://bugzilla.suse.com/show_bug.cgi?id=1222702 * https://bugzilla.suse.com/show_bug.cgi?id=1222728 * https://bugzilla.suse.com/show_bug.cgi?id=1222799 * https://bugzilla.suse.com/show_bug.cgi?id=1222809 * https://bugzilla.suse.com/show_bug.cgi?id=1222810 * https://bugzilla.suse.com/show_bug.cgi?id=1223021 * https://bugzilla.suse.com/show_bug.cgi?id=1223180 * https://bugzilla.suse.com/show_bug.cgi?id=1223635 * https://bugzilla.suse.com/show_bug.cgi?id=1223652 * https://bugzilla.suse.com/show_bug.cgi?id=1223675 * https://bugzilla.suse.com/show_bug.cgi?id=1223778 * https://bugzilla.suse.com/show_bug.cgi?id=1223806 * https://bugzilla.suse.com/show_bug.cgi?id=1223813 * https://bugzilla.suse.com/show_bug.cgi?id=1223815 * https://bugzilla.suse.com/show_bug.cgi?id=1223836 * https://bugzilla.suse.com/show_bug.cgi?id=1223863 * https://bugzilla.suse.com/show_bug.cgi?id=1224414 * https://bugzilla.suse.com/show_bug.cgi?id=1224499 * https://bugzilla.suse.com/show_bug.cgi?id=1224500 * https://bugzilla.suse.com/show_bug.cgi?id=1224512 * https://bugzilla.suse.com/show_bug.cgi?id=1224516 * https://bugzilla.suse.com/show_bug.cgi?id=1224517 * https://bugzilla.suse.com/show_bug.cgi?id=1224545 * https://bugzilla.suse.com/show_bug.cgi?id=1224548 * https://bugzilla.suse.com/show_bug.cgi?id=1224557 * https://bugzilla.suse.com/show_bug.cgi?id=1224572 * https://bugzilla.suse.com/show_bug.cgi?id=1224573 * https://bugzilla.suse.com/show_bug.cgi?id=1224585 * https://bugzilla.suse.com/show_bug.cgi?id=1224604 * https://bugzilla.suse.com/show_bug.cgi?id=1224636 * https://bugzilla.suse.com/show_bug.cgi?id=1224641 * https://bugzilla.suse.com/show_bug.cgi?id=1224683 * https://bugzilla.suse.com/show_bug.cgi?id=1224694 * https://bugzilla.suse.com/show_bug.cgi?id=1224700 * https://bugzilla.suse.com/show_bug.cgi?id=1224743 * https://bugzilla.suse.com/show_bug.cgi?id=1225088 * https://bugzilla.suse.com/show_bug.cgi?id=1225272 * https://bugzilla.suse.com/show_bug.cgi?id=1225301 * https://bugzilla.suse.com/show_bug.cgi?id=1225475 * https://bugzilla.suse.com/show_bug.cgi?id=1225489 * https://bugzilla.suse.com/show_bug.cgi?id=1225504 * https://bugzilla.suse.com/show_bug.cgi?id=1225505 * https://bugzilla.suse.com/show_bug.cgi?id=1225564 * https://bugzilla.suse.com/show_bug.cgi?id=1225573 * https://bugzilla.suse.com/show_bug.cgi?id=1225581 * https://bugzilla.suse.com/show_bug.cgi?id=1225586 * https://bugzilla.suse.com/show_bug.cgi?id=1225711 * https://bugzilla.suse.com/show_bug.cgi?id=1225717 * https://bugzilla.suse.com/show_bug.cgi?id=1225719 * https://bugzilla.suse.com/show_bug.cgi?id=1225744 * https://bugzilla.suse.com/show_bug.cgi?id=1225745 * https://bugzilla.suse.com/show_bug.cgi?id=1225746 * https://bugzilla.suse.com/show_bug.cgi?id=1225752 * https://bugzilla.suse.com/show_bug.cgi?id=1225753 * https://bugzilla.suse.com/show_bug.cgi?id=1225757 * https://bugzilla.suse.com/show_bug.cgi?id=1225767 * https://bugzilla.suse.com/show_bug.cgi?id=1225810 * https://bugzilla.suse.com/show_bug.cgi?id=1225815 * https://bugzilla.suse.com/show_bug.cgi?id=1225820 * https://bugzilla.suse.com/show_bug.cgi?id=1225829 * https://bugzilla.suse.com/show_bug.cgi?id=1225835 * https://bugzilla.suse.com/show_bug.cgi?id=1225838 * https://bugzilla.suse.com/show_bug.cgi?id=1225839 * https://bugzilla.suse.com/show_bug.cgi?id=1225843 * https://bugzilla.suse.com/show_bug.cgi?id=1225847 * https://bugzilla.suse.com/show_bug.cgi?id=1225851 * https://bugzilla.suse.com/show_bug.cgi?id=1225856 * https://bugzilla.suse.com/show_bug.cgi?id=1225895 * https://bugzilla.suse.com/show_bug.cgi?id=1225898 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226202 * https://bugzilla.suse.com/show_bug.cgi?id=1226502 * https://bugzilla.suse.com/show_bug.cgi?id=1226519 * https://bugzilla.suse.com/show_bug.cgi?id=1226551 * https://bugzilla.suse.com/show_bug.cgi?id=1226555 * https://bugzilla.suse.com/show_bug.cgi?id=1226565 * https://bugzilla.suse.com/show_bug.cgi?id=1226568 * https://bugzilla.suse.com/show_bug.cgi?id=1226570 * https://bugzilla.suse.com/show_bug.cgi?id=1226571 * https://bugzilla.suse.com/show_bug.cgi?id=1226574 * https://bugzilla.suse.com/show_bug.cgi?id=1226588 * https://bugzilla.suse.com/show_bug.cgi?id=1226607 * https://bugzilla.suse.com/show_bug.cgi?id=1226650 * https://bugzilla.suse.com/show_bug.cgi?id=1226698 * https://bugzilla.suse.com/show_bug.cgi?id=1226713 * https://bugzilla.suse.com/show_bug.cgi?id=1226716 * https://bugzilla.suse.com/show_bug.cgi?id=1226750 * https://bugzilla.suse.com/show_bug.cgi?id=1226757 * https://bugzilla.suse.com/show_bug.cgi?id=1226758 * https://bugzilla.suse.com/show_bug.cgi?id=1226775 * https://bugzilla.suse.com/show_bug.cgi?id=1226783 * https://bugzilla.suse.com/show_bug.cgi?id=1226785 * https://bugzilla.suse.com/show_bug.cgi?id=1226834 * https://bugzilla.suse.com/show_bug.cgi?id=1226837 * https://bugzilla.suse.com/show_bug.cgi?id=1226911 * https://bugzilla.suse.com/show_bug.cgi?id=1226990 * https://bugzilla.suse.com/show_bug.cgi?id=1226993 * https://bugzilla.suse.com/show_bug.cgi?id=1227090 * https://bugzilla.suse.com/show_bug.cgi?id=1227121 * https://bugzilla.suse.com/show_bug.cgi?id=1227157 * https://bugzilla.suse.com/show_bug.cgi?id=1227162 * https://bugzilla.suse.com/show_bug.cgi?id=1227362 * https://bugzilla.suse.com/show_bug.cgi?id=1227383 * https://bugzilla.suse.com/show_bug.cgi?id=1227432 * https://bugzilla.suse.com/show_bug.cgi?id=1227435 * https://bugzilla.suse.com/show_bug.cgi?id=1227447 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227549 * https://bugzilla.suse.com/show_bug.cgi?id=1227573 * https://bugzilla.suse.com/show_bug.cgi?id=1227618 * https://bugzilla.suse.com/show_bug.cgi?id=1227620 * https://bugzilla.suse.com/show_bug.cgi?id=1227626 * https://bugzilla.suse.com/show_bug.cgi?id=1227635 * https://bugzilla.suse.com/show_bug.cgi?id=1227661 * https://bugzilla.suse.com/show_bug.cgi?id=1227716 * https://bugzilla.suse.com/show_bug.cgi?id=1227722 * https://bugzilla.suse.com/show_bug.cgi?id=1227724 * https://bugzilla.suse.com/show_bug.cgi?id=1227725 * https://bugzilla.suse.com/show_bug.cgi?id=1227728 * https://bugzilla.suse.com/show_bug.cgi?id=1227729 * https://bugzilla.suse.com/show_bug.cgi?id=1227730 * https://bugzilla.suse.com/show_bug.cgi?id=1227732 * https://bugzilla.suse.com/show_bug.cgi?id=1227733 * https://bugzilla.suse.com/show_bug.cgi?id=1227750 * https://bugzilla.suse.com/show_bug.cgi?id=1227754 * https://bugzilla.suse.com/show_bug.cgi?id=1227755 * https://bugzilla.suse.com/show_bug.cgi?id=1227760 * https://bugzilla.suse.com/show_bug.cgi?id=1227762 * https://bugzilla.suse.com/show_bug.cgi?id=1227763 * https://bugzilla.suse.com/show_bug.cgi?id=1227764 * https://bugzilla.suse.com/show_bug.cgi?id=1227766 * https://bugzilla.suse.com/show_bug.cgi?id=1227770 * https://bugzilla.suse.com/show_bug.cgi?id=1227771 * https://bugzilla.suse.com/show_bug.cgi?id=1227772 * https://bugzilla.suse.com/show_bug.cgi?id=1227774 * https://bugzilla.suse.com/show_bug.cgi?id=1227779 * https://bugzilla.suse.com/show_bug.cgi?id=1227780 * https://bugzilla.suse.com/show_bug.cgi?id=1227783 * https://bugzilla.suse.com/show_bug.cgi?id=1227786 * https://bugzilla.suse.com/show_bug.cgi?id=1227787 * https://bugzilla.suse.com/show_bug.cgi?id=1227790 * https://bugzilla.suse.com/show_bug.cgi?id=1227792 * https://bugzilla.suse.com/show_bug.cgi?id=1227796 * https://bugzilla.suse.com/show_bug.cgi?id=1227797 * https://bugzilla.suse.com/show_bug.cgi?id=1227798 * https://bugzilla.suse.com/show_bug.cgi?id=1227800 * https://bugzilla.suse.com/show_bug.cgi?id=1227802 * https://bugzilla.suse.com/show_bug.cgi?id=1227806 * https://bugzilla.suse.com/show_bug.cgi?id=1227808 * https://bugzilla.suse.com/show_bug.cgi?id=1227810 * https://bugzilla.suse.com/show_bug.cgi?id=1227812 * https://bugzilla.suse.com/show_bug.cgi?id=1227813 * https://bugzilla.suse.com/show_bug.cgi?id=1227814 * https://bugzilla.suse.com/show_bug.cgi?id=1227816 * https://bugzilla.suse.com/show_bug.cgi?id=1227820 * https://bugzilla.suse.com/show_bug.cgi?id=1227823 * https://bugzilla.suse.com/show_bug.cgi?id=1227824 * https://bugzilla.suse.com/show_bug.cgi?id=1227828 * https://bugzilla.suse.com/show_bug.cgi?id=1227829 * https://bugzilla.suse.com/show_bug.cgi?id=1227836 * https://bugzilla.suse.com/show_bug.cgi?id=1227846 * https://bugzilla.suse.com/show_bug.cgi?id=1227849 * https://bugzilla.suse.com/show_bug.cgi?id=1227851 * https://bugzilla.suse.com/show_bug.cgi?id=1227862 * https://bugzilla.suse.com/show_bug.cgi?id=1227864 * https://bugzilla.suse.com/show_bug.cgi?id=1227865 * https://bugzilla.suse.com/show_bug.cgi?id=1227866 * https://bugzilla.suse.com/show_bug.cgi?id=1227870 * https://bugzilla.suse.com/show_bug.cgi?id=1227884 * https://bugzilla.suse.com/show_bug.cgi?id=1227886 * https://bugzilla.suse.com/show_bug.cgi?id=1227891 * https://bugzilla.suse.com/show_bug.cgi?id=1227893 * https://bugzilla.suse.com/show_bug.cgi?id=1227899 * https://bugzilla.suse.com/show_bug.cgi?id=1227900 * https://bugzilla.suse.com/show_bug.cgi?id=1227910 * https://bugzilla.suse.com/show_bug.cgi?id=1227913 * https://bugzilla.suse.com/show_bug.cgi?id=1227917 * https://bugzilla.suse.com/show_bug.cgi?id=1227919 * https://bugzilla.suse.com/show_bug.cgi?id=1227920 * https://bugzilla.suse.com/show_bug.cgi?id=1227921 * https://bugzilla.suse.com/show_bug.cgi?id=1227922 * https://bugzilla.suse.com/show_bug.cgi?id=1227923 * https://bugzilla.suse.com/show_bug.cgi?id=1227924 * https://bugzilla.suse.com/show_bug.cgi?id=1227925 * https://bugzilla.suse.com/show_bug.cgi?id=1227927 * https://bugzilla.suse.com/show_bug.cgi?id=1227928 * https://bugzilla.suse.com/show_bug.cgi?id=1227931 * https://bugzilla.suse.com/show_bug.cgi?id=1227932 * https://bugzilla.suse.com/show_bug.cgi?id=1227933 * https://bugzilla.suse.com/show_bug.cgi?id=1227935 * https://bugzilla.suse.com/show_bug.cgi?id=1227936 * https://bugzilla.suse.com/show_bug.cgi?id=1227938 * https://bugzilla.suse.com/show_bug.cgi?id=1227941 * https://bugzilla.suse.com/show_bug.cgi?id=1227942 * https://bugzilla.suse.com/show_bug.cgi?id=1227944 * https://bugzilla.suse.com/show_bug.cgi?id=1227945 * https://bugzilla.suse.com/show_bug.cgi?id=1227947 * https://bugzilla.suse.com/show_bug.cgi?id=1227948 * https://bugzilla.suse.com/show_bug.cgi?id=1227949 * https://bugzilla.suse.com/show_bug.cgi?id=1227950 * https://bugzilla.suse.com/show_bug.cgi?id=1227952 * https://bugzilla.suse.com/show_bug.cgi?id=1227953 * https://bugzilla.suse.com/show_bug.cgi?id=1227954 * https://bugzilla.suse.com/show_bug.cgi?id=1227956 * https://bugzilla.suse.com/show_bug.cgi?id=1227957 * https://bugzilla.suse.com/show_bug.cgi?id=1227963 * https://bugzilla.suse.com/show_bug.cgi?id=1227964 * https://bugzilla.suse.com/show_bug.cgi?id=1227965 * https://bugzilla.suse.com/show_bug.cgi?id=1227968 * https://bugzilla.suse.com/show_bug.cgi?id=1227969 * https://bugzilla.suse.com/show_bug.cgi?id=1227970 * https://bugzilla.suse.com/show_bug.cgi?id=1227971 * https://bugzilla.suse.com/show_bug.cgi?id=1227972 * https://bugzilla.suse.com/show_bug.cgi?id=1227975 * https://bugzilla.suse.com/show_bug.cgi?id=1227976 * https://bugzilla.suse.com/show_bug.cgi?id=1227981 * https://bugzilla.suse.com/show_bug.cgi?id=1227982 * https://bugzilla.suse.com/show_bug.cgi?id=1227985 * https://bugzilla.suse.com/show_bug.cgi?id=1227986 * https://bugzilla.suse.com/show_bug.cgi?id=1227987 * https://bugzilla.suse.com/show_bug.cgi?id=1227988 * https://bugzilla.suse.com/show_bug.cgi?id=1227989 * https://bugzilla.suse.com/show_bug.cgi?id=1227990 * https://bugzilla.suse.com/show_bug.cgi?id=1227991 * https://bugzilla.suse.com/show_bug.cgi?id=1227992 * https://bugzilla.suse.com/show_bug.cgi?id=1227993 * https://bugzilla.suse.com/show_bug.cgi?id=1227995 * https://bugzilla.suse.com/show_bug.cgi?id=1227996 * https://bugzilla.suse.com/show_bug.cgi?id=1227997 * https://bugzilla.suse.com/show_bug.cgi?id=1228000 * https://bugzilla.suse.com/show_bug.cgi?id=1228002 * https://bugzilla.suse.com/show_bug.cgi?id=1228003 * https://bugzilla.suse.com/show_bug.cgi?id=1228004 * https://bugzilla.suse.com/show_bug.cgi?id=1228005 * https://bugzilla.suse.com/show_bug.cgi?id=1228006 * https://bugzilla.suse.com/show_bug.cgi?id=1228007 * https://bugzilla.suse.com/show_bug.cgi?id=1228008 * https://bugzilla.suse.com/show_bug.cgi?id=1228009 * https://bugzilla.suse.com/show_bug.cgi?id=1228010 * https://bugzilla.suse.com/show_bug.cgi?id=1228011 * https://bugzilla.suse.com/show_bug.cgi?id=1228013 * https://bugzilla.suse.com/show_bug.cgi?id=1228014 * https://bugzilla.suse.com/show_bug.cgi?id=1228015 * https://bugzilla.suse.com/show_bug.cgi?id=1228019 * https://bugzilla.suse.com/show_bug.cgi?id=1228020 * https://bugzilla.suse.com/show_bug.cgi?id=1228025 * https://bugzilla.suse.com/show_bug.cgi?id=1228028 * https://bugzilla.suse.com/show_bug.cgi?id=1228035 * https://bugzilla.suse.com/show_bug.cgi?id=1228037 * https://bugzilla.suse.com/show_bug.cgi?id=1228038 * https://bugzilla.suse.com/show_bug.cgi?id=1228039 * https://bugzilla.suse.com/show_bug.cgi?id=1228040 * https://bugzilla.suse.com/show_bug.cgi?id=1228045 * https://bugzilla.suse.com/show_bug.cgi?id=1228054 * https://bugzilla.suse.com/show_bug.cgi?id=1228055 * https://bugzilla.suse.com/show_bug.cgi?id=1228056 * https://bugzilla.suse.com/show_bug.cgi?id=1228060 * https://bugzilla.suse.com/show_bug.cgi?id=1228061 * https://bugzilla.suse.com/show_bug.cgi?id=1228062 * https://bugzilla.suse.com/show_bug.cgi?id=1228063 * https://bugzilla.suse.com/show_bug.cgi?id=1228064 * https://bugzilla.suse.com/show_bug.cgi?id=1228066 * https://bugzilla.suse.com/show_bug.cgi?id=1228067 * https://bugzilla.suse.com/show_bug.cgi?id=1228068 * https://bugzilla.suse.com/show_bug.cgi?id=1228071 * https://bugzilla.suse.com/show_bug.cgi?id=1228079 * https://bugzilla.suse.com/show_bug.cgi?id=1228090 * https://bugzilla.suse.com/show_bug.cgi?id=1228114 * https://bugzilla.suse.com/show_bug.cgi?id=1228140 * https://bugzilla.suse.com/show_bug.cgi?id=1228190 * https://bugzilla.suse.com/show_bug.cgi?id=1228191 * https://bugzilla.suse.com/show_bug.cgi?id=1228195 * https://bugzilla.suse.com/show_bug.cgi?id=1228202 * https://bugzilla.suse.com/show_bug.cgi?id=1228226 * https://bugzilla.suse.com/show_bug.cgi?id=1228235 * https://bugzilla.suse.com/show_bug.cgi?id=1228237 * https://bugzilla.suse.com/show_bug.cgi?id=1228247 * https://bugzilla.suse.com/show_bug.cgi?id=1228327 * https://bugzilla.suse.com/show_bug.cgi?id=1228328 * https://bugzilla.suse.com/show_bug.cgi?id=1228330 * https://bugzilla.suse.com/show_bug.cgi?id=1228403 * https://bugzilla.suse.com/show_bug.cgi?id=1228405 * https://bugzilla.suse.com/show_bug.cgi?id=1228408 * https://bugzilla.suse.com/show_bug.cgi?id=1228409 * https://bugzilla.suse.com/show_bug.cgi?id=1228410 * https://bugzilla.suse.com/show_bug.cgi?id=1228418 * https://bugzilla.suse.com/show_bug.cgi?id=1228440 * https://bugzilla.suse.com/show_bug.cgi?id=1228459 * https://bugzilla.suse.com/show_bug.cgi?id=1228462 * https://bugzilla.suse.com/show_bug.cgi?id=1228470 * https://bugzilla.suse.com/show_bug.cgi?id=1228518 * https://bugzilla.suse.com/show_bug.cgi?id=1228520 * https://bugzilla.suse.com/show_bug.cgi?id=1228530 * https://bugzilla.suse.com/show_bug.cgi?id=1228561 * https://bugzilla.suse.com/show_bug.cgi?id=1228565 * https://bugzilla.suse.com/show_bug.cgi?id=1228580 * https://bugzilla.suse.com/show_bug.cgi?id=1228581 * https://bugzilla.suse.com/show_bug.cgi?id=1228591 * https://bugzilla.suse.com/show_bug.cgi?id=1228599 * https://bugzilla.suse.com/show_bug.cgi?id=1228617 * https://bugzilla.suse.com/show_bug.cgi?id=1228625 * https://bugzilla.suse.com/show_bug.cgi?id=1228626 * https://bugzilla.suse.com/show_bug.cgi?id=1228633 * https://bugzilla.suse.com/show_bug.cgi?id=1228640 * https://bugzilla.suse.com/show_bug.cgi?id=1228644 * https://bugzilla.suse.com/show_bug.cgi?id=1228649 * https://bugzilla.suse.com/show_bug.cgi?id=1228655 * https://bugzilla.suse.com/show_bug.cgi?id=1228665 * https://bugzilla.suse.com/show_bug.cgi?id=1228672 * https://bugzilla.suse.com/show_bug.cgi?id=1228680 * https://bugzilla.suse.com/show_bug.cgi?id=1228705 * https://bugzilla.suse.com/show_bug.cgi?id=1228723 * https://bugzilla.suse.com/show_bug.cgi?id=1228743 * https://bugzilla.suse.com/show_bug.cgi?id=1228756 * https://bugzilla.suse.com/show_bug.cgi?id=1228801 * https://bugzilla.suse.com/show_bug.cgi?id=1228850 * https://bugzilla.suse.com/show_bug.cgi?id=1228857 * https://jira.suse.com/browse/PED-8582 * https://jira.suse.com/browse/PED-8690

1 0

SUSE-SU-2024:2948-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 16 Aug '24

16 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:2948-1 Rating: important References: * bsc#1065729 * bsc#1179610 * bsc#1186463 * bsc#1216834 * bsc#1218820 * bsc#1220185 * bsc#1220186 * bsc#1220187 * bsc#1221539 * bsc#1222728 * bsc#1222824 * bsc#1223863 * bsc#1224918 * bsc#1225404 * bsc#1225431 * bsc#1226519 * bsc#1226550 * bsc#1226574 * bsc#1226575 * bsc#1226662 * bsc#1226666 * bsc#1226785 * bsc#1227213 * bsc#1227362 * bsc#1227487 * bsc#1227716 * bsc#1227750 * bsc#1227810 * bsc#1227836 * bsc#1227976 * bsc#1228013 * bsc#1228040 * bsc#1228114 * bsc#1228328 * bsc#1228561 * bsc#1228644 * bsc#1228743 Cross-References: * CVE-2020-26558 * CVE-2021-0129 * CVE-2021-47126 * CVE-2021-47219 * CVE-2021-47291 * CVE-2021-47506 * CVE-2021-47520 * CVE-2021-47580 * CVE-2021-47598 * CVE-2021-47600 * CVE-2022-48792 * CVE-2022-48821 * CVE-2022-48822 * CVE-2023-52686 * CVE-2023-52885 * CVE-2024-26583 * CVE-2024-26584 * CVE-2024-26585 * CVE-2024-26800 * CVE-2024-36974 * CVE-2024-38559 * CVE-2024-39494 * CVE-2024-40937 * CVE-2024-40956 * CVE-2024-41011 * CVE-2024-41059 * CVE-2024-41069 * CVE-2024-41090 * CVE-2024-42145 CVSS scores: * CVE-2020-26558 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2020-26558 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2021-0129 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2021-0129 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47126 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47219 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47506 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47520 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47520 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47580 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48821 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38559 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41069 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41090 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-42145 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 29 vulnerabilities and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610). * CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463). * CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). * CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). * CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404). * CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). * CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575). * CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). * CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). * CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). * CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). * CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). * CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). * CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). * CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). * CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). * CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). * CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). * CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). * CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). The following non-security bugs were fixed: * Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) * nfs: Clean up directory array handling (bsc#1226662). * nfs: Clean up nfs_readdir_page_filler() (bsc#1226662). * nfs: Clean up readdir struct nfs_cache_array (bsc#1226662). * nfs: Do not discard readdir results (bsc#1226662). * nfs: Do not overfill uncached readdir pages (bsc#1226662). * nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662). * nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). * nfs: Fix up directory verifier races (bsc#1226662). * nfs: Further optimisations for 'ls -l' (bsc#1226662). * nfs: More readdir cleanups (bsc#1226662). * nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). * nfs: Reduce use of uncached readdir (bsc#1226662). * nfs: Support larger readdir buffers (bsc#1226662). * nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662). * nfs: optimise readdir cache page invalidation (bsc#1226662). * nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) * ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). * powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). * powerpc/rtas: clean up includes (bsc#1227487). * x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-2948=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-2948=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-2948=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2948=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2948=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2948=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2948=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2948=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2948=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2948=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * openSUSE Leap 15.3 (noarch) * kernel-source-5.3.18-150300.59.170.1 * kernel-macros-5.3.18-150300.59.170.1 * kernel-source-vanilla-5.3.18-150300.59.170.1 * kernel-docs-html-5.3.18-150300.59.170.2 * kernel-devel-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.170.1 * kernel-debug-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-5.3.18-150300.59.170.1 * kernel-debug-debuginfo-5.3.18-150300.59.170.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.170.1 * kernel-debug-livepatch-devel-5.3.18-150300.59.170.1 * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.170.1 * kernel-debug-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-debug-debugsource-5.3.18-150300.59.170.1 * kernel-debug-devel-5.3.18-150300.59.170.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.170.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-base-rebuild-5.3.18-150300.59.170.1.150300.18.100.1 * dlm-kmp-default-5.3.18-150300.59.170.1 * kernel-default-optional-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-extra-debuginfo-5.3.18-150300.59.170.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-extra-5.3.18-150300.59.170.1 * kernel-default-livepatch-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-5.3.18-150300.59.170.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kselftests-kmp-default-5.3.18-150300.59.170.1 * kernel-obs-qa-5.3.18-150300.59.170.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-default-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * ocfs2-kmp-default-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-default-1-150300.7.3.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-1-150300.7.3.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_170-preempt-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-1-150300.7.3.1 * openSUSE Leap 15.3 (aarch64 x86_64) * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-extra-5.3.18-150300.59.170.1 * kselftests-kmp-preempt-5.3.18-150300.59.170.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-optional-5.3.18-150300.59.170.1 * reiserfs-kmp-preempt-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-devel-5.3.18-150300.59.170.1 * gfs2-kmp-preempt-5.3.18-150300.59.170.1 * kernel-preempt-livepatch-devel-5.3.18-150300.59.170.1 * cluster-md-kmp-preempt-5.3.18-150300.59.170.1 * ocfs2-kmp-preempt-5.3.18-150300.59.170.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.170.1 * dlm-kmp-preempt-5.3.18-150300.59.170.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.170.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64) * dtb-mediatek-5.3.18-150300.59.170.1 * dlm-kmp-64kb-5.3.18-150300.59.170.1 * dtb-qcom-5.3.18-150300.59.170.1 * dtb-lg-5.3.18-150300.59.170.1 * dtb-broadcom-5.3.18-150300.59.170.1 * kernel-64kb-livepatch-devel-5.3.18-150300.59.170.1 * dtb-socionext-5.3.18-150300.59.170.1 * dtb-apm-5.3.18-150300.59.170.1 * dtb-nvidia-5.3.18-150300.59.170.1 * dtb-zte-5.3.18-150300.59.170.1 * ocfs2-kmp-64kb-5.3.18-150300.59.170.1 * dtb-renesas-5.3.18-150300.59.170.1 * dtb-exynos-5.3.18-150300.59.170.1 * dtb-rockchip-5.3.18-150300.59.170.1 * kselftests-kmp-64kb-5.3.18-150300.59.170.1 * dtb-hisilicon-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * dtb-cavium-5.3.18-150300.59.170.1 * dtb-freescale-5.3.18-150300.59.170.1 * gfs2-kmp-64kb-5.3.18-150300.59.170.1 * dtb-al-5.3.18-150300.59.170.1 * dtb-allwinner-5.3.18-150300.59.170.1 * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-extra-5.3.18-150300.59.170.1 * dtb-amd-5.3.18-150300.59.170.1 * dtb-marvell-5.3.18-150300.59.170.1 * dtb-arm-5.3.18-150300.59.170.1 * dtb-xilinx-5.3.18-150300.59.170.1 * dtb-altera-5.3.18-150300.59.170.1 * dtb-amlogic-5.3.18-150300.59.170.1 * reiserfs-kmp-64kb-5.3.18-150300.59.170.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-64kb-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-optional-5.3.18-150300.59.170.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.170.1 * dtb-sprd-5.3.18-150300.59.170.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-livepatch-devel-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-default-1-150300.7.3.1 * kernel-default-livepatch-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-5.3.18-150300.59.170.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-default-5.3.18-150300.59.170.1 * dlm-kmp-default-5.3.18-150300.59.170.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.170.1 * ocfs2-kmp-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.170.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * kernel-default-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 ## References: * https://www.suse.com/security/cve/CVE-2020-26558.html * https://www.suse.com/security/cve/CVE-2021-0129.html * https://www.suse.com/security/cve/CVE-2021-47126.html * https://www.suse.com/security/cve/CVE-2021-47219.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47506.html * https://www.suse.com/security/cve/CVE-2021-47520.html * https://www.suse.com/security/cve/CVE-2021-47580.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2022-48792.html * https://www.suse.com/security/cve/CVE-2022-48821.html * https://www.suse.com/security/cve/CVE-2022-48822.html * https://www.suse.com/security/cve/CVE-2023-52686.html * https://www.suse.com/security/cve/CVE-2023-52885.html * https://www.suse.com/security/cve/CVE-2024-26583.html * https://www.suse.com/security/cve/CVE-2024-26584.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26800.html * https://www.suse.com/security/cve/CVE-2024-36974.html * https://www.suse.com/security/cve/CVE-2024-38559.html * https://www.suse.com/security/cve/CVE-2024-39494.html * https://www.suse.com/security/cve/CVE-2024-40937.html * https://www.suse.com/security/cve/CVE-2024-40956.html * https://www.suse.com/security/cve/CVE-2024-41011.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-41069.html * https://www.suse.com/security/cve/CVE-2024-41090.html * https://www.suse.com/security/cve/CVE-2024-42145.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1179610 * https://bugzilla.suse.com/show_bug.cgi?id=1186463 * https://bugzilla.suse.com/show_bug.cgi?id=1216834 * https://bugzilla.suse.com/show_bug.cgi?id=1218820 * https://bugzilla.suse.com/show_bug.cgi?id=1220185 * https://bugzilla.suse.com/show_bug.cgi?id=1220186 * https://bugzilla.suse.com/show_bug.cgi?id=1220187 * https://bugzilla.suse.com/show_bug.cgi?id=1221539 * https://bugzilla.suse.com/show_bug.cgi?id=1222728 * https://bugzilla.suse.com/show_bug.cgi?id=1222824 * https://bugzilla.suse.com/show_bug.cgi?id=1223863 * https://bugzilla.suse.com/show_bug.cgi?id=1224918 * https://bugzilla.suse.com/show_bug.cgi?id=1225404 * https://bugzilla.suse.com/show_bug.cgi?id=1225431 * https://bugzilla.suse.com/show_bug.cgi?id=1226519 * https://bugzilla.suse.com/show_bug.cgi?id=1226550 * https://bugzilla.suse.com/show_bug.cgi?id=1226574 * https://bugzilla.suse.com/show_bug.cgi?id=1226575 * https://bugzilla.suse.com/show_bug.cgi?id=1226662 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226785 * https://bugzilla.suse.com/show_bug.cgi?id=1227213 * https://bugzilla.suse.com/show_bug.cgi?id=1227362 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227716 * https://bugzilla.suse.com/show_bug.cgi?id=1227750 * https://bugzilla.suse.com/show_bug.cgi?id=1227810 * https://bugzilla.suse.com/show_bug.cgi?id=1227836 * https://bugzilla.suse.com/show_bug.cgi?id=1227976 * https://bugzilla.suse.com/show_bug.cgi?id=1228013 * https://bugzilla.suse.com/show_bug.cgi?id=1228040 * https://bugzilla.suse.com/show_bug.cgi?id=1228114 * https://bugzilla.suse.com/show_bug.cgi?id=1228328 * https://bugzilla.suse.com/show_bug.cgi?id=1228561 * https://bugzilla.suse.com/show_bug.cgi?id=1228644 * https://bugzilla.suse.com/show_bug.cgi?id=1228743

1 0

openSUSE-SU-2024:0244-1: important: Security update for apptainer
by opensuse-security＠opensuse.org 16 Aug '24

16 Aug '24

openSUSE Security Update: Security update for apptainer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0244-1 Rating: important References: #1221364 #1224114 Cross-References: CVE-2023-30549 CVE-2023-38496 CVE-2024-3727 CVSS scores: CVE-2023-30549 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-38496 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2024-3727 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apptainer fixes the following issues: - Make sure, digest values handled by the Go library github.com/opencontainers/go-digest and used throughout the Go-implemented containers ecosystem are always validated. This prevents attackers from triggering unexpected authenticated registry accesses. (CVE-2024-3727, boo#1224114). - Updated apptainer to version 1.3.0 * FUSE mounts are now supported in setuid mode, enabling full functionality even when kernel filesystem mounts are insecure due to unprivileged users having write access to raw filesystems in containers. When allow `setuid-mount extfs = no` (the default) in apptainer.conf, then the fuse2fs image driver will be used to mount ext3 images in setuid mode instead of the kernel driver (ext3 images are primarily used for the `--overlay` feature), restoring functionality that was removed by default in Apptainer 1.1.8 because of the security risk. The allow `setuid-mount squashfs` configuration option in `apptainer.conf` now has a new default called `iflimited` which allows kernel squashfs mounts only if there is at least one `limit container` option set or if Execution Control Lists are activated in ecl.toml. If kernel squashfs mounts are are not allowed, then the squashfuse image driver will be used instead. `iflimited` is the default because if one of those limits are used the system administrator ensures that unprivileged users do not have write access to the containers, but on the other hand using FUSE would enable a user to theoretically bypass the limits via `ptrace()` because the FUSE process runs as that user. The `fuse-overlayfs` image driver will also now be tried in setuid mode if the kernel overlayfs driver does not work (for example if one of the layers is a FUSE filesystem). In addition, if `allow setuid-mount encrypted = no` then the unprivileged gocryptfs format will be used for encrypting SIF files instead of the kernel device-mapper. If a SIF file was encrypted using the gocryptfs format, it can now be mounted in setuid mode in addition to non-setuid mode. * Change the default in user namespace mode to use either kernel overlayfs or fuse-overlayfs instead of the underlay feature for the purpose of adding bind mount points. That was already the default in setuid mode; this change makes it consistent. The underlay feature can still be used with the `--underlay` option, but it is deprecated because the implementation is complicated and measurements have shown that the performance of underlay is similar to overlayfs and fuse-overlayfs. For now the underlay feature can be made the default again with a new `preferred` value on the `enable underlay` configuration option. Also the `--underlay` option can be used in setuid mode or as the root user, although it was ignored previously. * Prefer again to use kernel overlayfs over fuse-overlayfs when a lower layer is FUSE and there's no writable upper layer, undoing the change from 1.2.0. Another workaround was found for the problem that change addressed. This applies in both setuid mode and in user namespace mode. * `--cwd` is now the preferred form of the flag for setting the container's working directory, though `--pwd` is still supported for compatibility. * The way `--home` is handled when running as root (e.g. sudo apptainer) or with `--fakeroot` has changed. Previously, we were only modifying the `HOME` environment variable in these cases, while leaving the container's `/etc/passwd` file unchanged (with its homedir field pointing to `/root`, regardless of the value passed to `--home`). With this change, both value of HOME and the contents of `/etc/passwd` in the container will reflect the value passed to `--home` if the container is readonly. If the container is writable, the `/etc/passwd` file is left alone because it can interfere with commands that want to modify it. * The `--vm` and related flags to start apptainer inside a VM have been removed. This functionality was related to the retired Singularity Desktop / SyOS projects. * The keyserver-related commands that were under `remote` have been moved to their own, dedicated `keyserver` command. Run `apptainer help keyserver` for more information. * The commands related to OCI/Docker registries that were under `remote` have been moved to their own, dedicated `registry` command. Run `apptainer help registry` for more information. * The the `remote list` subcommand now outputs only remote endpoints (with keyservers and OCI/Docker registries having been moved to separate commands), and the output has been streamlined. * Adding a new remote endpoint using the `apptainer remote add` command will now set the new endpoint as default. This behavior can be suppressed by supplying the `--no-default` (or `-n`) flag to `remote add`. * Skip parsing build definition file template variables after comments beginning with a hash symbol. * The global `/tmp` directory is no longer used for gocryptfs mountpoints. - New Features & Functionality * The `remote status` command will now print the username, realname, and email of the logged-in user, if available. * Add monitoring feature support, which requires the usage of an additional tool named `apptheus`, this tool will put apptainer starter into a newly created cgroup and collect system metrics. * A new `--no-pid` flag for `apptainer run/shell/exec` disables the PID namespace inferred by `--containall` and `--compat`. * Added `--config` option to `keyserver` commands. * Honor an optional remoteName argument to the `keyserver list` command. * Added the `APPTAINER_ENCRYPTION_PEM_DATA` env var to allow for encrypting and running encrypted containers without a PEM file. * Adding `--sharens` mode for `apptainer exec/run/shell`, which enables to run multiple apptainer instances created by the same parent using the same image in the same user namespace. - Make 'gocryptfs' an optional dependency. - Make apptainer definition templates version dependent. - Fix 'apptainer build' using signed packages from the SUSE Registry (boo#1221364). - Updated apptainer to version 1.2.5 * Added `libnvidia-nvvm` to `nvliblist.conf`. Newer NVIDIA Drivers (known with >= 525.85.05) require this lib to compile OpenCL programs against NVIDIA GPUs, i.e. `libnvidia-opencl` depends on `libnvidia-nvvm`. * Disable the usage of cgroup in instance creation when `--fakeroot` is passed. * Disable the usage of cgroup in instance creation when `hidepid` mount option on `/proc` is set. * Fixed a regression introduced in 1.2.0 where the user's password file information was not copied in to the container when there was a parent root-mapped user namespace (as is the case for example in `cvmfsexec`). * Added the upcoming NVIDIA driver library `libnvidia-gpucomp.so` to the list of libraries to add to NVIDIA GPU-enabled containers. Fixed missing error handling during the creation of an encrypted image that lead to the generation of corrupted images. * Use `APPTAINER_TMPDIR` for temporary files during privileged image encryption. * If rootless unified cgroups v2 is available when starting an image but `XDG_RUNTIME_DIR` or `DBUS_SESSION_BUS_ADDRESS` is not set, print an info message that stats will not be available instead of exiting with a fatal error. * Allow templated build arguments to definition files to have empty values. - Package .def templates separately for different SPs. - Do not build squashfuse, require it as a dependency. - Replace awkward 'Obsoletes: singularity-*' as well as the 'Provides: Singularity' by 'Conflicts:' and drop the provides - the versioning scheme does not match and we do not automatically migrate from one to the other. - Exclude platforms which do not provide all build dependencies. - updated to 1.2.3 with following changes: * The apptainer push/pull commands now show a progress bar for the oras protocol like there was for docker and library protocols. * The --nv and --rocm flags can now be used simultaneously. * Fix the use of APPTAINER_CONFIGDIR with apptainer instance start and action commands that refer to instance://. * Fix the issue that apptainer would not read credentials from the Docker fallback path ~/.docker/config.json if missing in the apptainer credentials. - updated to 1.2.2 with following changes: * Fix $APPTAINER_MESSAGELEVEL to correctly set the logging level. * Fix build failures when in setuid mode and unprivileged user namespaces are unavailable and the --fakeroot option is not selected. - updated to 1.2.1 to fix CVE-2023-38496 although not relevant as package is compiled with setuid - update to 1.2.0 with following changes: * binary is built reproducible which disables plugins * Create the current working directory in a container when it doesn't exist. This restores behavior as it was before singularity 3.6.0. As a result, using --no-mount home won't have any effect when running apptainer from a home directory and will require --no-mount home,cwd to avoid mounting that directory. * Handle current working directory paths containing symlinks both on the host and in a container but pointing to different destinations. If detected, the current working directory is not mounted when the destination directory in the container exists. * Destination mount points are now sorted by shortest path first to ensure that a user bind doesn't override a previous bind path when set in arbitrary order on the CLI. This is also applied to image binds. * When the kernel supports unprivileged overlay mounts in a user namespace, the container will be constructed by default using an overlay instead of an underlay layout for bind mounts. A new --underlay action option can be used to prefer underlay instead of overlay. * sessiondir maxsize in apptainer.conf now defaults to 64 MiB for new installations. This is an increase from 16 MiB in prior versions. * The apptainer cache is now architecture aware, so the same home directory cache can be shared by machines with different architectures. * Overlay is blocked on the panfs filesystem, allowing sandbox directories to be run from panfs without error. * Lookup and store user/group information in stage one prior to entering any namespaces, to fix an issue with winbind not correctly looking up user/group information when using user namespaces. - New features / functionalities * Support for unprivileged encryption of SIF files using gocryptfs. This is not compatible with privileged encryption, so containers encrypted by root need to be rebuilt by an unprivileged user. * Templating support for definition files. Users can now define variables in definition files via a matching pair of double curly brackets. Variables of the form {{ variable }} will be replaced by a value defined either by a variable=value entry in the %arguments section of the definition file or through new build options --build-arg or --build-arg-file. * Add a new instance run command that will execute the runscript when an instance is initiated instead of executing the startscript. * The sign and verify commands now support signing and verification with non-PGP key material by specifying the path to a private key via the --key flag. * The verify command now supports verification with X.509 certificates by specifying the path to a certificate via the --certificate flag. By default, the system root certificate pool is used as trust anchors unless overridden via the --certificate-roots flag. A pool of intermediate certificates that are not trust anchors, but can be used to form a certificate chain, can also be specified via the --certificate-intermediates flag. * Support for online verification checks of X.509 certificates using OCSP protocol via the new verify --ocsp-verify option. * The instance stats command displays the resource usage every second. The --no-stream option disables this interactive mode and shows the point-in-time usage. * Instances are now started in a cgroup by default, when run as root or when unified cgroups v2 with systemd as manager is configured. This allows apptainer instance stats to be supported by default when possible. * The instance start command now accepts an optional --app <name> argument which invokes a start script within the %appstart <name> section in the definition file. The instance stop command still only requires the instance name. * The instance name is now available inside an instance via the new APPTAINER_INSTANCE environment variable. * The --no-mount flag now accepts the value bind-paths to disable mounting of all bind path entries in apptainer.conf. Support for DOCKER_HOST parsing when using docker-daemon:// DOCKER_USERNAME and DOCKER_PASSWORD supported without APPTAINER_ prefix. Add new Linux capabilities CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE. * The remote get-login-password command allows users to retrieve a remote's token. This enables piping the secret directly into docker login while preventing it from showing up in a shell's history. * Define EUID in %environment alongside UID. * In --rocm mode, the whole of /dev/dri is now bound into the container when --contain is in use. This makes /dev/dri/render devices available, required for later ROCm versions. - update to 1.1.9 with following changes: * Remove warning about unknown xino=on option from fuse-overlayfs, introduced in 1.1.8. * Ignore extraneous warning from fuse-overlayfs about a readonly /proc. * Fix dropped "n" characters on some platforms in definition file stored as part of SIF metadata. * Remove duplicated group ids. * Fix not being able to handle multiple entries in LD_PRELOAD when binding fakeroot into container during apptainer startup for --fakeroot with fakeroot command. - Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root installations of Apptainer iwhich was not active in the recent openSUSE packages. Still this is included for completenss. The fix adds allow setuid-mount configuration options encrypted, squashfs, and extfs, and makes the default for extfs be "no". That disables the use of extfs mounts including for overlays or binds while in the setuid-root mode, while leaving it enabled for unprivileged user namespace mode. The default for encrypted and squashfs is "yes". - Other bug fixes: * Fix loop device 'no such device or address' spurious errors when using shared loop devices. * Add xino=on mount option for writable kernel overlay mount points to fix inode numbers consistency after kernel cache flush (not applicable to fuse-overlayfs). - updated to 1.1.7 with following changes: * Allow gpu options such as --nv to be nested by always inheriting all libraries bound in to a parent container's /.singularity.d/libs. * Map the user's home directory to the root home directory by default in the non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both action commands and building containers from definition files. * Make the error message more helpful in another place where a remote is found to have no library client. * Avoid incorrect error when requesting fakeroot network. * Pass computed LD_LIBRARY_PATH to wrapped unsquashfs. Fixes issues where unsquashfs on host uses libraries in non-default paths. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-244=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): libsquashfuse0-0.5.0-bp155.2.1 libsquashfuse0-debuginfo-0.5.0-bp155.2.1 squashfuse-0.5.0-bp155.2.1 squashfuse-debuginfo-0.5.0-bp155.2.1 squashfuse-debugsource-0.5.0-bp155.2.1 squashfuse-devel-0.5.0-bp155.2.1 squashfuse-tools-0.5.0-bp155.2.1 squashfuse-tools-debuginfo-0.5.0-bp155.2.1 - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): apptainer-1.3.0-bp155.3.3.2 - openSUSE Backports SLE-15-SP5 (noarch): apptainer-leap-1.3.0-bp155.3.3.2 apptainer-sle15_5-1.3.0-bp155.3.3.2 apptainer-sle15_6-1.3.0-bp155.3.3.2 References: https://www.suse.com/security/cve/CVE-2023-30549.html https://www.suse.com/security/cve/CVE-2023-38496.html https://www.suse.com/security/cve/CVE-2024-3727.html https://bugzilla.suse.com/1221364 https://bugzilla.suse.com/1224114

1 0

openSUSE-SU-2024:0243-1: important: Security update for python-aiosmtpd
by opensuse-security＠opensuse.org 16 Aug '24

16 Aug '24

openSUSE Security Update: Security update for python-aiosmtpd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0243-1 Rating: important References: #1221328 #1224467 Cross-References: CVE-2024-27305 CVE-2024-34083 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-aiosmtpd fixes the following issues: - CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS (boo#1224467) - CVE-2024-27305: Fixed SMTP smuggling (boo#1221328) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-243=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python3-aiosmtpd-1.2.1-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-27305.html https://www.suse.com/security/cve/CVE-2024-34083.html https://bugzilla.suse.com/1221328 https://bugzilla.suse.com/1224467

1 0

openSUSE-SU-2024:0242-1: important: Security update for opera
by opensuse-security＠opensuse.org 15 Aug '24

15 Aug '24

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0242-1 Rating: important References: Cross-References: CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 Affected Products: openSUSE Leap 15.6:NonFree ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 112.0.5197.53 * CHR-9814 Update Chromium on desktop-stable-126-5197 to 126.0.6478.226 * DNA-116974 Site settings popup size not expanding causing display issues * DNA-117115 Tab islands are extending partially after Workspace change * DNA-117708 H.264 SW decoding only possible if HW decoding is possible * DNA-117792 Crash at content::RenderWidgetHostImpl:: ForwardMouseEventWithLatencyInfo(blink:: WebMouseEvent const&, ui::LatencyInfo const&) - The update to chromium >= 126.0.6478.182 fixes following issues: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 - Update to 112.0.5197.30 * CHR-9416 Updating Chromium on desktop-stable-* branches Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.6:NonFree: zypper in -t patch openSUSE-2024-242=1 Package List: - openSUSE Leap 15.6:NonFree (x86_64): opera-112.0.5197.53-lp156.2.14.1 References: https://www.suse.com/security/cve/CVE-2024-6772.html https://www.suse.com/security/cve/CVE-2024-6773.html https://www.suse.com/security/cve/CVE-2024-6774.html https://www.suse.com/security/cve/CVE-2024-6775.html https://www.suse.com/security/cve/CVE-2024-6776.html https://www.suse.com/security/cve/CVE-2024-6777.html https://www.suse.com/security/cve/CVE-2024-6778.html https://www.suse.com/security/cve/CVE-2024-6779.html

1 0

SUSE-SU-2024:2933-1: moderate: Security update for openssl-1_1
by OPENSUSE-SECURITY-UPDATES 15 Aug '24

15 Aug '24

# Security update for openssl-1_1 Announcement ID: SUSE-SU-2024:2933-1 Rating: moderate References: * bsc#1225907 * bsc#1226463 * bsc#1227138 Cross-References: * CVE-2024-5535 CVSS scores: * CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: \- Build with no-afalgeng. (bsc#1226463) \- Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2933=1 openSUSE-SLE-15.6-2024-2933=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2933=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2933=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-2933=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-1_1-devel-1.1.1w-150600.5.6.1 * libopenssl1_1-debuginfo-1.1.1w-150600.5.6.1 * openssl-1_1-1.1.1w-150600.5.6.1 * libopenssl1_1-1.1.1w-150600.5.6.1 * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 * openSUSE Leap 15.6 (x86_64) * libopenssl1_1-32bit-1.1.1w-150600.5.6.1 * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.6.1 * libopenssl-1_1-devel-32bit-1.1.1w-150600.5.6.1 * openSUSE Leap 15.6 (noarch) * openssl-1_1-doc-1.1.1w-150600.5.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.6.1 * libopenssl1_1-64bit-1.1.1w-150600.5.6.1 * libopenssl-1_1-devel-64bit-1.1.1w-150600.5.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1w-150600.5.6.1 * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 * libopenssl1_1-debuginfo-1.1.1w-150600.5.6.1 * Basesystem Module 15-SP6 (x86_64) * libopenssl1_1-32bit-1.1.1w-150600.5.6.1 * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1w-150600.5.6.1 * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1225907 * https://bugzilla.suse.com/show_bug.cgi?id=1226463 * https://bugzilla.suse.com/show_bug.cgi?id=1227138

1 0

SUSE-SU-2024:2905-1: important: Security update for webkit2gtk3
by OPENSUSE-SECURITY-UPDATES 14 Aug '24

14 Aug '24

# Security update for webkit2gtk3 Announcement ID: SUSE-SU-2024:2905-1 Rating: important References: * bsc#1228613 * bsc#1228693 * bsc#1228694 * bsc#1228695 Cross-References: * CVE-2024-40776 * CVE-2024-40779 * CVE-2024-40780 * CVE-2024-40782 CVSS scores: * CVE-2024-40776 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-40776 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2024-40779 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40780 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40782 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2024-40776: Fixed a use-after-free issue with improved memory management (bsc#1228613). * CVE-2024-40779: Fixed a out-of-bounds read with improved bounds checking (bsc#1228693). * CVE-2024-40780: Fixed another out-of-bounds read with improved bounds checking (bsc#1228694). * CVE-2024-40782: Fixed a second use-after-free issue with improved memory management (bsc#1228695). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2905=1 openSUSE-SLE-15.6-2024-2905=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2905=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2905=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2905=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-4.0-lang-2.44.2-150600.12.6.1 * WebKitGTK-6.0-lang-2.44.2-150600.12.6.1 * WebKitGTK-4.1-lang-2.44.2-150600.12.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk3-soup2-minibrowser-2.44.2-150600.12.6.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_1-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk3-minibrowser-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-2.44.2-150600.12.6.1 * typelib-1_0-WebKit-6_0-2.44.2-150600.12.6.1 * webkit2gtk4-devel-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-devel-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-2.44.2-150600.12.6.1 * webkit-jsc-4-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-6_0-1-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk4-minibrowser-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_0-2.44.2-150600.12.6.1 * webkit2gtk4-debugsource-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk3-debugsource-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-2.44.2-150600.12.6.1 * webkit2gtk3-minibrowser-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk4-minibrowser-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_0-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * webkit-jsc-4.1-2.44.2-150600.12.6.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-6_0-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-debugsource-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.2-150600.12.6.1 * webkit-jsc-4.1-debuginfo-2.44.2-150600.12.6.1 * webkit-jsc-6.0-2.44.2-150600.12.6.1 * webkit-jsc-6.0-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * webkit-jsc-4-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_1-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_1-2.44.2-150600.12.6.1 * webkit2gtk3-devel-2.44.2-150600.12.6.1 * openSUSE Leap 15.6 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-32bit-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-32bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-32bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-32bit-2.44.2-150600.12.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-64bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-64bit-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-64bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-64bit-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.44.2-150600.12.6.1 * Basesystem Module 15-SP6 (noarch) * WebKitGTK-4.0-lang-2.44.2-150600.12.6.1 * WebKitGTK-6.0-lang-2.44.2-150600.12.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_0-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-devel-2.44.2-150600.12.6.1 * webkit2gtk4-debugsource-2.44.2-150600.12.6.1 * libjavascriptcoregtk-6_0-1-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_0-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-debugsource-2.44.2-150600.12.6.1 * Desktop Applications Module 15-SP6 (noarch) * WebKitGTK-4.1-lang-2.44.2-150600.12.6.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_1-0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_1-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk3-debugsource-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_1-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_1-2.44.2-150600.12.6.1 * webkit2gtk3-devel-2.44.2-150600.12.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit-6_0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-6_0-2.44.2-150600.12.6.1 * webkit2gtk4-devel-2.44.2-150600.12.6.1 * webkit2gtk4-debugsource-2.44.2-150600.12.6.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.44.2-150600.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40776.html * https://www.suse.com/security/cve/CVE-2024-40779.html * https://www.suse.com/security/cve/CVE-2024-40780.html * https://www.suse.com/security/cve/CVE-2024-40782.html * https://bugzilla.suse.com/show_bug.cgi?id=1228613 * https://bugzilla.suse.com/show_bug.cgi?id=1228693 * https://bugzilla.suse.com/show_bug.cgi?id=1228694 * https://bugzilla.suse.com/show_bug.cgi?id=1228695

1 0

SUSE-SU-2024:2891-1: moderate: Security update for openssl-1_1
by OPENSUSE-SECURITY-UPDATES 13 Aug '24

13 Aug '24

# Security update for openssl-1_1 Announcement ID: SUSE-SU-2024:2891-1 Rating: moderate References: * bsc#1226463 * bsc#1227138 Cross-References: * CVE-2024-5535 CVSS scores: * CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: \- Build with no-afalgeng (bsc#1226463) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-2891=1 openSUSE-SLE-15.5-2024-2891=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2891=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2891=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2891=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.34.1 * libopenssl1_1-32bit-1.1.1l-150500.17.34.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.34.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.34.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.34.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.34.1 * libopenssl1_1-64bit-1.1.1l-150500.17.34.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.34.1 * libopenssl1_1-32bit-1.1.1l-150500.17.34.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1226463 * https://bugzilla.suse.com/show_bug.cgi?id=1227138

1 0

SUSE-SU-2024:2869-1: important: Security update for ca-certificates-mozilla
by OPENSUSE-SECURITY-UPDATES 09 Aug '24

09 Aug '24

# Security update for ca-certificates-mozilla Announcement ID: SUSE-SU-2024:2869-1 Rating: important References: * bsc#1220356 * bsc#1227525 Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) * Added: FIRMAPROFESIONAL CA ROOT-A WEB * Distrust: GLOBALTRUST 2020 * Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: * CommScope Public Trust ECC Root-01 * CommScope Public Trust ECC Root-02 * CommScope Public Trust RSA Root-01 * CommScope Public Trust RSA Root-02 * D-Trust SBR Root CA 1 2022 * D-Trust SBR Root CA 2 2022 * Telekom Security SMIME ECC Root 2021 * Telekom Security SMIME RSA Root 2023 * Telekom Security TLS ECC Root 2020 * Telekom Security TLS RSA Root 2023 * TrustAsia Global Root CA G3 * TrustAsia Global Root CA G4 Removed: * Autoridad de Certificacion Firmaprofesional CIF A62634068 * Chambers of Commerce Root - 2008 * Global Chambersign Root - 2008 * Security Communication Root CA * Symantec Class 1 Public Primary Certification Authority - G6 * Symantec Class 2 Public Primary Certification Authority - G6 * TrustCor ECA-1 * TrustCor RootCert CA-1 * TrustCor RootCert CA-2 * VeriSign Class 1 Public Primary Certification Authority - G3 * VeriSign Class 2 Public Primary Certification Authority - G3 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2869=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2869=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2869=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2869=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2869=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2869=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2869=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2869=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2869=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2869=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2869=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2869=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2869=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2869=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2869=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2869=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2869=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2869=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2869=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2869=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2869=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2869=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2869=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2869=1 ## Package List: * openSUSE Leap Micro 5.5 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * openSUSE Leap 15.5 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * openSUSE Leap 15.6 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * Basesystem Module 15-SP5 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * Basesystem Module 15-SP6 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * Development Tools Module 15-SP5 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * Development Tools Module 15-SP6 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Manager Proxy 4.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Manager Server 4.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Enterprise Storage 7.1 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1220356 * https://bugzilla.suse.com/show_bug.cgi?id=1227525

1 0

SUSE-SU-2024:2785-1: moderate: Security update for kernel-firmware
by OPENSUSE-SECURITY-UPDATES 06 Aug '24

06 Aug '24

# Security update for kernel-firmware Announcement ID: SUSE-SU-2024:2785-1 Rating: moderate References: * bsc#1225600 * bsc#1225601 Cross-References: * CVE-2023-38417 * CVE-2023-47210 CVSS scores: * CVE-2023-38417 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47210 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update to version 20240728: * amdgpu: update DMCUB to v0.0.227.0 for DCN35 and DCN351 * Revert "iwlwifi: update ty/So/Ma firmwares for core89-58 release" * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: add gl FW for core89-58 release * iwlwifi: update ty/So/Ma firmwares for core89-58 release * iwlwifi: update cc/Qu/QuZ firmwares for core89-58 release * mediatek: Update mt8195 SOF firmware and sof-tplg * ASoC: tas2781: fix the license issue for tas781 firmware * rtl_bt: Update RTL8852B BT USB FW to 0x048F_4008 * i915: Update Xe2LPD DMC to v2.21 * qcom: move signed x1e80100 signed firmware to the SoC subdir * qcom: add video firmware file for vpu-3.0 * intel: avs: Add topology file for I2S Analog Devices 4567 * intel: avs: Add topology file for I2S Nuvoton 8825 * intel: avs: Add topology file for I2S Maxim 98927 * intel: avs: Add topology file for I2S Maxim 98373 * intel: avs: Add topology file for I2S Maxim 98357a * intel: avs: Add topology file for I2S Dialog 7219 * intel: avs: Add topology file for I2S Realtek 5663 * intel: avs: Add topology file for I2S Realtek 5640 * intel: avs: Add topology file for I2S Realtek 5514 * intel: avs: Add topology file for I2S Realtek 298 * intel: avs: Add topology file for I2S Realtek 286 * intel: avs: Add topology file for I2S Realtek 274 * intel: avs: Add topology file for Digital Microphone Array * intel: avs: Add topology file for HDMI codecs * intel: avs: Add topology file for HDAudio codecs * intel: avs: Update AudioDSP base firmware for APL-based platforms ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2785=1 openSUSE-SLE-15.6-2024-2785=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2785=1 ## Package List: * openSUSE Leap 15.6 (noarch) * kernel-firmware-marvell-20240728-150600.3.6.1 * kernel-firmware-iwlwifi-20240728-150600.3.6.1 * kernel-firmware-nfp-20240728-150600.3.6.1 * kernel-firmware-ath10k-20240728-150600.3.6.1 * kernel-firmware-ueagle-20240728-150600.3.6.1 * kernel-firmware-bluetooth-20240728-150600.3.6.1 * kernel-firmware-network-20240728-150600.3.6.1 * kernel-firmware-usb-network-20240728-150600.3.6.1 * kernel-firmware-qlogic-20240728-150600.3.6.1 * kernel-firmware-brcm-20240728-150600.3.6.1 * kernel-firmware-ti-20240728-150600.3.6.1 * kernel-firmware-mediatek-20240728-150600.3.6.1 * kernel-firmware-20240728-150600.3.6.1 * kernel-firmware-dpaa2-20240728-150600.3.6.1 * kernel-firmware-radeon-20240728-150600.3.6.1 * kernel-firmware-liquidio-20240728-150600.3.6.1 * kernel-firmware-ath12k-20240728-150600.3.6.1 * kernel-firmware-i915-20240728-150600.3.6.1 * kernel-firmware-serial-20240728-150600.3.6.1 * kernel-firmware-bnx2-20240728-150600.3.6.1 * kernel-firmware-ath11k-20240728-150600.3.6.1 * kernel-firmware-platform-20240728-150600.3.6.1 * kernel-firmware-prestera-20240728-150600.3.6.1 * kernel-firmware-nvidia-20240728-150600.3.6.1 * kernel-firmware-qcom-20240728-150600.3.6.1 * kernel-firmware-mwifiex-20240728-150600.3.6.1 * kernel-firmware-realtek-20240728-150600.3.6.1 * kernel-firmware-all-20240728-150600.3.6.1 * kernel-firmware-media-20240728-150600.3.6.1 * kernel-firmware-amdgpu-20240728-150600.3.6.1 * ucode-amd-20240728-150600.3.6.1 * kernel-firmware-intel-20240728-150600.3.6.1 * kernel-firmware-mellanox-20240728-150600.3.6.1 * kernel-firmware-atheros-20240728-150600.3.6.1 * kernel-firmware-chelsio-20240728-150600.3.6.1 * kernel-firmware-sound-20240728-150600.3.6.1 * Basesystem Module 15-SP6 (noarch) * kernel-firmware-marvell-20240728-150600.3.6.1 * kernel-firmware-iwlwifi-20240728-150600.3.6.1 * kernel-firmware-nfp-20240728-150600.3.6.1 * kernel-firmware-ath10k-20240728-150600.3.6.1 * kernel-firmware-ueagle-20240728-150600.3.6.1 * kernel-firmware-bluetooth-20240728-150600.3.6.1 * kernel-firmware-network-20240728-150600.3.6.1 * kernel-firmware-usb-network-20240728-150600.3.6.1 * kernel-firmware-qlogic-20240728-150600.3.6.1 * kernel-firmware-brcm-20240728-150600.3.6.1 * kernel-firmware-ti-20240728-150600.3.6.1 * kernel-firmware-mediatek-20240728-150600.3.6.1 * kernel-firmware-dpaa2-20240728-150600.3.6.1 * kernel-firmware-radeon-20240728-150600.3.6.1 * kernel-firmware-liquidio-20240728-150600.3.6.1 * kernel-firmware-ath12k-20240728-150600.3.6.1 * kernel-firmware-i915-20240728-150600.3.6.1 * kernel-firmware-serial-20240728-150600.3.6.1 * kernel-firmware-bnx2-20240728-150600.3.6.1 * kernel-firmware-ath11k-20240728-150600.3.6.1 * kernel-firmware-platform-20240728-150600.3.6.1 * kernel-firmware-prestera-20240728-150600.3.6.1 * kernel-firmware-nvidia-20240728-150600.3.6.1 * kernel-firmware-qcom-20240728-150600.3.6.1 * kernel-firmware-mwifiex-20240728-150600.3.6.1 * kernel-firmware-realtek-20240728-150600.3.6.1 * kernel-firmware-all-20240728-150600.3.6.1 * kernel-firmware-media-20240728-150600.3.6.1 * kernel-firmware-amdgpu-20240728-150600.3.6.1 * ucode-amd-20240728-150600.3.6.1 * kernel-firmware-intel-20240728-150600.3.6.1 * kernel-firmware-mellanox-20240728-150600.3.6.1 * kernel-firmware-atheros-20240728-150600.3.6.1 * kernel-firmware-chelsio-20240728-150600.3.6.1 * kernel-firmware-sound-20240728-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38417.html * https://www.suse.com/security/cve/CVE-2023-47210.html * https://bugzilla.suse.com/show_bug.cgi?id=1225600 * https://bugzilla.suse.com/show_bug.cgi?id=1225601

1 0