August 2024 - openSUSE Security Announce

SUSE-SU-2024:1858-1: important: Security update for MozillaThunderbird
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for MozillaThunderbird Announcement ID: SUSE-SU-2024:1858-1 Rating: important References: * bsc#1224056 Cross-References: * CVE-2024-4367 * CVE-2024-4767 * CVE-2024-4768 * CVE-2024-4769 * CVE-2024-4770 * CVE-2024-4777 CVSS scores: * CVE-2024-4367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-4767 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-4768 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-4769 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-4770 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-4777 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to version 115.11 (bsc#1224056): * CVE-2024-4367: Arbitrary JavaScript execution in PDF.js * CVE-2024-4767: IndexedDB files retained in private browsing mode * CVE-2024-4768: Potential permissions request bypass via clickjacking * CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770: Use-after-free could occur when printing to PDF * CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 * fixed: Splitter arrow between task list and task description did not behave as expected * fixed: Calendar Event Attendees dialog had incorrectly sized rows ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1858=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1858=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1858=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1858=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1858=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1858=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-1858=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-debugsource-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-other-115.11.0-150200.8.160.1 * MozillaThunderbird-translations-common-115.11.0-150200.8.160.1 * MozillaThunderbird-debuginfo-115.11.0-150200.8.160.1 * MozillaThunderbird-115.11.0-150200.8.160.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4367.html * https://www.suse.com/security/cve/CVE-2024-4767.html * https://www.suse.com/security/cve/CVE-2024-4768.html * https://www.suse.com/security/cve/CVE-2024-4769.html * https://www.suse.com/security/cve/CVE-2024-4770.html * https://www.suse.com/security/cve/CVE-2024-4777.html * https://bugzilla.suse.com/show_bug.cgi?id=1224056

1 0

SUSE-SU-2024:1859-1: important: Security update for java-1_8_0-ibm
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2024:1859-1 Rating: important References: * bsc#1222979 * bsc#1222983 * bsc#1222984 * bsc#1222986 * bsc#1222987 * bsc#1223470 * bsc#1224164 Cross-References: * CVE-2023-38264 * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21085 * CVE-2024-21094 CVSS scores: * CVE-2023-38264 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities and has one security fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): * CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164). * CVE-2024-21094: Fixed C2 compilation fails with "Exceeded _node_regs array" (bsc#1222986). * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). * CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). * CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979). * CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1859=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1859=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-1859=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1859=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1859=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1859=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1859=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1859=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1859=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1859=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1859=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1859=1 ## Package List: * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-src-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.6 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.6 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.25-150000.3.89.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-src-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP6 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP6 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * Legacy Module 15-SP6 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1 * java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38264.html * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21085.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222984 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987 * https://bugzilla.suse.com/show_bug.cgi?id=1223470 * https://bugzilla.suse.com/show_bug.cgi?id=1224164

1 0

SUSE-SU-2024:1860-1: important: Security update for uriparser
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for uriparser Announcement ID: SUSE-SU-2024:1860-1 Rating: important References: * bsc#1223887 * bsc#1223888 Cross-References: * CVE-2024-34402 * CVE-2024-34403 CVSS scores: * CVE-2024-34402 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2024-34403 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for uriparser fixes the following issues: * CVE-2024-34402: Fixed integer overflow protection in ComposeQueryEngine (bsc#1223887). * CVE-2024-34403: Fixed integer overflow protection in ComposeQueryMallocExMm (bsc#1223888). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1860=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1860=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1860=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1860=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * openSUSE Leap 15.5 (x86_64) * liburiparser1-32bit-debuginfo-0.8.5-150000.3.8.1 * liburiparser1-32bit-0.8.5-150000.3.8.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * uriparser-debugsource-0.8.5-150000.3.8.1 * uriparser-0.8.5-150000.3.8.1 * liburiparser1-0.8.5-150000.3.8.1 * liburiparser1-debuginfo-0.8.5-150000.3.8.1 * uriparser-devel-0.8.5-150000.3.8.1 * uriparser-debuginfo-0.8.5-150000.3.8.1 * openSUSE Leap 15.6 (x86_64) * liburiparser1-32bit-debuginfo-0.8.5-150000.3.8.1 * liburiparser1-32bit-0.8.5-150000.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34402.html * https://www.suse.com/security/cve/CVE-2024-34403.html * https://bugzilla.suse.com/show_bug.cgi?id=1223887 * https://bugzilla.suse.com/show_bug.cgi?id=1223888

1 0

SUSE-SU-2024:1861-1: important: Security update for python3-sqlparse
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python3-sqlparse Announcement ID: SUSE-SU-2024:1861-1 Rating: important References: * bsc#1223603 Cross-References: * CVE-2024-4340 CVSS scores: * CVE-2024-4340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.3 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-sqlparse fixes the following issues: * CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1861=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1861=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1861=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1861=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1861=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1861=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1861=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1861=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1861=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1861=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * openSUSE Leap 15.5 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * Basesystem Module 15-SP5 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * Basesystem Module 15-SP6 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Proxy 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Server 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-sqlparse-0.4.2-150300.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4340.html * https://bugzilla.suse.com/show_bug.cgi?id=1223603

1 0

SUSE-SU-2024:1862-1: moderate: Security update for python
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python Announcement ID: SUSE-SU-2024:1862-1 Rating: moderate References: * bsc#1214675 * bsc#1219306 * bsc#1219559 * bsc#1220970 * bsc#1221854 * bsc#1222537 Cross-References: * CVE-2022-48560 * CVE-2023-27043 * CVE-2023-52425 * CVE-2024-0450 CVSS scores: * CVE-2022-48560 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48560 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-52425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52425 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0450 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for python fixes the following issues: * CVE-2023-52425: Fixed using the system libexpat (bsc#1219559). * CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr() (bsc#1222537). * CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq (bsc#1214675). * CVE-2024-0450: Detect the vulnerability of the "quoted-overlap" zipbomb (bsc#1221854). Bug fixes: * Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306). * Build with -std=gnu89 to build correctly with gcc14 (bsc#1220970). * Switch from %patchN style to the %patch -P N one. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1862=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1862=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1862=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1862=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-devel-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-idle-2.7.18-150000.65.1 * python-demo-2.7.18-150000.65.1 * python-tk-debuginfo-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-tk-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 * openSUSE Leap 15.5 (x86_64) * python-32bit-2.7.18-150000.65.1 * python-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-2.7.18-150000.65.1 * openSUSE Leap 15.5 (noarch) * python-doc-2.7.18-150000.65.1 * python-doc-pdf-2.7.18-150000.65.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-devel-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-idle-2.7.18-150000.65.1 * python-demo-2.7.18-150000.65.1 * python-tk-debuginfo-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-tk-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 * openSUSE Leap 15.6 (x86_64) * python-32bit-2.7.18-150000.65.1 * python-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-debuginfo-2.7.18-150000.65.1 * python-base-32bit-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-32bit-2.7.18-150000.65.1 * openSUSE Leap 15.6 (noarch) * python-doc-2.7.18-150000.65.1 * python-doc-pdf-2.7.18-150000.65.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-devel-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * python-debugsource-2.7.18-150000.65.1 * python-base-debugsource-2.7.18-150000.65.1 * python-debuginfo-2.7.18-150000.65.1 * libpython2_7-1_0-2.7.18-150000.65.1 * python-gdbm-debuginfo-2.7.18-150000.65.1 * python-2.7.18-150000.65.1 * python-base-2.7.18-150000.65.1 * python-curses-2.7.18-150000.65.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.65.1 * python-base-debuginfo-2.7.18-150000.65.1 * python-curses-debuginfo-2.7.18-150000.65.1 * python-xml-2.7.18-150000.65.1 * python-gdbm-2.7.18-150000.65.1 * python-xml-debuginfo-2.7.18-150000.65.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48560.html * https://www.suse.com/security/cve/CVE-2023-27043.html * https://www.suse.com/security/cve/CVE-2023-52425.html * https://www.suse.com/security/cve/CVE-2024-0450.html * https://bugzilla.suse.com/show_bug.cgi?id=1214675 * https://bugzilla.suse.com/show_bug.cgi?id=1219306 * https://bugzilla.suse.com/show_bug.cgi?id=1219559 * https://bugzilla.suse.com/show_bug.cgi?id=1220970 * https://bugzilla.suse.com/show_bug.cgi?id=1221854 * https://bugzilla.suse.com/show_bug.cgi?id=1222537

1 0

SUSE-SU-2024:1863-1: moderate: Security update for python-Jinja2
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-Jinja2 Announcement ID: SUSE-SU-2024:1863-1 Rating: moderate References: * bsc#1218722 * bsc#1223980 Cross-References: * CVE-2024-22195 * CVE-2024-34064 CVSS scores: * CVE-2024-22195 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-22195 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-34064 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Jinja2 fixes the following issues: * Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1863=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1863=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1863=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1863=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1863=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1863=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1863=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1863=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1863=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1863=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1863=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1863=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1863=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * openSUSE Leap Micro 5.4 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * openSUSE Leap 15.5 (noarch) * python-Jinja2-emacs-2.10.1-150000.3.13.1 * python-Jinja2-vim-2.10.1-150000.3.13.1 * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * Basesystem Module 15-SP5 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * Basesystem Module 15-SP6 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-Jinja2-2.10.1-150000.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22195.html * https://www.suse.com/security/cve/CVE-2024-34064.html * https://bugzilla.suse.com/show_bug.cgi?id=1218722 * https://bugzilla.suse.com/show_bug.cgi?id=1223980

1 0

SUSE-SU-2024:1864-1: moderate: Security update for python-Jinja2
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-Jinja2 Announcement ID: SUSE-SU-2024:1864-1 Rating: moderate References: * bsc#1218722 * bsc#1223980 Cross-References: * CVE-2024-22195 * CVE-2024-34064 CVSS scores: * CVE-2024-22195 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-22195 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-34064 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Jinja2 fixes the following issues: * Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1864=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1864=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1864=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1864=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1864=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-Jinja2-3.1.2-150400.12.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-Jinja2-3.1.2-150400.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22195.html * https://www.suse.com/security/cve/CVE-2024-34064.html * https://bugzilla.suse.com/show_bug.cgi?id=1218722 * https://bugzilla.suse.com/show_bug.cgi?id=1223980

1 0

SUSE-SU-2024:1865-1: moderate: Security update for wireshark
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for wireshark Announcement ID: SUSE-SU-2024:1865-1 Rating: moderate References: * bsc#1224259 * bsc#1224274 * bsc#1224276 Cross-References: * CVE-2024-4853 * CVE-2024-4854 * CVE-2024-4855 CVSS scores: * CVE-2024-4853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-4854 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-4855 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues: Update to version 3.6.22: * CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops (bsc#1224274) * CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet (bsc#1224259) * CVE-2024-4855: The editcap command line utility could crash when injecting secrets while writing multiple files (bsc#1224276) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1865=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1865=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1865=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1865=1 ## Package List: * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wireshark-debuginfo-3.6.23-150000.3.115.1 * wireshark-ui-qt-3.6.23-150000.3.115.1 * wireshark-debugsource-3.6.23-150000.3.115.1 * wireshark-ui-qt-debuginfo-3.6.23-150000.3.115.1 * wireshark-devel-3.6.23-150000.3.115.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.23-150000.3.115.1 * wireshark-debuginfo-3.6.23-150000.3.115.1 * libwiretap12-3.6.23-150000.3.115.1 * wireshark-3.6.23-150000.3.115.1 * libwireshark15-3.6.23-150000.3.115.1 * libwiretap12-debuginfo-3.6.23-150000.3.115.1 * wireshark-ui-qt-3.6.23-150000.3.115.1 * wireshark-debugsource-3.6.23-150000.3.115.1 * wireshark-ui-qt-debuginfo-3.6.23-150000.3.115.1 * libwsutil13-3.6.23-150000.3.115.1 * libwireshark15-debuginfo-3.6.23-150000.3.115.1 * wireshark-devel-3.6.23-150000.3.115.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwsutil13-debuginfo-3.6.23-150000.3.115.1 * wireshark-debuginfo-3.6.23-150000.3.115.1 * libwiretap12-3.6.23-150000.3.115.1 * wireshark-3.6.23-150000.3.115.1 * libwireshark15-3.6.23-150000.3.115.1 * libwiretap12-debuginfo-3.6.23-150000.3.115.1 * wireshark-debugsource-3.6.23-150000.3.115.1 * libwsutil13-3.6.23-150000.3.115.1 * libwireshark15-debuginfo-3.6.23-150000.3.115.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wireshark-debugsource-3.6.23-150000.3.115.1 * wireshark-debuginfo-3.6.23-150000.3.115.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4853.html * https://www.suse.com/security/cve/CVE-2024-4854.html * https://www.suse.com/security/cve/CVE-2024-4855.html * https://bugzilla.suse.com/show_bug.cgi?id=1224259 * https://bugzilla.suse.com/show_bug.cgi?id=1224274 * https://bugzilla.suse.com/show_bug.cgi?id=1224276

1 0

SUSE-SU-2024:1866-1: moderate: Security update for python-aiohttp
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-aiohttp Announcement ID: SUSE-SU-2024:1866-1 Rating: moderate References: * bsc#1223098 Cross-References: * CVE-2024-27306 CVSS scores: * CVE-2024-27306 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-aiohttp fixes the following issues: * CVE-2024-27306: Fixed XSS on index pages for static file handling (bsc#1223098) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1866=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1866=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1866=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1866=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1866=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1866=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-3.9.3-150400.10.21.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-aiohttp-debuginfo-3.9.3-150400.10.21.1 * python-aiohttp-debugsource-3.9.3-150400.10.21.1 * python311-aiohttp-3.9.3-150400.10.21.1 ## References: * https://www.suse.com/security/cve/CVE-2024-27306.html * https://bugzilla.suse.com/show_bug.cgi?id=1223098

1 0

SUSE-SU-2024:1867-1: moderate: Security update for fwupdate
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for fwupdate Announcement ID: SUSE-SU-2024:1867-1 Rating: moderate References: * bsc#1209188 * bsc#1221301 Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update of fwupdate fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). * Update the email address of security team in SBAT (bsc#1221301) * elf_aarch64_efi.lds: set the memory permission explicitly to avoid ld warning like "LOAD segment with RWX permissions" ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1867=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1867=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1867=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1867=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1867=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1867=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1867=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1867=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1867=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1867=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1867=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1867=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1867=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1867=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1867=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1867=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1867=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2024-1867=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * openSUSE Leap 15.6 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Micro 5.5 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * Basesystem Module 15-SP5 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * Basesystem Module 15-SP6 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Manager Proxy 4.3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Manager Retail Branch Server 4.3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Manager Server 4.3 (x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * fwupdate-12-150100.11.15.2 * libfwup1-debuginfo-12-150100.11.15.2 * fwupdate-efi-12-150100.11.15.2 * fwupdate-debuginfo-12-150100.11.15.2 * fwupdate-debugsource-12-150100.11.15.2 * fwupdate-efi-debuginfo-12-150100.11.15.2 * libfwup1-12-150100.11.15.2 * fwupdate-devel-12-150100.11.15.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 * https://bugzilla.suse.com/show_bug.cgi?id=1221301

1 0

SUSE-SU-2024:1872-1: moderate: Security update for python-tqdm
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-tqdm Announcement ID: SUSE-SU-2024:1872-1 Rating: moderate References: * bsc#1223880 Cross-References: * CVE-2024-34062 CVSS scores: * CVE-2024-34062 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-tqdm fixes the following issues: Update to version 4.66.4: * rich: fix completion * cli: eval safety (CVE-2024-34062, bsc#1223880) * pandas: add DataFrame.progress_map * notebook: fix HTML padding * keras: fix resuming training when verbose>=2 * fix format_num negative fractions missing leading zero * fix Python 3.12 DeprecationWarning on import ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1872=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1872=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1872=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1872=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1872=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1872=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1872=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1872=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1872=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1872=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1872=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * openSUSE Leap 15.5 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * openSUSE Leap 15.6 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * Public Cloud Module 15-SP4 (noarch) * python311-tqdm-4.66.4-150400.9.12.1 * Python 3 Module 15-SP5 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * Python 3 Module 15-SP6 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python-tqdm-bash-completion-4.66.4-150400.9.12.1 * python311-tqdm-4.66.4-150400.9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34062.html * https://bugzilla.suse.com/show_bug.cgi?id=1223880

1 0

SUSE-SU-2024:1498-2: low: Security update for java-11-openjdk
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for java-11-openjdk Announcement ID: SUSE-SU-2024:1498-2 Rating: low References: * bsc#1213470 * bsc#1222979 * bsc#1222983 * bsc#1222984 * bsc#1222986 * bsc#1222987 Cross-References: * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21085 * CVE-2024-21094 CVSS scores: * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for java-11-openjdk fixes the following issues: * CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) * CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) * CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) * CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: \- Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes \+ JDK-8318340: Improve RSA key implementations * Other changes \+ JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS \+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. \+ JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the border incorrectly \+ JDK-8058176: [mlvm] tests should not allow code cache exhaustion \+ JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic \+ JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out \+ JDK-8156889: ListKeychainStore.sh fails in some virtualized environments \+ JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting \+ JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java \+ JDK-8169475: WheelModifier.java fails by timeout \+ JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test \+ JDK-8186610: move ModuleUtils to top-level testlibrary \+ JDK-8192864: defmeth tests can hide failures \+ JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails \+ JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing \+ JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed \+ JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up \+ JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails \+ JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests \+ JDK-8207214: Broken links in JDK API serialized-form page \+ JDK-8207855: Make applications/jcstress invoke tests in batches \+ JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly \+ JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected \+ JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system \+ JDK-8208699: remove unneeded imports from runtime tests \+ JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing \+ JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests \+ JDK-8209549: remove VMPropsExt from TEST.ROOT \+ JDK-8209595: MonitorVmStartTerminate.java timed out \+ JDK-8209946: [TESTBUG] CDS tests should use "@run driver" \+ JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location \+ JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary \+ JDK-8213622: Windows VS2013 build failure - "'snprintf': identifier not found" \+ JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL \+ JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled \+ JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules \+ JDK-8214915: CtwRunner misses export for jdk.internal.access \+ JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException \+ JDK-8217475: Unexpected StackOverflowError in "process reaper" thread \+ JDK-8218754: JDK-8068225 regression in JDIBreakpointTest \+ JDK-8219475: javap man page needs to be updated \+ JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't \+ JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host \+ JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates \+ JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java \+ JDK-8226905: unproblem list applications/ctw/modules/ _tests on windows \+ JDK-8226910: make it possible to use jtreg 's -match via run-test framework \+ JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry \+ JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException \+ JDK-8232839: JDI AfterThreadDeathTest.java failed due to "FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()" \+ JDK-8233453: MLVM deoptimize stress test timed out \+ JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception \+ JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails \+ JDK-8237777: "Dumping core ..." is shown despite claiming that "# No core dump will be written." \+ JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout \+ JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel \+ JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails \+ JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to "(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8" \+ JDK-8246222: Rename javac test T6395981.java to be more informative \+ JDK-8247818: GCC 10 warning stringop- overflow with symbol code \+ JDK-8249087: Always initialize _body[0..1] in Symbol constructor \+ JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies \+ JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR \+ JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with "AssertionError: All pixels are not black" \+ JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails \+ JDK-8253820: Save test images and dumps with timestamps from client sanity suite \+ JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay \+ JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU \+ JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java \+ JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed \+ JDK-8259801: Enable XML Signature secure validation mode by default \+ JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details \+ JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. \+ JDK-8269025: jsig/Testjsig.java doesn't check exit code \+ JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest \+ JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code \+ JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code \+ JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags \+ JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags \+ JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags \+ JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags \+ JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes \+ JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags \+ JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags \+ JDK-8273803: Zero: Handle "zero" variant in CommandLineOptionTest.java \+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 \+ JDK-8274621: NullPointerException because listenAddress[0] is null \+ JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC \+ JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 \+ JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB \+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+ JDK-8281717: Cover logout method for several LoginModule \+ JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) \+ JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile \+ JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests \+ JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released \+ JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java \+ JDK-8287113: JFR: Periodic task thread uses period for method sampling events \+ JDK-8289511: Improve test coverage for XPath Axes: child \+ JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" \+ JDK-8289948: Improve test coverage for XPath functions: Node Set Functions \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed \+ JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with "isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN" \+ JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar \+ JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" \+ JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG" \+ JDK-8294158: HTML formatting for PassFailJFrame instructions \+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure \+ JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport \+ JDK-8294535: Add screen capture functionality to PassFailJFrame \+ JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM \+ JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout \+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found \+ JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF \+ JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with "List wasn't garbage collected" \+ JDK-8301310: The SendRawSysexMessage test may cause a JVM crash \+ JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again \+ JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library \+ JDK-8302017: Allocate BadPaddingException only if it will be thrown \+ JDK-8302109: Trivial fixes to btree tests \+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java \+ JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java \+ JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM \+ JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 \+ JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 \+ JDK-8305502: adjust timeouts in three more M&M tests \+ JDK-8305505: NPE in javazic compiler \+ JDK-8305972: Update XML Security for Java to 3.0.2 \+ JDK-8306072: Open source several AWT MouseInfo related tests \+ JDK-8306076: Open source AWT misc tests \+ JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests \+ JDK-8306640: Open source several AWT TextArea related tests \+ JDK-8306652: Open source AWT MenuItem related tests \+ JDK-8306681: Open source more AWT DnD related tests \+ JDK-8306683: Open source several clipboard and color AWT tests \+ JDK-8306752: Open source several container and component AWT tests \+ JDK-8306753: Open source several container AWT tests \+ JDK-8306755: Open source few Swing JComponent and AbstractButton tests \+ JDK-8306812: Open source several AWT Miscellaneous tests \+ JDK-8306871: Open source more AWT Drag & Drop tests \+ JDK-8306996: Open source Swing MenuItem related tests \+ JDK-8307123: Fix deprecation warnings in DPrinter \+ JDK-8307130: Open source few Swing JMenu tests \+ JDK-8307299: Move more DnD tests to open \+ JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests \+ JDK-8307381: Open Source JFrame, JIF related Swing Tests \+ JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition \+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating \+ JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files \+ JDK-8308223: failure handler missed jcmd.vm.info command \+ JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee \+ JDK-8308245: Add -proc:full to describe current default annotation processing policy \+ JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use \+ JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal \+ JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication \+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop \+ JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory \+ JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing \+ JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers \+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails \+ JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt \+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out \+ JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform \+ JDK-8311511: Improve description of NativeLibrary JFR event \+ JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java \+ JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 \+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+ JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources \+ JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns \+ JDK-8313643: Update HarfBuzz to 8.2.2 \+ JDK-8313816: Accessing jmethodID might lead to spurious crashes \+ JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp \+ JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+ JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case \+ JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder \+ JDK-8315042: NPE in PKCS7.parseOldSignedData \+ JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases \+ JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen \+ JDK-8315594: Open source few headless Swing misc tests \+ JDK-8315600: Open source few more headless Swing misc tests \+ JDK-8315602: Open source swing security manager test \+ JDK-8315606: Open source few swing text/html tests \+ JDK-8315611: Open source swing text/html and tree test \+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+ JDK-8315731: Open source several Swing Text related tests \+ JDK-8315761: Open source few swing JList and JMenuBar tests \+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location \+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests \+ JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit \+ JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly \+ JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information \+ JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js \+ JDK-8318154: Improve stability of WheelModifier.java test \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 \+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests \+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" \+ JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late \+ JDK-8318951: Additional negative value check in JPEG decoding \+ JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+ JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+ JDK-8319124: Update XML Security for Java to 3.0.3 \+ JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes \+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh \+ JDK-8320001: javac crashes while adding type annotations to the return type of a constructor \+ JDK-8320208: Update Public Suffix List to b5bf572 \+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity \+ JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly \+ JDK-8320798: Console read line with zero out should zero out underlying buffer \+ JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 \+ JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp \+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions \+ JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode \+ JDK-8321408: Add Certainly roots R1 and E1 \+ JDK-8321480: ISO 4217 Amendment 176 Update \+ JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries \+ JDK-8322417: Console read line with zero out should zero out when throwing exception \+ JDK-8322725: (tz) Update Timezone Data to 2023d \+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray \+ JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert \+ JDK-8322772: Clean up code after JDK-8322417 \+ JDK-8323008: filter out harmful -std_ flags added by autoconf from CXX \+ JDK-8323243: JNI invocation of an abstract instance method corrupts the stack \+ JDK-8323515: Create test alias "all" for all test roots \+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed \+ JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" \+ JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) \+ JDK-8324347: Enable "maybe- uninitialized" warning for FreeType 2.13.1 \+ JDK-8324659: GHA: Generic jtreg errors are not reported \+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+ JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled \+ JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist \+ JDK-8327391: Add SipHash attribution file \+ JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 * Removed the possibility to use the system timezone-java (bsc#1213470) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1498=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1498=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1498=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-headless-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-demo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1 * java-11-openjdk-src-11.0.23.0-150000.3.113.1 * java-11-openjdk-11.0.23.0-150000.3.113.1 * java-11-openjdk-jmods-11.0.23.0-150000.3.113.1 * openSUSE Leap 15.6 (noarch) * java-11-openjdk-javadoc-11.0.23.0-150000.3.113.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-11-openjdk-headless-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-11.0.23.0-150000.3.113.1 * java-11-openjdk-devel-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-headless-debuginfo-11.0.23.0-150000.3.113.1 * java-11-openjdk-demo-11.0.23.0-150000.3.113.1 * java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1 * java-11-openjdk-11.0.23.0-150000.3.113.1 * SUSE Package Hub 15 15-SP6 (noarch) * java-11-openjdk-javadoc-11.0.23.0-150000.3.113.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21085.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1213470 * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222984 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987

1 0

SUSE-SU-2024:2052-1: important: Security update for libaom
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for libaom Announcement ID: SUSE-SU-2024:2052-1 Rating: important References: * bsc#1226020 Cross-References: * CVE-2024-5171 CVSS scores: * CVE-2024-5171 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-5171 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libaom fixes the following issues: * CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2052=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2052=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2052=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2052=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2052=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2052=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2052=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2052=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2052=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2052=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2052=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Manager Proxy 4.3 (x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * aom-tools-debuginfo-3.2.0-150400.3.6.1 * aom-tools-3.2.0-150400.3.6.1 * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom-devel-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (noarch) * libaom-devel-doc-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libaom3-32bit-debuginfo-3.2.0-150400.3.6.1 * libaom3-32bit-3.2.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libaom3-64bit-3.2.0-150400.3.6.1 * libaom3-64bit-debuginfo-3.2.0-150400.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * aom-tools-debuginfo-3.2.0-150400.3.6.1 * aom-tools-3.2.0-150400.3.6.1 * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom-devel-3.2.0-150400.3.6.1 * openSUSE Leap 15.5 (noarch) * libaom-devel-doc-3.2.0-150400.3.6.1 * openSUSE Leap 15.5 (x86_64) * libaom3-32bit-debuginfo-3.2.0-150400.3.6.1 * libaom3-32bit-3.2.0-150400.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libaom-debugsource-3.2.0-150400.3.6.1 * libaom3-3.2.0-150400.3.6.1 * libaom3-debuginfo-3.2.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5171.html * https://bugzilla.suse.com/show_bug.cgi?id=1226020

1 0

SUSE-SU-2024:1079-2: important: Security update for netty, netty-tcnative
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2024:1079-2 Rating: important References: * bsc#1222045 Cross-References: * CVE-2024-29025 CVSS scores: * CVE-2024-29025 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: * CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1079=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-1079=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1079=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-4.1.108-150200.4.23.1 * netty-tcnative-2.0.65-150200.3.19.1 * openSUSE Leap 15.6 (noarch) * netty-poms-4.1.108-150200.4.23.1 * netty-javadoc-4.1.108-150200.4.23.1 * netty-tcnative-javadoc-2.0.65-150200.3.19.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.65-150200.3.19.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-4.1.108-150200.4.23.1 * SUSE Package Hub 15 15-SP6 (noarch) * netty-poms-4.1.108-150200.4.23.1 * netty-javadoc-4.1.108-150200.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29025.html * https://bugzilla.suse.com/show_bug.cgi?id=1222045

1 0

SUSE-SU-2024:1486-2: moderate: Security update for cosign
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for cosign Announcement ID: SUSE-SU-2024:1486-2 Rating: moderate References: * bsc#1222835 * bsc#1222837 * jsc#SLE-23879 Cross-References: * CVE-2024-29902 * CVE-2024-29903 CVSS scores: * CVE-2024-29902 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-29903 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: * CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835) * CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837) Other fixes: \- Updated to 2.2.4 (jsc#SLE-23879) * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1486=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1486=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.2.4-150400.3.20.1 * cosign-2.2.4-150400.3.20.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.2.4-150400.3.20.1 * cosign-2.2.4-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29902.html * https://www.suse.com/security/cve/CVE-2024-29903.html * https://bugzilla.suse.com/show_bug.cgi?id=1222835 * https://bugzilla.suse.com/show_bug.cgi?id=1222837 * https://jira.suse.com/browse/SLE-23879

1 0

SUSE-SU-2024:2186-1: important: Security update for gnome-settings-daemon
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for gnome-settings-daemon Announcement ID: SUSE-SU-2024:2186-1 Rating: important References: * bsc#1226423 Cross-References: * CVE-2024-38394 CVSS scores: * CVE-2024-38394 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for gnome-settings-daemon fixes the following issues: * CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2186=1 SUSE-2024-2186=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2186=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gnome-settings-daemon-debugsource-45.1-150600.3.3.1 * gnome-settings-daemon-debuginfo-45.1-150600.3.3.1 * gnome-settings-daemon-45.1-150600.3.3.1 * gnome-settings-daemon-devel-45.1-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * gnome-settings-daemon-lang-45.1-150600.3.3.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * gnome-settings-daemon-debugsource-45.1-150600.3.3.1 * gnome-settings-daemon-debuginfo-45.1-150600.3.3.1 * gnome-settings-daemon-45.1-150600.3.3.1 * gnome-settings-daemon-devel-45.1-150600.3.3.1 * Desktop Applications Module 15-SP6 (noarch) * gnome-settings-daemon-lang-45.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38394.html * https://bugzilla.suse.com/show_bug.cgi?id=1226423

1 0

SUSE-SU-2024:2187-1: moderate: Security update for ntfs-3g_ntfsprogs
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for ntfs-3g_ntfsprogs Announcement ID: SUSE-SU-2024:2187-1 Rating: moderate References: * bsc#1226007 Cross-References: * CVE-2023-52890 CVSS scores: * CVE-2023-52890 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ntfs-3g_ntfsprogs fixes the following issue: * CVE-2023-52890: fix a use after free in ntfs_uppercase_mbs (bsc#1226007) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2187=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2187=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2187=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2187=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2187=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-2187=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfsprogs-extra-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfsprogs-extra-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfsprogs-extra-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfsprogs-extra-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libntfs-3g-devel-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libntfs-3g87-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-2022.5.17-150000.3.21.1 * ntfsprogs-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 * ntfs-3g-debuginfo-2022.5.17-150000.3.21.1 * libntfs-3g-devel-2022.5.17-150000.3.21.1 * libntfs-3g87-2022.5.17-150000.3.21.1 * ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.21.1 * ntfsprogs-debuginfo-2022.5.17-150000.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52890.html * https://bugzilla.suse.com/show_bug.cgi?id=1226007

1 0

SUSE-SU-2024:2776-1: moderate: Security update for dri3proto, presentproto, wayland-protocols, xwayland
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for dri3proto, presentproto, wayland-protocols, xwayland Announcement ID: SUSE-SU-2024:2776-1 Rating: moderate References: * bsc#1219892 * bsc#1222309 * bsc#1222310 * bsc#1222312 * bsc#1222442 * jsc#PED-9498 Cross-References: * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 CVSS scores: * CVE-2024-31080 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-31081 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-31083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities, contains one feature and has two security fixes can now be installed. ## Description: This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: * Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name * Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol * Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled * Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note * Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: * Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: optionally force disposal * wayland: Force disposal of windows buffers for root on destroy * xwayland: Check for pointer in xwl_seat_leave_ptr() * xwayland: remove includedir from pkgconfig * disable DPMS on sle15 due to missing proto package * Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Restore the ResizeWindow handler * xwayland: Handle rootful resize in ResizeWindow * xwayland: Move XRandR emulation to the ResizeWindow hook * xwayland: Use correct xwl_window lookup function in xwl_set_shape * eglstreams has been dropped * Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows" * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased * Update to 23.2.6 * This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5. * Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. * Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2776=1 openSUSE-SLE-15.6-2024-2776=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2776=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2776=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2776=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2776=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-2776=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xwayland-devel-24.1.1-150600.5.3.1 * xwayland-debuginfo-24.1.1-150600.5.3.1 * xwayland-debugsource-24.1.1-150600.5.3.1 * xwayland-24.1.1-150600.5.3.1 * presentproto-devel-1.3-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * wayland-protocols-devel-1.36-150600.4.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * dri3proto-devel-1.2-150100.6.3.1 * presentproto-devel-1.3-150600.3.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * wayland-protocols-devel-1.36-150600.4.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * xwayland-debugsource-24.1.1-150600.5.3.1 * xwayland-24.1.1-150600.5.3.1 * xwayland-debuginfo-24.1.1-150600.5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31080.html * https://www.suse.com/security/cve/CVE-2024-31081.html * https://www.suse.com/security/cve/CVE-2024-31083.html * https://bugzilla.suse.com/show_bug.cgi?id=1219892 * https://bugzilla.suse.com/show_bug.cgi?id=1222309 * https://bugzilla.suse.com/show_bug.cgi?id=1222310 * https://bugzilla.suse.com/show_bug.cgi?id=1222312 * https://bugzilla.suse.com/show_bug.cgi?id=1222442 * https://jira.suse.com/browse/PED-9498

1 0

openSUSE-SU-2024:0252-1: important: Security update for opera
by opensuse-security＠opensuse.org 18 Aug '24

18 Aug '24

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0252-1 Rating: important References: Cross-References: CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 Affected Products: openSUSE Leap 15.5:NonFree ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 112.0.5197.53 * CHR-9814 Update Chromium on desktop-stable-126-5197 to 126.0.6478.226 * DNA-116974 Site settings popup size not expanding causing display issues * DNA-117115 Tab islands are extending partially after Workspace change * DNA-117708 H.264 SW decoding only possible if HW decoding is possible * DNA-117792 Crash at content::RenderWidgetHostImpl:: ForwardMouseEventWithLatencyInfo(blink:: WebMouseEvent const&, ui::LatencyInfo const&) - The update to chromium >= 126.0.6478.182 fixes following issues: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 - Update to 112.0.5197.30 * CHR-9416 Updating Chromium on desktop-stable-* branches Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5:NonFree: zypper in -t patch openSUSE-2024-252=1 Package List: - openSUSE Leap 15.5:NonFree (x86_64): opera-112.0.5197.53-lp155.3.57.1 References: https://www.suse.com/security/cve/CVE-2024-6772.html https://www.suse.com/security/cve/CVE-2024-6773.html https://www.suse.com/security/cve/CVE-2024-6774.html https://www.suse.com/security/cve/CVE-2024-6775.html https://www.suse.com/security/cve/CVE-2024-6776.html https://www.suse.com/security/cve/CVE-2024-6777.html https://www.suse.com/security/cve/CVE-2024-6778.html https://www.suse.com/security/cve/CVE-2024-6779.html

1 0

openSUSE-SU-2024:0253-1: moderate: Security update for python-Pillow
by opensuse-security＠opensuse.org 18 Aug '24

18 Aug '24

openSUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0253-1 Rating: moderate References: #1205416 Cross-References: CVE-2022-45198 CVSS scores: CVE-2022-45198 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45198 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2022-45198: Fixed improper handling of highly compressed GIF data (boo#1205416) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-253=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): python3-Pillow-8.4.0-bp155.3.9.1 python3-Pillow-tk-8.4.0-bp155.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-45198.html https://bugzilla.suse.com/1205416

1 0

openSUSE-SU-2024:0251-1: important: Security update for python-Django
by opensuse-security＠opensuse.org 18 Aug '24

18 Aug '24

openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0251-1 Rating: important References: #1207565 #1227590 #1227593 #1227594 #1227595 Cross-References: CVE-2023-23969 CVE-2024-38875 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVSS scores: CVE-2023-23969 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-23969 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-38875 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-39329 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2024-39330 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2024-39614 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2023-23969: Potential denial-of-service via Accept-Language headers (boo#1207565) - CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (boo#1227590) - CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (boo#1227593) - CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (boo#1227594) - CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language-variant() (boo#1227595) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-251=1 Package List: References: https://www.suse.com/security/cve/CVE-2023-23969.html https://www.suse.com/security/cve/CVE-2024-38875.html https://www.suse.com/security/cve/CVE-2024-39329.html https://www.suse.com/security/cve/CVE-2024-39330.html https://www.suse.com/security/cve/CVE-2024-39614.html https://bugzilla.suse.com/1207565 https://bugzilla.suse.com/1227590 https://bugzilla.suse.com/1227593 https://bugzilla.suse.com/1227594 https://bugzilla.suse.com/1227595

1 0

SUSE-SU-2024:2947-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 16 Aug '24

16 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:2947-1 Rating: important References: * bsc#1082555 * bsc#1193454 * bsc#1193554 * bsc#1193787 * bsc#1194324 * bsc#1194869 * bsc#1195357 * bsc#1195668 * bsc#1195927 * bsc#1195957 * bsc#1196018 * bsc#1196823 * bsc#1197146 * bsc#1197246 * bsc#1197762 * bsc#1202346 * bsc#1202686 * bsc#1208783 * bsc#1209636 * bsc#1213123 * bsc#1215492 * bsc#1215587 * bsc#1216834 * bsc#1219832 * bsc#1220138 * bsc#1220185 * bsc#1220186 * bsc#1220187 * bsc#1220869 * bsc#1220876 * bsc#1220942 * bsc#1220952 * bsc#1221010 * bsc#1221044 * bsc#1221647 * bsc#1221654 * bsc#1221656 * bsc#1221659 * bsc#1221777 * bsc#1222011 * bsc#1222323 * bsc#1222326 * bsc#1222328 * bsc#1222625 * bsc#1222702 * bsc#1222728 * bsc#1222799 * bsc#1222809 * bsc#1222810 * bsc#1223021 * bsc#1223180 * bsc#1223635 * bsc#1223652 * bsc#1223675 * bsc#1223778 * bsc#1223806 * bsc#1223813 * bsc#1223815 * bsc#1223836 * bsc#1223863 * bsc#1224414 * bsc#1224499 * bsc#1224500 * bsc#1224512 * bsc#1224516 * bsc#1224517 * bsc#1224545 * bsc#1224548 * bsc#1224557 * bsc#1224572 * bsc#1224573 * bsc#1224585 * bsc#1224604 * bsc#1224636 * bsc#1224641 * bsc#1224683 * bsc#1224694 * bsc#1224700 * bsc#1224743 * bsc#1225088 * bsc#1225272 * bsc#1225301 * bsc#1225475 * bsc#1225489 * bsc#1225504 * bsc#1225505 * bsc#1225564 * bsc#1225573 * bsc#1225581 * bsc#1225586 * bsc#1225711 * bsc#1225717 * bsc#1225719 * bsc#1225744 * bsc#1225745 * bsc#1225746 * bsc#1225752 * bsc#1225753 * bsc#1225757 * bsc#1225767 * bsc#1225810 * bsc#1225815 * bsc#1225820 * bsc#1225829 * bsc#1225835 * bsc#1225838 * bsc#1225839 * bsc#1225843 * bsc#1225847 * bsc#1225851 * bsc#1225856 * bsc#1225895 * bsc#1225898 * bsc#1225903 * bsc#1226202 * bsc#1226502 * bsc#1226519 * bsc#1226551 * bsc#1226555 * bsc#1226565 * bsc#1226568 * bsc#1226570 * bsc#1226571 * bsc#1226574 * bsc#1226588 * bsc#1226607 * bsc#1226650 * bsc#1226698 * bsc#1226713 * bsc#1226716 * bsc#1226750 * bsc#1226757 * bsc#1226758 * bsc#1226775 * bsc#1226783 * bsc#1226785 * bsc#1226834 * bsc#1226837 * bsc#1226911 * bsc#1226990 * bsc#1226993 * bsc#1227090 * bsc#1227121 * bsc#1227157 * bsc#1227162 * bsc#1227362 * bsc#1227383 * bsc#1227432 * bsc#1227435 * bsc#1227447 * bsc#1227487 * bsc#1227549 * bsc#1227573 * bsc#1227618 * bsc#1227620 * bsc#1227626 * bsc#1227635 * bsc#1227661 * bsc#1227716 * bsc#1227722 * bsc#1227724 * bsc#1227725 * bsc#1227728 * bsc#1227729 * bsc#1227730 * bsc#1227732 * bsc#1227733 * bsc#1227750 * bsc#1227754 * bsc#1227755 * bsc#1227760 * bsc#1227762 * bsc#1227763 * bsc#1227764 * bsc#1227766 * bsc#1227770 * bsc#1227771 * bsc#1227772 * bsc#1227774 * bsc#1227779 * bsc#1227780 * bsc#1227783 * bsc#1227786 * bsc#1227787 * bsc#1227790 * bsc#1227792 * bsc#1227796 * bsc#1227797 * bsc#1227798 * bsc#1227800 * bsc#1227802 * bsc#1227806 * bsc#1227808 * bsc#1227810 * bsc#1227812 * bsc#1227813 * bsc#1227814 * bsc#1227816 * bsc#1227820 * bsc#1227823 * bsc#1227824 * bsc#1227828 * bsc#1227829 * bsc#1227836 * bsc#1227846 * bsc#1227849 * bsc#1227851 * bsc#1227862 * bsc#1227864 * bsc#1227865 * bsc#1227866 * bsc#1227870 * bsc#1227884 * bsc#1227886 * bsc#1227891 * bsc#1227893 * bsc#1227899 * bsc#1227900 * bsc#1227910 * bsc#1227913 * bsc#1227917 * bsc#1227919 * bsc#1227920 * bsc#1227921 * bsc#1227922 * bsc#1227923 * bsc#1227924 * bsc#1227925 * bsc#1227927 * bsc#1227928 * bsc#1227931 * bsc#1227932 * bsc#1227933 * bsc#1227935 * bsc#1227936 * bsc#1227938 * bsc#1227941 * bsc#1227942 * bsc#1227944 * bsc#1227945 * bsc#1227947 * bsc#1227948 * bsc#1227949 * bsc#1227950 * bsc#1227952 * bsc#1227953 * bsc#1227954 * bsc#1227956 * bsc#1227957 * bsc#1227963 * bsc#1227964 * bsc#1227965 * bsc#1227968 * bsc#1227969 * bsc#1227970 * bsc#1227971 * bsc#1227972 * bsc#1227975 * bsc#1227976 * bsc#1227981 * bsc#1227982 * bsc#1227985 * bsc#1227986 * bsc#1227987 * bsc#1227988 * bsc#1227989 * bsc#1227990 * bsc#1227991 * bsc#1227992 * bsc#1227993 * bsc#1227995 * bsc#1227996 * bsc#1227997 * bsc#1228000 * bsc#1228002 * bsc#1228003 * bsc#1228004 * bsc#1228005 * bsc#1228006 * bsc#1228007 * bsc#1228008 * bsc#1228009 * bsc#1228010 * bsc#1228011 * bsc#1228013 * bsc#1228014 * bsc#1228015 * bsc#1228019 * bsc#1228020 * bsc#1228025 * bsc#1228028 * bsc#1228035 * bsc#1228037 * bsc#1228038 * bsc#1228039 * bsc#1228040 * bsc#1228045 * bsc#1228054 * bsc#1228055 * bsc#1228056 * bsc#1228060 * bsc#1228061 * bsc#1228062 * bsc#1228063 * bsc#1228064 * bsc#1228066 * bsc#1228067 * bsc#1228068 * bsc#1228071 * bsc#1228079 * bsc#1228090 * bsc#1228114 * bsc#1228140 * bsc#1228190 * bsc#1228191 * bsc#1228195 * bsc#1228202 * bsc#1228226 * bsc#1228235 * bsc#1228237 * bsc#1228247 * bsc#1228327 * bsc#1228328 * bsc#1228330 * bsc#1228403 * bsc#1228405 * bsc#1228408 * bsc#1228409 * bsc#1228410 * bsc#1228418 * bsc#1228440 * bsc#1228459 * bsc#1228462 * bsc#1228470 * bsc#1228518 * bsc#1228520 * bsc#1228530 * bsc#1228561 * bsc#1228565 * bsc#1228580 * bsc#1228581 * bsc#1228591 * bsc#1228599 * bsc#1228617 * bsc#1228625 * bsc#1228626 * bsc#1228633 * bsc#1228640 * bsc#1228644 * bsc#1228649 * bsc#1228655 * bsc#1228665 * bsc#1228672 * bsc#1228680 * bsc#1228705 * bsc#1228723 * bsc#1228743 * bsc#1228756 * bsc#1228801 * bsc#1228850 * bsc#1228857 * jsc#PED-8582 * jsc#PED-8690 Cross-References: * CVE-2021-47086 * CVE-2021-47103 * CVE-2021-47186 * CVE-2021-47402 * CVE-2021-47546 * CVE-2021-47547 * CVE-2021-47588 * CVE-2021-47590 * CVE-2021-47591 * CVE-2021-47593 * CVE-2021-47598 * CVE-2021-47599 * CVE-2021-47606 * CVE-2021-47622 * CVE-2021-47623 * CVE-2021-47624 * CVE-2022-48713 * CVE-2022-48730 * CVE-2022-48732 * CVE-2022-48749 * CVE-2022-48756 * CVE-2022-48773 * CVE-2022-48774 * CVE-2022-48775 * CVE-2022-48776 * CVE-2022-48777 * CVE-2022-48778 * CVE-2022-48780 * CVE-2022-48783 * CVE-2022-48784 * CVE-2022-48785 * CVE-2022-48786 * CVE-2022-48787 * CVE-2022-48788 * CVE-2022-48789 * CVE-2022-48790 * CVE-2022-48791 * CVE-2022-48792 * CVE-2022-48793 * CVE-2022-48794 * CVE-2022-48796 * CVE-2022-48797 * CVE-2022-48798 * CVE-2022-48799 * CVE-2022-48800 * CVE-2022-48801 * CVE-2022-48802 * CVE-2022-48803 * CVE-2022-48804 * CVE-2022-48805 * CVE-2022-48806 * CVE-2022-48807 * CVE-2022-48809 * CVE-2022-48810 * CVE-2022-48811 * CVE-2022-48812 * CVE-2022-48813 * CVE-2022-48814 * CVE-2022-48815 * CVE-2022-48816 * CVE-2022-48817 * CVE-2022-48818 * CVE-2022-48820 * CVE-2022-48821 * CVE-2022-48822 * CVE-2022-48823 * CVE-2022-48824 * CVE-2022-48825 * CVE-2022-48826 * CVE-2022-48827 * CVE-2022-48828 * CVE-2022-48829 * CVE-2022-48830 * CVE-2022-48831 * CVE-2022-48834 * CVE-2022-48835 * CVE-2022-48836 * CVE-2022-48837 * CVE-2022-48838 * CVE-2022-48839 * CVE-2022-48840 * CVE-2022-48841 * CVE-2022-48842 * CVE-2022-48843 * CVE-2022-48844 * CVE-2022-48846 * CVE-2022-48847 * CVE-2022-48849 * CVE-2022-48850 * CVE-2022-48851 * CVE-2022-48852 * CVE-2022-48853 * CVE-2022-48855 * CVE-2022-48856 * CVE-2022-48857 * CVE-2022-48858 * CVE-2022-48859 * CVE-2022-48860 * CVE-2022-48861 * CVE-2022-48862 * CVE-2022-48863 * CVE-2022-48864 * CVE-2022-48866 * CVE-2023-1582 * CVE-2023-37453 * CVE-2023-52435 * CVE-2023-52573 * CVE-2023-52580 * CVE-2023-52591 * CVE-2023-52735 * CVE-2023-52751 * CVE-2023-52762 * CVE-2023-52775 * CVE-2023-52812 * CVE-2023-52857 * CVE-2023-52863 * CVE-2023-52885 * CVE-2023-52886 * CVE-2024-25741 * CVE-2024-26583 * CVE-2024-26584 * CVE-2024-26585 * CVE-2024-26615 * CVE-2024-26633 * CVE-2024-26635 * CVE-2024-26636 * CVE-2024-26641 * CVE-2024-26661 * CVE-2024-26663 * CVE-2024-26665 * CVE-2024-26800 * CVE-2024-26802 * CVE-2024-26813 * CVE-2024-26814 * CVE-2024-26863 * CVE-2024-26889 * CVE-2024-26920 * CVE-2024-26935 * CVE-2024-269355 * CVE-2024-26961 * CVE-2024-26976 * CVE-2024-27015 * CVE-2024-27019 * CVE-2024-27020 * CVE-2024-27025 * CVE-2024-27065 * CVE-2024-27402 * CVE-2024-27437 * CVE-2024-35805 * CVE-2024-35819 * CVE-2024-35837 * CVE-2024-35853 * CVE-2024-35854 * CVE-2024-35855 * CVE-2024-35889 * CVE-2024-35890 * CVE-2024-35893 * CVE-2024-35899 * CVE-2024-35934 * CVE-2024-35949 * CVE-2024-35961 * CVE-2024-35979 * CVE-2024-35995 * CVE-2024-36000 * CVE-2024-36004 * CVE-2024-36288 * CVE-2024-36889 * CVE-2024-36901 * CVE-2024-36902 * CVE-2024-36909 * CVE-2024-36910 * CVE-2024-36911 * CVE-2024-36912 * CVE-2024-36913 * CVE-2024-36914 * CVE-2024-36919 * CVE-2024-36923 * CVE-2024-36924 * CVE-2024-36926 * CVE-2024-36939 * CVE-2024-36941 * CVE-2024-36942 * CVE-2024-36944 * CVE-2024-36946 * CVE-2024-36947 * CVE-2024-36950 * CVE-2024-36952 * CVE-2024-36955 * CVE-2024-36959 * CVE-2024-36974 * CVE-2024-38548 * CVE-2024-38555 * CVE-2024-38558 * CVE-2024-38559 * CVE-2024-38570 * CVE-2024-38586 * CVE-2024-38588 * CVE-2024-38598 * CVE-2024-38628 * CVE-2024-39276 * CVE-2024-39371 * CVE-2024-39463 * CVE-2024-39472 * CVE-2024-39475 * CVE-2024-39482 * CVE-2024-39487 * CVE-2024-39488 * CVE-2024-39490 * CVE-2024-39493 * CVE-2024-39494 * CVE-2024-39497 * CVE-2024-39499 * CVE-2024-39500 * CVE-2024-39501 * CVE-2024-39502 * CVE-2024-39505 * CVE-2024-39506 * CVE-2024-39507 * CVE-2024-39508 * CVE-2024-39509 * CVE-2024-40900 * CVE-2024-40901 * CVE-2024-40902 * CVE-2024-40903 * CVE-2024-40904 * CVE-2024-40906 * CVE-2024-40908 * CVE-2024-40909 * CVE-2024-40911 * CVE-2024-40912 * CVE-2024-40916 * CVE-2024-40919 * CVE-2024-40923 * CVE-2024-40924 * CVE-2024-40927 * CVE-2024-40929 * CVE-2024-40931 * CVE-2024-40932 * CVE-2024-40934 * CVE-2024-40935 * CVE-2024-40937 * CVE-2024-40940 * CVE-2024-40941 * CVE-2024-40942 * CVE-2024-40943 * CVE-2024-40945 * CVE-2024-40953 * CVE-2024-40954 * CVE-2024-40956 * CVE-2024-40958 * CVE-2024-40959 * CVE-2024-40960 * CVE-2024-40961 * CVE-2024-40966 * CVE-2024-40967 * CVE-2024-40970 * CVE-2024-40972 * CVE-2024-40976 * CVE-2024-40977 * CVE-2024-40981 * CVE-2024-40982 * CVE-2024-40984 * CVE-2024-40987 * CVE-2024-40988 * CVE-2024-40989 * CVE-2024-40990 * CVE-2024-40994 * CVE-2024-40998 * CVE-2024-40999 * CVE-2024-41002 * CVE-2024-41004 * CVE-2024-41006 * CVE-2024-41009 * CVE-2024-41011 * CVE-2024-41012 * CVE-2024-41013 * CVE-2024-41014 * CVE-2024-41015 * CVE-2024-41016 * CVE-2024-41017 * CVE-2024-41040 * CVE-2024-41041 * CVE-2024-41044 * CVE-2024-41048 * CVE-2024-41057 * CVE-2024-41058 * CVE-2024-41059 * CVE-2024-41063 * CVE-2024-41064 * CVE-2024-41066 * CVE-2024-41069 * CVE-2024-41070 * CVE-2024-41071 * CVE-2024-41072 * CVE-2024-41076 * CVE-2024-41078 * CVE-2024-41081 * CVE-2024-41087 * CVE-2024-41090 * CVE-2024-41091 * CVE-2024-42070 * CVE-2024-42079 * CVE-2024-42093 * CVE-2024-42096 * CVE-2024-42105 * CVE-2024-42122 * CVE-2024-42124 * CVE-2024-42145 * CVE-2024-42161 * CVE-2024-42224 * CVE-2024-42230 CVSS scores: * CVE-2021-47086 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47402 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47546 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47546 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47547 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2021-47588 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47590 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47591 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47593 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47599 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47606 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47622 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47623 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2021-47624 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48713 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48730 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48732 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48749 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48756 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48774 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-48775 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48776 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48777 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48778 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48784 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48785 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48786 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2022-48787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48787 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48788 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48789 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48790 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48791 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48793 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48793 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48794 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48796 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48796 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48797 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48799 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48800 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48801 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48803 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-48804 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48805 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48806 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48807 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48809 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48809 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48811 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48812 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48813 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48814 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48815 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48816 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48820 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48821 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48823 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48824 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48824 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48825 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2022-48826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48827 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48828 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48829 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48831 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48834 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2022-48834 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48835 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48836 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48836 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48837 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48837 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48838 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48839 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48839 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48840 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48840 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48841 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48841 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48842 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48842 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48843 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48843 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48844 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48844 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48846 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48846 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48847 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48847 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2022-48850 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48851 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48851 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48852 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48852 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48855 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-48856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48856 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48857 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48858 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48858 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48859 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48859 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48860 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48860 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48861 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48862 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48863 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2022-48863 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48864 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48864 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48866 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-48866 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-37453 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52435 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52435 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52573 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52580 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52735 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52751 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52762 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52775 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-52812 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-52857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52863 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52886 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25741 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L * CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26633 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26635 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-26636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26641 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-26661 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26813 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26814 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26863 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26920 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26935 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26976 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27015 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27019 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27019 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-27020 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27020 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27025 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-27065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27402 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-27437 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35819 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35837 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35854 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35890 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35893 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35899 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35934 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-35949 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35979 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-35995 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2024-36000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36004 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36288 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36889 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-36901 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36902 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36909 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36910 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-36911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36914 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36923 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-36924 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36926 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36926 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36939 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36942 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-36944 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-36947 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-36950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36952 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36955 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-36959 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38548 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38555 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38558 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-38559 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38570 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38570 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38586 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38588 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38598 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38628 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39276 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39463 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39472 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-39472 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39475 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39482 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2024-39482 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39487 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39488 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39490 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-39493 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39493 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39497 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39499 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-39500 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39501 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39502 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39505 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-39506 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39507 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39508 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-39509 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40900 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40901 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-40902 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-40902 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40903 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40903 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40904 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40906 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40909 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40916 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40919 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40923 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40924 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40927 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40929 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40931 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-40932 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-40934 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-40935 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40940 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40941 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40942 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40943 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40945 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40953 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40959 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40966 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40967 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40972 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40976 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40981 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-40982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40984 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40987 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-40988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40994 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-40999 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-41002 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-41004 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N * CVE-2024-41006 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-41009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41009 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41012 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-41013 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-41014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41015 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-41016 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-41017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41040 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41041 ( SUSE ): 0.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N * CVE-2024-41044 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2024-41048 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41057 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41057 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41058 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41058 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41063 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41063 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41064 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41064 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41066 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41066 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-41069 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41070 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41071 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-41072 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-41076 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-41078 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-41081 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41087 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41087 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41090 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-41091 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2024-42070 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-42070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42079 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42079 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42093 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2024-42096 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42096 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2024-42105 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2024-42105 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-42122 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42124 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42145 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42161 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-42161 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42161 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42224 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42224 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-42230 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42230 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42230 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 311 vulnerabilities, contains two features and has 50 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). * CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). * CVE-2021-47186: ipc: check for null after calling kmemdup (bsc#1222702). * CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). * CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). * CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). * CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). * CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). * CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). * CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571) * CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555). * CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). * CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) * CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). * CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071) * CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). * CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). * CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869) * CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). * CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). * CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). * CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). * CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). * CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). * CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). * CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). * CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). * CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). * CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). * CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323) * CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). * CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). * CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). * CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). * CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). * CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). * CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) * CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) * CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) * CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). * CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). * CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). * CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). * CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). * CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). * CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). * CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). * CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). * CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) * CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) * CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) * CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700) * CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585). * CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557). * CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). * CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) * CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) * CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). * CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). * CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). * CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). * CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). * CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). * CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). * CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). * CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). * CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). * CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). * CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). * CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). * CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). * CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). * CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). * CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). * CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). * CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). * CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). * CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). * CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). * CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). * CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) * CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). * CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). * CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). * CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722) * CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). * CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). * CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). * CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732). * CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non- allocated memory (bsc#1227762). * CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). * CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). * CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). * CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). * CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). * CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). * CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). * CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). * CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). * CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). * CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). * CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). * CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). * CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). * CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). * CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). * CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). * CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). * CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). * CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). * CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). * CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). * CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). * CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). * CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). * CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020). * CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). * CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). * CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). * CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). * CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410). * CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). * CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518) * CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520) * CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). * CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565) * CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). * CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). * CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580) * CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). * CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640). * CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). * CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). * CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). * CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). * CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617) * CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). * CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). * CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470) * CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). * CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). * CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). * CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591) * CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705) * CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) * CVE-2024-42161: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). * CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723) * CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: * ACPI: EC: Abort address space access upon error (stable-fixes). * ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable- fixes). * ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). * ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable- fixes). * ACPI: x86: Force StorageD3Enable on more products (stable-fixes). * ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). * ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). * ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). * ALSA: emux: improve patch ioctl data validation (stable-fixes). * ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git- fixes). * ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). * ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). * ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). * ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). * ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). * ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). * ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). * ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git- fixes). * ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). * ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). * ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). * ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). * arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) * arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) * arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) * arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) * arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git- fixes) * arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) * arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) * arm64/io: add constant-argument check (bsc#1226502 git-fixes) * arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) * arm64: tegra: Correct Tegra132 I2C alias (git-fixes) * ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). * ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). * ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable- fixes). * ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). * batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). * blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). * block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). * block, loop: support partitions without scanning (bsc#1227162). * Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable- fixes). * Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). * Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable- fixes). * Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). * Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). * Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). * bnxt_re: Fix imm_data endianness (git-fixes) * bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). * bpf: allow precision tracking for programs with subprogs (bsc#1225903). * bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). * bpf: clean up visit_insn()'s instruction processing (bsc#1225903). * bpf: correct loop detection for iterators convergence (bsc#1225903). * bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). * bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). * bpf: exact states comparison for iterator convergence checks (bsc#1225903). * bpf: extract __check_reg_arg() utility function (bsc#1225903). * bpf: extract same_callsites() as utility function (bsc#1225903). * bpf: extract setup_func_entry() utility function (bsc#1225903). * bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). * bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). * bpf: Fix memory leaks in __check_func_call (bsc#1225903). * bpf: fix propagate_precision() logic for inner frames (bsc#1225903). * bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). * bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). * bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). * bpf: improve precision backtrack logging (bsc#1225903). * bpf: Improve verifier u32 scalar equality checking (bsc#1225903). * bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). * bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). * bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). * bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). * bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). * bpf: print full verifier states on infinite loop detection (bsc#1225903). * bpf: regsafe() must not skip check_ids() (bsc#1225903). * bpf: reject non-exact register type matches in regsafe() (bsc#1225903). * bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). * bpf: reorganize struct bpf_reg_state fields (bsc#1225903). * bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). * bpf: states_equal() must build idmap for all function frames (bsc#1225903). * bpf: stop setting precise in current state (bsc#1225903). * bpf: support precision propagation in the presence of subprogs (bsc#1225903). * bpf: take into account liveness when propagating precision (bsc#1225903). * bpf: teach refsafe() to take into account ID remapping (bsc#1225903). * bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). * bpf: use check_ids() for active_lock comparison (bsc#1225903). * bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). * bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). * bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). * bpf: widening for callback iterators (bsc#1225903). * btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). * btrfs: harden identification of a stale device (bsc#1227162). * btrfs: match stale devices by dev_t (bsc#1227162). * btrfs: remove the cross file system checks from remap (bsc#1227157). * btrfs: use dev_t to match device in device_matched (bsc#1227162). * btrfs: validate device maj:min during open (bsc#1227162). * bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). * cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git- fixes). * can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). * can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). * ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). * cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). * crypto: aead,cipher - zeroize key buffer after use (stable-fixes). * crypto: ecdh - explicitly zeroize private_key (stable-fixes). * crypto: ecdsa - Fix the public key format description (git-fixes). * crypto: hisilicon/sec - Fix memory leak for sec resource release (stable- fixes). * csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). * decompress_bunzip2: fix rare decompression failure (git-fixes). * devres: Fix devm_krealloc() wasting memory (git-fixes). * devres: Fix memory leakage caused by driver API devm_free_percpu() (git- fixes). * dma: fix call order in dmam_free_coherent (git-fixes). * docs: crypto: async-tx-api: fix broken code example (git-fixes). * docs: Fix formatting of literal sections in fanotify docs (stable-fixes). * drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable- fixes). * drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). * drm/amd/display: Check for NULL pointer (stable-fixes). * drm/amd/display: Check index msg_id before read or write (stable-fixes). * drm/amd/display: Check pipe offset before setting vblank (stable-fixes). * drm/amd/display: Skip finding free audio for unknown engine_id (stable- fixes). * drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). * drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). * drm/amdgpu: avoid using null object of framebuffer (stable-fixes). * drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git- fixes). * drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). * drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). * drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). * drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). * drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). * drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). * drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). * drm/amd/pm: remove logically dead code for renoir (git-fixes). * drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git- fixes). * drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). * drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). * drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git- fixes). * drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git- fixes). * drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). * drm/lima: fix shared irq handling on driver remove (stable-fixes). * drm/lima: Mark simple_ondemand governor as softdep (git-fixes). * drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). * drm/meson: fix canvas release in bind function (git-fixes). * drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). * drm/mgag200: Set DDC timeout in milliseconds (git-fixes). * drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable- fixes). * drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git- fixes). * drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git- fixes). * drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). * drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). * drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). * drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). * drm/nouveau: prime: fix refcount underflow (git-fixes). * drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git- fixes). * drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). * drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). * drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). * drm/qxl: Add check for drm_cvt_mode (git-fixes). * drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). * drm/radeon/radeon_display: Decrease the size of allocated memory (stable- fixes). * drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). * drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). * drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). * eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). * exfat: check if cluster num is valid (git-fixes). * exfat: simplify is_valid_cluster() (git-fixes). * filelock: add a new locks_inode_context accessor function (git-fixes). * firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). * firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). * firmware: cs_dsp: Return error if block header overflows file (git-fixes). * firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). * firmware: cs_dsp: Validate payload length before processing block (git- fixes). * firmware: dmi: Stop decoding on broken entry (stable-fixes). * firmware: turris-mox-rwtm: Do not complete if there are no waiters (git- fixes). * firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). * firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). * fix build warning * fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). * ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). * fuse: verify {g,u}id mount options correctly (bsc#1228191). * gpio: mc33880: Convert comma to semicolon (git-fixes). * hfsplus: fix to avoid false alarm of circular locking (git-fixes). * hfsplus: fix uninit-value in copy_name (git-fixes). * HID: Add quirk for Logitech Casa touchpad (stable-fixes). * HID: wacom: Modify pen IDs (git-fixes). * hpet: Support 32-bit userspace (git-fixes). * hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). * hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). * hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). * i2c: mark HostNotify target address as used (git-fixes). * i2c: rcar: bring hardware to known state when probing (git-fixes). * i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) * i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) * i2c: testunit: avoid re-issued work after read message (git-fixes). * i2c: testunit: correct Kconfig description (git-fixes). * Input: elan_i2c - do not leave interrupt disabled on suspend failure (git- fixes). * Input: elantech - fix touchpad state on resume for Lenovo N24 (stable- fixes). * Input: ff-core - prefer struct_size over open coded arithmetic (stable- fixes). * Input: qt1050 - handle CHIP_ID reading error (git-fixes). * Input: silead - Always support 10 fingers (stable-fixes). * intel_th: pci: Add Granite Rapids SOC support (stable-fixes). * intel_th: pci: Add Granite Rapids support (stable-fixes). * intel_th: pci: Add Lunar Lake support (stable-fixes). * intel_th: pci: Add Meteor Lake-S support (stable-fixes). * intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). * iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). * ionic: clean interrupt before enabling queue to avoid credit race (git- fixes). * jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). * jfs: Fix array-index-out-of-bounds in diFree (git-fixes). * jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). * kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). * kABI: bpf: callback fixes kABI workaround (bsc#1225903). * kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). * kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903). * kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). * kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) * kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). * kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. * kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) * kernel-binary: vdso: Own module_dir * kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). * knfsd: LOOKUP can return an illegal error value (git-fixes). * kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). * kprobes: Make arch_check_ftrace_location static (git-fixes). * KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git- fixes). * KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings (bsc#1194869). * KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). * KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). * KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). * KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). * KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). * KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes). * KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). * KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). * KVM: x86: Add IBPB_BRTYPE support (bsc#1228079). * KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git- fixes). * KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). * KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git- fixes). * KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). * KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). * KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git- fixes). * KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). * KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). * KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). * KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git- fixes). * KVM: x86: Purge "highest ISR" cache when updating APICv state (git-fixes). * KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). * KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git- fixes). * leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). * leds: triggers: Flush pending brightness before activating trigger (git- fixes). * leds: trigger: Unregister sysfs attributes before calling deactivate() (git- fixes). * libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). * lib: objagg: Fix general protection fault (git-fixes). * lib: objagg: Fix spelling (git-fixes). * lib: test_objagg: Fix spelling (git-fixes). * lockd: set missing fl_flags field when retrieving args (git-fixes). * lockd: use locks_inode_context helper (git-fixes). * Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) * media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). * media: dvbdev: Initialize sbuf (stable-fixes). * media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). * media: dvb-frontends: tda18271c2dd: Remove casting during div (stable- fixes). * media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable- fixes). * media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). * media: dw2102: Do not translate i2c read into write (stable-fixes). * media: dw2102: fix a potential buffer overflow (git-fixes). * media: imon: Fix race getting ictx->lock (git-fixes). * media: s2255: Use refcount_t instead of atomic_t for num_channels (stable- fixes). * media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). * media: uvcvideo: Override default flags (git-fixes). * media: venus: fix use after free in vdec_close (git-fixes). * media: venus: flush all buffers in output plane streamoff (git-fixes). * mei: demote client disconnect warning on suspend to debug (stable-fixes). * mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). * mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). * net/dcb: check for detached device before executing callbacks (bsc#1215587). * netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). * netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). * netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). * netfilter: conntrack: work around exceeded receive window (bsc#1223180). * netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). * net: mana: Fix possible double free in error handling path (git-fixes). * net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). * net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). * net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git- fixes). * nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). * NFSD: Add an nfsd_file_fsync tracepoint (git-fixes). * NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git- fixes). * nfsd: Add errno mapping for EREMOTEIO (git-fixes). * NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes). * nfsd: add some comments to nfsd_file_do_acquire (git-fixes). * nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). * nfsd: allow reaping files still under writeback (git-fixes). * NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). * NFSD: Clean up nfsd3_proc_create() (git-fixes). * nfsd: Clean up nfsd_file_put() (git-fixes). * NFSD: Clean up nfsd_open_verified() (git-fixes). * NFSD: Clean up unused code after rhashtable conversion (git-fixes). * NFSD: Convert filecache to rhltable (git-fixes). * NFSD: Convert the filecache to use rhashtable (git-fixes). * NFSD: De-duplicate hash bucket indexing (git-fixes). * nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git- fixes). * nfsd: do not fsync nfsd_files on last close (git-fixes). * nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). * nfsd: do not kill nfsd_files because of lease break error (git-fixes). * nfsd: Do not leave work of closing files to a work queue (bsc#1228140). * nfsd: do not take/put an extra reference when putting a file (git-fixes). * NFSD enforce filehandle check for source file in COPY (git-fixes). * NFSD: Ensure nf_inode is never dereferenced (git-fixes). * nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). * NFSD: Fix licensing header in filecache.c (git-fixes). * nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). * nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). * NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes). * NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). * NFSD: Fix the filecache LRU shrinker (git-fixes). * nfsd: fix up the filecache laundrette scheduling (git-fixes). * nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). * NFSD: Flesh out a documenting comment for filecache.c (git-fixes). * NFSD: handle errors better in write_ports_addfd() (git-fixes). * NFSD: Instantiate a struct file when creating a regular NFSv4 file (git- fixes). * NFSD: Leave open files out of the filecache LRU (git-fixes). * nfsd: map EBADF (git-fixes). * NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes). * NFSD: nfsd_file_hash_remove can compute hashval (git-fixes). * nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). * NFSD: nfsd_file_put() can sleep (git-fixes). * NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). * NFSD: No longer record nf_hashval in the trace log (git-fixes). * NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes). * nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). * NFSD: Record number of flush calls (git-fixes). * NFSD: Refactor nfsd_create_setattr() (git-fixes). * NFSD: Refactor __nfsd_file_close_inode() (git-fixes). * NFSD: Refactor nfsd_file_gc() (git-fixes). * NFSD: Refactor nfsd_file_lru_scan() (git-fixes). * NFSD: Refactor NFSv3 CREATE (git-fixes). * NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes). * NFSD: Remove do_nfsd_create() (git-fixes). * NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). * NFSD: Remove nfsd_file::nf_hashval (git-fixes). * nfsd: remove the pages_flushed statistic from filecache (git-fixes). * nfsd: reorganize filecache.c (git-fixes). * NFSD: Replace the "init once" mechanism (git-fixes). * NFSD: Report average age of filecache items (git-fixes). * NFSD: Report count of calls to nfsd_file_acquire() (git-fixes). * NFSD: Report count of freed filecache items (git-fixes). * NFSD: Report filecache LRU size (git-fixes). * NFSD: Report the number of items evicted by the LRU walk (git-fixes). * nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). * nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). * nfsd: rework refcounting in filecache (git-fixes). * NFSD: Separate tracepoints for acquire and create (git-fixes). * NFSD: Set up an rhashtable for the filecache (git-fixes). * nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). * NFSD: simplify per-net file cache management (git-fixes). * nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). * nfsd: simplify the delayed disposal list code (git-fixes). * NFSD: Trace filecache LRU activity (git-fixes). * NFSD: Trace filecache opens (git-fixes). * NFSD: verify the opened dentry after setting a delegation (git-fixes). * NFSD: WARN when freeing an item still linked via nf_lru (git-fixes). * NFSD: Write verifier might go backwards (git-fixes). * NFSD: Zero counters when the filecache is re-initialized (git-fixes). * NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). * nfs: fix undefined behavior in nfs_block_bits() (git-fixes). * nfs: keep server info for remounts (git-fixes). * nfs: Leave pages in the pagecache if readpage failed (git-fixes). * NFSv4: Fixup smatch warning for ambiguous return (git-fixes). * NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) * nilfs2: add missing check for inode numbers on directory entries (git- fixes). * nilfs2: add missing check for inode numbers on directory entries (stable- fixes). * nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). * nilfs2: convert persistent object allocator to use kmap_local (git-fixes). * nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). * nilfs2: fix inode number range checks (git-fixes). * nilfs2: fix inode number range checks (stable-fixes). * nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). * nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). * nvme-auth: allow mixing of secret and hash lengths (git-fixes). * nvme-auth: use transformed key size to create resp (git-fixes). * nvme: avoid double free special payload (git-fixes). * nvme: ensure reset state check ordering (bsc#1215492). * nvme: fixup comment for nvme RDMA Provider Type (git-fixes). * nvme-multipath: find NUMA path only for online numa-node (git-fixes). * nvme-pci: add missing condition check for existence of mapped data (git- fixes). * nvme-pci: Fix the instructions for disabling power management (git-fixes). * nvmet: always initialize cqe.result (git-fixes). * nvmet-auth: fix nvmet_auth hash error handling (git-fixes). * nvmet: fix a possible leak when destroy a ctrl during qp establishment (git- fixes). * nvme: use ctrl state accessor (bsc#1215492). * ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). * ocfs2: remove redundant assignment to variable free_space (bsc#1228409). * ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). * orangefs: fix out-of-bounds fsid access (git-fixes). * PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). * PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). * PCI: Extend ACS configurability (bsc#1228090). * PCI: Fix resource double counting on remove & rescan (git-fixes). * PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git- fixes). * PCI: Introduce cleanup helpers for device reference counts and locks (git- fixes). * PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). * PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). * PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). * PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). * PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). * PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). * PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). * PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). * pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git- fixes). * pinctrl: freescale: mxs: Fix refcount of child (git-fixes). * pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git- fixes). * pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). * platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). * platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git- fixes). * platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). * platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). * platform/x86: lg-laptop: Change ACPI device id (stable-fixes). * platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). * platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet (stable-fixes). * platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). * platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable- fixes). * powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). * powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). * powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). * powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). * powerpc/rtas: clean up includes (bsc#1227487). * powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). * power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). * pwm: stm32: Always do lazy disabling (git-fixes). * RDMA/cache: Release GID table even if leak is detected (git-fixes) * RDMA/device: Return error earlier if port in not valid (git-fixes) * RDMA/hns: Check atomic wr length (git-fixes) * RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) * RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) * RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) * RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) * RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) * RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) * RDMA/hns: Fix unmatch exception handling when init eq table fails (git- fixes) * RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) * RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). * RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) * RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) * RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) * RDMA/restrack: Fix potential invalid address access (git-fixes) * RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) * regmap-i2c: Subtract reg size from max_write (stable-fixes). * Revert "ALSA: firewire-lib: obsolete workqueue for period update" (bsc#1208783). * Revert "ALSA: firewire-lib: operate for period elapse event in process context" (bsc#1208783). * Revert "leds: led-core: Fix refcount leak in of_led_get()" (git-fixes). * Revert "usb: musb: da8xx: Set phy in OTG mode by default" (stable-fixes). * rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). * rtc: cmos: Fix return value of nvmem callbacks (git-fixes). * rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). * rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). * rtlwifi: rtl8192de: Style clean-ups (stable-fixes). * s390: Implement __iowrite32_copy() (bsc#1226502) * s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) * saa7134: Unchecked i2c_transfer function result fixed (git-fixes). * sched/fair: Do not balance task to its current running CPU (git fixes (sched)). * sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). * scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). * scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). * scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). * scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). * scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). * scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). * scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). * scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). * scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). * scsi: qla2xxx: Complete command early within lock (bsc#1228850). * scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). * scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). * scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). * scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). * scsi: qla2xxx: Fix flash read failure (bsc#1228850). * scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). * scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). * scsi: qla2xxx: Indent help text (bsc#1228850). * scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). * scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). * scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). * scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). * scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). * scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). * scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). * selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). * selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). * selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). * selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). * selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). * selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). * selftests/bpf: fix __retval() being always ignored (bsc#1225903). * selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). * selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). * selftests/bpf: make test_align selftest more robust (bsc#1225903). * selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). * selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). * selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). * selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). * selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). * selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). * selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). * selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). * selftests/bpf: tests for iterating callbacks (bsc#1225903). * selftests/bpf: test widening for iterating callbacks (bsc#1225903). * selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). * selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). * selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). * selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). * selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). * selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). * soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). * spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable- fixes). * spi: mux: set ctlr->bits_per_word_mask (stable-fixes). * string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). * SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). * SUNRPC: Fix gss_free_in_token_pages() (git-fixes). * SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git- fixes). * sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). * SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). * supported.conf: * tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). * tpm: Prevent hwrng from activating during resume (bsc#1082555). * tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). * tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). * tpm, tpm: Implement usage counter for locality (bsc#1082555). * tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). * tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). * tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). * tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). * tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). * tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). * tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). * tracing: Build event generation tests only as modules (git-fixes). * tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). * tracing/osnoise: Add osnoise/options file (bsc#1228330) * tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) * tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) * tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) * tracing/osnoise: Make osnoise_instances static (bsc#1228330) * tracing/osnoise: Split workload start from the tracer start (bsc#1228330) * tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) * tracing/osnoise: Use built-in RCU list checking (bsc#1228330) * tracing/timerlat: Notify new max thread latency (bsc#1228330) * USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). * usb: cdns3: allocate TX FIFO size according to composite EP number (git- fixes). * usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). * usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). * usb: cdns3: improve handling of unaligned address case (git-fixes). * usb: cdns3: optimize OUT transfer by copying only actual received data (git- fixes). * usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git- fixes). * USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). * usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). * usb: dwc3: gadget: Force sending delayed status during soft disconnect (git- fixes). * usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git- fixes). * usb: gadget: call usb_gadget_check_config() to verify UDC capability (git- fixes). * usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable- fixes). * usb: gadget: printer: SS+ support (stable-fixes). * usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). * USB: serial: mos7840: fix crash on resume (git-fixes). * USB: serial: option: add Fibocom FM350-GL (stable-fixes). * USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). * USB: serial: option: add Rolling RW350-GL variants (stable-fixes). * USB: serial: option: add support for Foxconn T99W651 (stable-fixes). * USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). * USB: serial: option: add Telit generic core-dump composition (stable-fixes). * usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). * usb: xhci-plat: Do not include xhci.h (git-fixes). * USB: xhci-plat: fix legacy PHY double init (git-fixes). * wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). * wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). * wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). * wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). * wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). * wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). * wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). * wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). * wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable- fixes). * wifi: mac80211: disable softirqs for queued frame handling (git-fixes). * wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). * wifi: mac80211: handle tasklet frames before stopping (stable-fixes). * wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). * wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). * wifi: mwifiex: Fix interface type change (git-fixes). * wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git- fixes). * wifi: wilc1000: fix ies_len type in connect path (git-fixes). * workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). * workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). * x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). * x86/apic: Force native_apic_mem_read() to use the MOV instruction (git- fixes). * x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). * x86/bugs: Remove default case for fully switched enums (bsc#1227900). * x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). * x86/ibt,ftrace: Search for **fentry** location (git-fixes). * x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). * x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). * x86/mm: Fix enc_status_change_finish_noop() (git-fixes). * x86/purgatory: Switch to the position-independent small code model (git- fixes). * x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). * x86/srso: Remove 'pred_cmd' label (bsc#1227900). * x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) * x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). * xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). * xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). * xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). * xhci: Set correct transferred length for cancelled bulk transfers (stable- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-2947=1 openSUSE-SLE-15.5-2024-2947=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-2947=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * cluster-md-kmp-azure-5.14.21-150500.33.63.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * gfs2-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.63.1 * ocfs2-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-devel-5.14.21-150500.33.63.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * reiserfs-kmp-azure-5.14.21-150500.33.63.1 * dlm-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.63.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.63.1 * kselftests-kmp-azure-5.14.21-150500.33.63.1 * kernel-azure-optional-5.14.21-150500.33.63.1 * kernel-azure-extra-5.14.21-150500.33.63.1 * kernel-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-debugsource-5.14.21-150500.33.63.1 * kernel-syms-azure-5.14.21-150500.33.63.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.63.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.63.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-vdso-5.14.21-150500.33.63.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.63.1 * kernel-devel-azure-5.14.21-150500.33.63.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.63.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-debugsource-5.14.21-150500.33.63.1 * kernel-syms-azure-5.14.21-150500.33.63.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.63.1 * kernel-azure-devel-5.14.21-150500.33.63.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.63.1 * kernel-devel-azure-5.14.21-150500.33.63.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47086.html * https://www.suse.com/security/cve/CVE-2021-47103.html * https://www.suse.com/security/cve/CVE-2021-47186.html * https://www.suse.com/security/cve/CVE-2021-47402.html * https://www.suse.com/security/cve/CVE-2021-47546.html * https://www.suse.com/security/cve/CVE-2021-47547.html * https://www.suse.com/security/cve/CVE-2021-47588.html * https://www.suse.com/security/cve/CVE-2021-47590.html * https://www.suse.com/security/cve/CVE-2021-47591.html * https://www.suse.com/security/cve/CVE-2021-47593.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47599.html * https://www.suse.com/security/cve/CVE-2021-47606.html * https://www.suse.com/security/cve/CVE-2021-47622.html * https://www.suse.com/security/cve/CVE-2021-47623.html * https://www.suse.com/security/cve/CVE-2021-47624.html * https://www.suse.com/security/cve/CVE-2022-48713.html * https://www.suse.com/security/cve/CVE-2022-48730.html * https://www.suse.com/security/cve/CVE-2022-48732.html * https://www.suse.com/security/cve/CVE-2022-48749.html * https://www.suse.com/security/cve/CVE-2022-48756.html * https://www.suse.com/security/cve/CVE-2022-48773.html * https://www.suse.com/security/cve/CVE-2022-48774.html * https://www.suse.com/security/cve/CVE-2022-48775.html * https://www.suse.com/security/cve/CVE-2022-48776.html * https://www.suse.com/security/cve/CVE-2022-48777.html * https://www.suse.com/security/cve/CVE-2022-48778.html * https://www.suse.com/security/cve/CVE-2022-48780.html * https://www.suse.com/security/cve/CVE-2022-48783.html * https://www.suse.com/security/cve/CVE-2022-48784.html * https://www.suse.com/security/cve/CVE-2022-48785.html * https://www.suse.com/security/cve/CVE-2022-48786.html * https://www.suse.com/security/cve/CVE-2022-48787.html * https://www.suse.com/security/cve/CVE-2022-48788.html * https://www.suse.com/security/cve/CVE-2022-48789.html * https://www.suse.com/security/cve/CVE-2022-48790.html * https://www.suse.com/security/cve/CVE-2022-48791.html * https://www.suse.com/security/cve/CVE-2022-48792.html * https://www.suse.com/security/cve/CVE-2022-48793.html * https://www.suse.com/security/cve/CVE-2022-48794.html * https://www.suse.com/security/cve/CVE-2022-48796.html * https://www.suse.com/security/cve/CVE-2022-48797.html * https://www.suse.com/security/cve/CVE-2022-48798.html * https://www.suse.com/security/cve/CVE-2022-48799.html * https://www.suse.com/security/cve/CVE-2022-48800.html * https://www.suse.com/security/cve/CVE-2022-48801.html * https://www.suse.com/security/cve/CVE-2022-48802.html * https://www.suse.com/security/cve/CVE-2022-48803.html * https://www.suse.com/security/cve/CVE-2022-48804.html * https://www.suse.com/security/cve/CVE-2022-48805.html * https://www.suse.com/security/cve/CVE-2022-48806.html * https://www.suse.com/security/cve/CVE-2022-48807.html * https://www.suse.com/security/cve/CVE-2022-48809.html * https://www.suse.com/security/cve/CVE-2022-48810.html * https://www.suse.com/security/cve/CVE-2022-48811.html * https://www.suse.com/security/cve/CVE-2022-48812.html * https://www.suse.com/security/cve/CVE-2022-48813.html * https://www.suse.com/security/cve/CVE-2022-48814.html * https://www.suse.com/security/cve/CVE-2022-48815.html * https://www.suse.com/security/cve/CVE-2022-48816.html * https://www.suse.com/security/cve/CVE-2022-48817.html * https://www.suse.com/security/cve/CVE-2022-48818.html * https://www.suse.com/security/cve/CVE-2022-48820.html * https://www.suse.com/security/cve/CVE-2022-48821.html * https://www.suse.com/security/cve/CVE-2022-48822.html * https://www.suse.com/security/cve/CVE-2022-48823.html * https://www.suse.com/security/cve/CVE-2022-48824.html * https://www.suse.com/security/cve/CVE-2022-48825.html * https://www.suse.com/security/cve/CVE-2022-48826.html * https://www.suse.com/security/cve/CVE-2022-48827.html * https://www.suse.com/security/cve/CVE-2022-48828.html * https://www.suse.com/security/cve/CVE-2022-48829.html * https://www.suse.com/security/cve/CVE-2022-48830.html * https://www.suse.com/security/cve/CVE-2022-48831.html * https://www.suse.com/security/cve/CVE-2022-48834.html * https://www.suse.com/security/cve/CVE-2022-48835.html * https://www.suse.com/security/cve/CVE-2022-48836.html * https://www.suse.com/security/cve/CVE-2022-48837.html * https://www.suse.com/security/cve/CVE-2022-48838.html * https://www.suse.com/security/cve/CVE-2022-48839.html * https://www.suse.com/security/cve/CVE-2022-48840.html * https://www.suse.com/security/cve/CVE-2022-48841.html * https://www.suse.com/security/cve/CVE-2022-48842.html * https://www.suse.com/security/cve/CVE-2022-48843.html * https://www.suse.com/security/cve/CVE-2022-48844.html * https://www.suse.com/security/cve/CVE-2022-48846.html * https://www.suse.com/security/cve/CVE-2022-48847.html * https://www.suse.com/security/cve/CVE-2022-48849.html * https://www.suse.com/security/cve/CVE-2022-48850.html * https://www.suse.com/security/cve/CVE-2022-48851.html * https://www.suse.com/security/cve/CVE-2022-48852.html * https://www.suse.com/security/cve/CVE-2022-48853.html * https://www.suse.com/security/cve/CVE-2022-48855.html * https://www.suse.com/security/cve/CVE-2022-48856.html * https://www.suse.com/security/cve/CVE-2022-48857.html * https://www.suse.com/security/cve/CVE-2022-48858.html * https://www.suse.com/security/cve/CVE-2022-48859.html * https://www.suse.com/security/cve/CVE-2022-48860.html * https://www.suse.com/security/cve/CVE-2022-48861.html * https://www.suse.com/security/cve/CVE-2022-48862.html * https://www.suse.com/security/cve/CVE-2022-48863.html * https://www.suse.com/security/cve/CVE-2022-48864.html * https://www.suse.com/security/cve/CVE-2022-48866.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-37453.html * https://www.suse.com/security/cve/CVE-2023-52435.html * https://www.suse.com/security/cve/CVE-2023-52573.html * https://www.suse.com/security/cve/CVE-2023-52580.html * https://www.suse.com/security/cve/CVE-2023-52591.html * https://www.suse.com/security/cve/CVE-2023-52735.html * https://www.suse.com/security/cve/CVE-2023-52751.html * https://www.suse.com/security/cve/CVE-2023-52762.html * https://www.suse.com/security/cve/CVE-2023-52775.html * https://www.suse.com/security/cve/CVE-2023-52812.html * https://www.suse.com/security/cve/CVE-2023-52857.html * https://www.suse.com/security/cve/CVE-2023-52863.html * https://www.suse.com/security/cve/CVE-2023-52885.html * https://www.suse.com/security/cve/CVE-2023-52886.html * https://www.suse.com/security/cve/CVE-2024-25741.html * https://www.suse.com/security/cve/CVE-2024-26583.html * https://www.suse.com/security/cve/CVE-2024-26584.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26615.html * https://www.suse.com/security/cve/CVE-2024-26633.html * https://www.suse.com/security/cve/CVE-2024-26635.html * https://www.suse.com/security/cve/CVE-2024-26636.html * https://www.suse.com/security/cve/CVE-2024-26641.html * https://www.suse.com/security/cve/CVE-2024-26661.html * https://www.suse.com/security/cve/CVE-2024-26663.html * https://www.suse.com/security/cve/CVE-2024-26665.html * https://www.suse.com/security/cve/CVE-2024-26800.html * https://www.suse.com/security/cve/CVE-2024-26802.html * https://www.suse.com/security/cve/CVE-2024-26813.html * https://www.suse.com/security/cve/CVE-2024-26814.html * https://www.suse.com/security/cve/CVE-2024-26863.html * https://www.suse.com/security/cve/CVE-2024-26889.html * https://www.suse.com/security/cve/CVE-2024-26920.html * https://www.suse.com/security/cve/CVE-2024-26935.html * https://www.suse.com/security/cve/CVE-2024-269355.html * https://www.suse.com/security/cve/CVE-2024-26961.html * https://www.suse.com/security/cve/CVE-2024-26976.html * https://www.suse.com/security/cve/CVE-2024-27015.html * https://www.suse.com/security/cve/CVE-2024-27019.html * https://www.suse.com/security/cve/CVE-2024-27020.html * https://www.suse.com/security/cve/CVE-2024-27025.html * https://www.suse.com/security/cve/CVE-2024-27065.html * https://www.suse.com/security/cve/CVE-2024-27402.html * https://www.suse.com/security/cve/CVE-2024-27437.html * https://www.suse.com/security/cve/CVE-2024-35805.html * https://www.suse.com/security/cve/CVE-2024-35819.html * https://www.suse.com/security/cve/CVE-2024-35837.html * https://www.suse.com/security/cve/CVE-2024-35853.html * https://www.suse.com/security/cve/CVE-2024-35854.html * https://www.suse.com/security/cve/CVE-2024-35855.html * https://www.suse.com/security/cve/CVE-2024-35889.html * https://www.suse.com/security/cve/CVE-2024-35890.html * https://www.suse.com/security/cve/CVE-2024-35893.html * https://www.suse.com/security/cve/CVE-2024-35899.html * https://www.suse.com/security/cve/CVE-2024-35934.html * https://www.suse.com/security/cve/CVE-2024-35949.html * https://www.suse.com/security/cve/CVE-2024-35961.html * https://www.suse.com/security/cve/CVE-2024-35979.html * https://www.suse.com/security/cve/CVE-2024-35995.html * https://www.suse.com/security/cve/CVE-2024-36000.html * https://www.suse.com/security/cve/CVE-2024-36004.html * https://www.suse.com/security/cve/CVE-2024-36288.html * https://www.suse.com/security/cve/CVE-2024-36889.html * https://www.suse.com/security/cve/CVE-2024-36901.html * https://www.suse.com/security/cve/CVE-2024-36902.html * https://www.suse.com/security/cve/CVE-2024-36909.html * https://www.suse.com/security/cve/CVE-2024-36910.html * https://www.suse.com/security/cve/CVE-2024-36911.html * https://www.suse.com/security/cve/CVE-2024-36912.html * https://www.suse.com/security/cve/CVE-2024-36913.html * https://www.suse.com/security/cve/CVE-2024-36914.html * https://www.suse.com/security/cve/CVE-2024-36919.html * https://www.suse.com/security/cve/CVE-2024-36923.html * https://www.suse.com/security/cve/CVE-2024-36924.html * https://www.suse.com/security/cve/CVE-2024-36926.html * https://www.suse.com/security/cve/CVE-2024-36939.html * https://www.suse.com/security/cve/CVE-2024-36941.html * https://www.suse.com/security/cve/CVE-2024-36942.html * https://www.suse.com/security/cve/CVE-2024-36944.html * https://www.suse.com/security/cve/CVE-2024-36946.html * https://www.suse.com/security/cve/CVE-2024-36947.html * https://www.suse.com/security/cve/CVE-2024-36950.html * https://www.suse.com/security/cve/CVE-2024-36952.html * https://www.suse.com/security/cve/CVE-2024-36955.html * https://www.suse.com/security/cve/CVE-2024-36959.html * https://www.suse.com/security/cve/CVE-2024-36974.html * https://www.suse.com/security/cve/CVE-2024-38548.html * https://www.suse.com/security/cve/CVE-2024-38555.html * https://www.suse.com/security/cve/CVE-2024-38558.html * https://www.suse.com/security/cve/CVE-2024-38559.html * https://www.suse.com/security/cve/CVE-2024-38570.html * https://www.suse.com/security/cve/CVE-2024-38586.html * https://www.suse.com/security/cve/CVE-2024-38588.html * https://www.suse.com/security/cve/CVE-2024-38598.html * https://www.suse.com/security/cve/CVE-2024-38628.html * https://www.suse.com/security/cve/CVE-2024-39276.html * https://www.suse.com/security/cve/CVE-2024-39371.html * https://www.suse.com/security/cve/CVE-2024-39463.html * https://www.suse.com/security/cve/CVE-2024-39472.html * https://www.suse.com/security/cve/CVE-2024-39475.html * https://www.suse.com/security/cve/CVE-2024-39482.html * https://www.suse.com/security/cve/CVE-2024-39487.html * https://www.suse.com/security/cve/CVE-2024-39488.html * https://www.suse.com/security/cve/CVE-2024-39490.html * https://www.suse.com/security/cve/CVE-2024-39493.html * https://www.suse.com/security/cve/CVE-2024-39494.html * https://www.suse.com/security/cve/CVE-2024-39497.html * https://www.suse.com/security/cve/CVE-2024-39499.html * https://www.suse.com/security/cve/CVE-2024-39500.html * https://www.suse.com/security/cve/CVE-2024-39501.html * https://www.suse.com/security/cve/CVE-2024-39502.html * https://www.suse.com/security/cve/CVE-2024-39505.html * https://www.suse.com/security/cve/CVE-2024-39506.html * https://www.suse.com/security/cve/CVE-2024-39507.html * https://www.suse.com/security/cve/CVE-2024-39508.html * https://www.suse.com/security/cve/CVE-2024-39509.html * https://www.suse.com/security/cve/CVE-2024-40900.html * https://www.suse.com/security/cve/CVE-2024-40901.html * https://www.suse.com/security/cve/CVE-2024-40902.html * https://www.suse.com/security/cve/CVE-2024-40903.html * https://www.suse.com/security/cve/CVE-2024-40904.html * https://www.suse.com/security/cve/CVE-2024-40906.html * https://www.suse.com/security/cve/CVE-2024-40908.html * https://www.suse.com/security/cve/CVE-2024-40909.html * https://www.suse.com/security/cve/CVE-2024-40911.html * https://www.suse.com/security/cve/CVE-2024-40912.html * https://www.suse.com/security/cve/CVE-2024-40916.html * https://www.suse.com/security/cve/CVE-2024-40919.html * https://www.suse.com/security/cve/CVE-2024-40923.html * https://www.suse.com/security/cve/CVE-2024-40924.html * https://www.suse.com/security/cve/CVE-2024-40927.html * https://www.suse.com/security/cve/CVE-2024-40929.html * https://www.suse.com/security/cve/CVE-2024-40931.html * https://www.suse.com/security/cve/CVE-2024-40932.html * https://www.suse.com/security/cve/CVE-2024-40934.html * https://www.suse.com/security/cve/CVE-2024-40935.html * https://www.suse.com/security/cve/CVE-2024-40937.html * https://www.suse.com/security/cve/CVE-2024-40940.html * https://www.suse.com/security/cve/CVE-2024-40941.html * https://www.suse.com/security/cve/CVE-2024-40942.html * https://www.suse.com/security/cve/CVE-2024-40943.html * https://www.suse.com/security/cve/CVE-2024-40945.html * https://www.suse.com/security/cve/CVE-2024-40953.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-40956.html * https://www.suse.com/security/cve/CVE-2024-40958.html * https://www.suse.com/security/cve/CVE-2024-40959.html * https://www.suse.com/security/cve/CVE-2024-40960.html * https://www.suse.com/security/cve/CVE-2024-40961.html * https://www.suse.com/security/cve/CVE-2024-40966.html * https://www.suse.com/security/cve/CVE-2024-40967.html * https://www.suse.com/security/cve/CVE-2024-40970.html * https://www.suse.com/security/cve/CVE-2024-40972.html * https://www.suse.com/security/cve/CVE-2024-40976.html * https://www.suse.com/security/cve/CVE-2024-40977.html * https://www.suse.com/security/cve/CVE-2024-40981.html * https://www.suse.com/security/cve/CVE-2024-40982.html * https://www.suse.com/security/cve/CVE-2024-40984.html * https://www.suse.com/security/cve/CVE-2024-40987.html * https://www.suse.com/security/cve/CVE-2024-40988.html * https://www.suse.com/security/cve/CVE-2024-40989.html * https://www.suse.com/security/cve/CVE-2024-40990.html * https://www.suse.com/security/cve/CVE-2024-40994.html * https://www.suse.com/security/cve/CVE-2024-40998.html * https://www.suse.com/security/cve/CVE-2024-40999.html * https://www.suse.com/security/cve/CVE-2024-41002.html * https://www.suse.com/security/cve/CVE-2024-41004.html * https://www.suse.com/security/cve/CVE-2024-41006.html * https://www.suse.com/security/cve/CVE-2024-41009.html * https://www.suse.com/security/cve/CVE-2024-41011.html * https://www.suse.com/security/cve/CVE-2024-41012.html * https://www.suse.com/security/cve/CVE-2024-41013.html * https://www.suse.com/security/cve/CVE-2024-41014.html * https://www.suse.com/security/cve/CVE-2024-41015.html * https://www.suse.com/security/cve/CVE-2024-41016.html * https://www.suse.com/security/cve/CVE-2024-41017.html * https://www.suse.com/security/cve/CVE-2024-41040.html * https://www.suse.com/security/cve/CVE-2024-41041.html * https://www.suse.com/security/cve/CVE-2024-41044.html * https://www.suse.com/security/cve/CVE-2024-41048.html * https://www.suse.com/security/cve/CVE-2024-41057.html * https://www.suse.com/security/cve/CVE-2024-41058.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-41063.html * https://www.suse.com/security/cve/CVE-2024-41064.html * https://www.suse.com/security/cve/CVE-2024-41066.html * https://www.suse.com/security/cve/CVE-2024-41069.html * https://www.suse.com/security/cve/CVE-2024-41070.html * https://www.suse.com/security/cve/CVE-2024-41071.html * https://www.suse.com/security/cve/CVE-2024-41072.html * https://www.suse.com/security/cve/CVE-2024-41076.html * https://www.suse.com/security/cve/CVE-2024-41078.html * https://www.suse.com/security/cve/CVE-2024-41081.html * https://www.suse.com/security/cve/CVE-2024-41087.html * https://www.suse.com/security/cve/CVE-2024-41090.html * https://www.suse.com/security/cve/CVE-2024-41091.html * https://www.suse.com/security/cve/CVE-2024-42070.html * https://www.suse.com/security/cve/CVE-2024-42079.html * https://www.suse.com/security/cve/CVE-2024-42093.html * https://www.suse.com/security/cve/CVE-2024-42096.html * https://www.suse.com/security/cve/CVE-2024-42105.html * https://www.suse.com/security/cve/CVE-2024-42122.html * https://www.suse.com/security/cve/CVE-2024-42124.html * https://www.suse.com/security/cve/CVE-2024-42145.html * https://www.suse.com/security/cve/CVE-2024-42161.html * https://www.suse.com/security/cve/CVE-2024-42224.html * https://www.suse.com/security/cve/CVE-2024-42230.html * https://bugzilla.suse.com/show_bug.cgi?id=1082555 * https://bugzilla.suse.com/show_bug.cgi?id=1193454 * https://bugzilla.suse.com/show_bug.cgi?id=1193554 * https://bugzilla.suse.com/show_bug.cgi?id=1193787 * https://bugzilla.suse.com/show_bug.cgi?id=1194324 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1195357 * https://bugzilla.suse.com/show_bug.cgi?id=1195668 * https://bugzilla.suse.com/show_bug.cgi?id=1195927 * https://bugzilla.suse.com/show_bug.cgi?id=1195957 * https://bugzilla.suse.com/show_bug.cgi?id=1196018 * https://bugzilla.suse.com/show_bug.cgi?id=1196823 * https://bugzilla.suse.com/show_bug.cgi?id=1197146 * https://bugzilla.suse.com/show_bug.cgi?id=1197246 * https://bugzilla.suse.com/show_bug.cgi?id=1197762 * https://bugzilla.suse.com/show_bug.cgi?id=1202346 * https://bugzilla.suse.com/show_bug.cgi?id=1202686 * https://bugzilla.suse.com/show_bug.cgi?id=1208783 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1213123 * https://bugzilla.suse.com/show_bug.cgi?id=1215492 * https://bugzilla.suse.com/show_bug.cgi?id=1215587 * https://bugzilla.suse.com/show_bug.cgi?id=1216834 * https://bugzilla.suse.com/show_bug.cgi?id=1219832 * https://bugzilla.suse.com/show_bug.cgi?id=1220138 * https://bugzilla.suse.com/show_bug.cgi?id=1220185 * https://bugzilla.suse.com/show_bug.cgi?id=1220186 * https://bugzilla.suse.com/show_bug.cgi?id=1220187 * https://bugzilla.suse.com/show_bug.cgi?id=1220869 * https://bugzilla.suse.com/show_bug.cgi?id=1220876 * https://bugzilla.suse.com/show_bug.cgi?id=1220942 * https://bugzilla.suse.com/show_bug.cgi?id=1220952 * https://bugzilla.suse.com/show_bug.cgi?id=1221010 * https://bugzilla.suse.com/show_bug.cgi?id=1221044 * https://bugzilla.suse.com/show_bug.cgi?id=1221647 * https://bugzilla.suse.com/show_bug.cgi?id=1221654 * https://bugzilla.suse.com/show_bug.cgi?id=1221656 * https://bugzilla.suse.com/show_bug.cgi?id=1221659 * https://bugzilla.suse.com/show_bug.cgi?id=1221777 * https://bugzilla.suse.com/show_bug.cgi?id=1222011 * https://bugzilla.suse.com/show_bug.cgi?id=1222323 * https://bugzilla.suse.com/show_bug.cgi?id=1222326 * https://bugzilla.suse.com/show_bug.cgi?id=1222328 * https://bugzilla.suse.com/show_bug.cgi?id=1222625 * https://bugzilla.suse.com/show_bug.cgi?id=1222702 * https://bugzilla.suse.com/show_bug.cgi?id=1222728 * https://bugzilla.suse.com/show_bug.cgi?id=1222799 * https://bugzilla.suse.com/show_bug.cgi?id=1222809 * https://bugzilla.suse.com/show_bug.cgi?id=1222810 * https://bugzilla.suse.com/show_bug.cgi?id=1223021 * https://bugzilla.suse.com/show_bug.cgi?id=1223180 * https://bugzilla.suse.com/show_bug.cgi?id=1223635 * https://bugzilla.suse.com/show_bug.cgi?id=1223652 * https://bugzilla.suse.com/show_bug.cgi?id=1223675 * https://bugzilla.suse.com/show_bug.cgi?id=1223778 * https://bugzilla.suse.com/show_bug.cgi?id=1223806 * https://bugzilla.suse.com/show_bug.cgi?id=1223813 * https://bugzilla.suse.com/show_bug.cgi?id=1223815 * https://bugzilla.suse.com/show_bug.cgi?id=1223836 * https://bugzilla.suse.com/show_bug.cgi?id=1223863 * https://bugzilla.suse.com/show_bug.cgi?id=1224414 * https://bugzilla.suse.com/show_bug.cgi?id=1224499 * https://bugzilla.suse.com/show_bug.cgi?id=1224500 * https://bugzilla.suse.com/show_bug.cgi?id=1224512 * https://bugzilla.suse.com/show_bug.cgi?id=1224516 * https://bugzilla.suse.com/show_bug.cgi?id=1224517 * https://bugzilla.suse.com/show_bug.cgi?id=1224545 * https://bugzilla.suse.com/show_bug.cgi?id=1224548 * https://bugzilla.suse.com/show_bug.cgi?id=1224557 * https://bugzilla.suse.com/show_bug.cgi?id=1224572 * https://bugzilla.suse.com/show_bug.cgi?id=1224573 * https://bugzilla.suse.com/show_bug.cgi?id=1224585 * https://bugzilla.suse.com/show_bug.cgi?id=1224604 * https://bugzilla.suse.com/show_bug.cgi?id=1224636 * https://bugzilla.suse.com/show_bug.cgi?id=1224641 * https://bugzilla.suse.com/show_bug.cgi?id=1224683 * https://bugzilla.suse.com/show_bug.cgi?id=1224694 * https://bugzilla.suse.com/show_bug.cgi?id=1224700 * https://bugzilla.suse.com/show_bug.cgi?id=1224743 * https://bugzilla.suse.com/show_bug.cgi?id=1225088 * https://bugzilla.suse.com/show_bug.cgi?id=1225272 * https://bugzilla.suse.com/show_bug.cgi?id=1225301 * https://bugzilla.suse.com/show_bug.cgi?id=1225475 * https://bugzilla.suse.com/show_bug.cgi?id=1225489 * https://bugzilla.suse.com/show_bug.cgi?id=1225504 * https://bugzilla.suse.com/show_bug.cgi?id=1225505 * https://bugzilla.suse.com/show_bug.cgi?id=1225564 * https://bugzilla.suse.com/show_bug.cgi?id=1225573 * https://bugzilla.suse.com/show_bug.cgi?id=1225581 * https://bugzilla.suse.com/show_bug.cgi?id=1225586 * https://bugzilla.suse.com/show_bug.cgi?id=1225711 * https://bugzilla.suse.com/show_bug.cgi?id=1225717 * https://bugzilla.suse.com/show_bug.cgi?id=1225719 * https://bugzilla.suse.com/show_bug.cgi?id=1225744 * https://bugzilla.suse.com/show_bug.cgi?id=1225745 * https://bugzilla.suse.com/show_bug.cgi?id=1225746 * https://bugzilla.suse.com/show_bug.cgi?id=1225752 * https://bugzilla.suse.com/show_bug.cgi?id=1225753 * https://bugzilla.suse.com/show_bug.cgi?id=1225757 * https://bugzilla.suse.com/show_bug.cgi?id=1225767 * https://bugzilla.suse.com/show_bug.cgi?id=1225810 * https://bugzilla.suse.com/show_bug.cgi?id=1225815 * https://bugzilla.suse.com/show_bug.cgi?id=1225820 * https://bugzilla.suse.com/show_bug.cgi?id=1225829 * https://bugzilla.suse.com/show_bug.cgi?id=1225835 * https://bugzilla.suse.com/show_bug.cgi?id=1225838 * https://bugzilla.suse.com/show_bug.cgi?id=1225839 * https://bugzilla.suse.com/show_bug.cgi?id=1225843 * https://bugzilla.suse.com/show_bug.cgi?id=1225847 * https://bugzilla.suse.com/show_bug.cgi?id=1225851 * https://bugzilla.suse.com/show_bug.cgi?id=1225856 * https://bugzilla.suse.com/show_bug.cgi?id=1225895 * https://bugzilla.suse.com/show_bug.cgi?id=1225898 * https://bugzilla.suse.com/show_bug.cgi?id=1225903 * https://bugzilla.suse.com/show_bug.cgi?id=1226202 * https://bugzilla.suse.com/show_bug.cgi?id=1226502 * https://bugzilla.suse.com/show_bug.cgi?id=1226519 * https://bugzilla.suse.com/show_bug.cgi?id=1226551 * https://bugzilla.suse.com/show_bug.cgi?id=1226555 * https://bugzilla.suse.com/show_bug.cgi?id=1226565 * https://bugzilla.suse.com/show_bug.cgi?id=1226568 * https://bugzilla.suse.com/show_bug.cgi?id=1226570 * https://bugzilla.suse.com/show_bug.cgi?id=1226571 * https://bugzilla.suse.com/show_bug.cgi?id=1226574 * https://bugzilla.suse.com/show_bug.cgi?id=1226588 * https://bugzilla.suse.com/show_bug.cgi?id=1226607 * https://bugzilla.suse.com/show_bug.cgi?id=1226650 * https://bugzilla.suse.com/show_bug.cgi?id=1226698 * https://bugzilla.suse.com/show_bug.cgi?id=1226713 * https://bugzilla.suse.com/show_bug.cgi?id=1226716 * https://bugzilla.suse.com/show_bug.cgi?id=1226750 * https://bugzilla.suse.com/show_bug.cgi?id=1226757 * https://bugzilla.suse.com/show_bug.cgi?id=1226758 * https://bugzilla.suse.com/show_bug.cgi?id=1226775 * https://bugzilla.suse.com/show_bug.cgi?id=1226783 * https://bugzilla.suse.com/show_bug.cgi?id=1226785 * https://bugzilla.suse.com/show_bug.cgi?id=1226834 * https://bugzilla.suse.com/show_bug.cgi?id=1226837 * https://bugzilla.suse.com/show_bug.cgi?id=1226911 * https://bugzilla.suse.com/show_bug.cgi?id=1226990 * https://bugzilla.suse.com/show_bug.cgi?id=1226993 * https://bugzilla.suse.com/show_bug.cgi?id=1227090 * https://bugzilla.suse.com/show_bug.cgi?id=1227121 * https://bugzilla.suse.com/show_bug.cgi?id=1227157 * https://bugzilla.suse.com/show_bug.cgi?id=1227162 * https://bugzilla.suse.com/show_bug.cgi?id=1227362 * https://bugzilla.suse.com/show_bug.cgi?id=1227383 * https://bugzilla.suse.com/show_bug.cgi?id=1227432 * https://bugzilla.suse.com/show_bug.cgi?id=1227435 * https://bugzilla.suse.com/show_bug.cgi?id=1227447 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227549 * https://bugzilla.suse.com/show_bug.cgi?id=1227573 * https://bugzilla.suse.com/show_bug.cgi?id=1227618 * https://bugzilla.suse.com/show_bug.cgi?id=1227620 * https://bugzilla.suse.com/show_bug.cgi?id=1227626 * https://bugzilla.suse.com/show_bug.cgi?id=1227635 * https://bugzilla.suse.com/show_bug.cgi?id=1227661 * https://bugzilla.suse.com/show_bug.cgi?id=1227716 * https://bugzilla.suse.com/show_bug.cgi?id=1227722 * https://bugzilla.suse.com/show_bug.cgi?id=1227724 * https://bugzilla.suse.com/show_bug.cgi?id=1227725 * https://bugzilla.suse.com/show_bug.cgi?id=1227728 * https://bugzilla.suse.com/show_bug.cgi?id=1227729 * https://bugzilla.suse.com/show_bug.cgi?id=1227730 * https://bugzilla.suse.com/show_bug.cgi?id=1227732 * https://bugzilla.suse.com/show_bug.cgi?id=1227733 * https://bugzilla.suse.com/show_bug.cgi?id=1227750 * https://bugzilla.suse.com/show_bug.cgi?id=1227754 * https://bugzilla.suse.com/show_bug.cgi?id=1227755 * https://bugzilla.suse.com/show_bug.cgi?id=1227760 * https://bugzilla.suse.com/show_bug.cgi?id=1227762 * https://bugzilla.suse.com/show_bug.cgi?id=1227763 * https://bugzilla.suse.com/show_bug.cgi?id=1227764 * https://bugzilla.suse.com/show_bug.cgi?id=1227766 * https://bugzilla.suse.com/show_bug.cgi?id=1227770 * https://bugzilla.suse.com/show_bug.cgi?id=1227771 * https://bugzilla.suse.com/show_bug.cgi?id=1227772 * https://bugzilla.suse.com/show_bug.cgi?id=1227774 * https://bugzilla.suse.com/show_bug.cgi?id=1227779 * https://bugzilla.suse.com/show_bug.cgi?id=1227780 * https://bugzilla.suse.com/show_bug.cgi?id=1227783 * https://bugzilla.suse.com/show_bug.cgi?id=1227786 * https://bugzilla.suse.com/show_bug.cgi?id=1227787 * https://bugzilla.suse.com/show_bug.cgi?id=1227790 * https://bugzilla.suse.com/show_bug.cgi?id=1227792 * https://bugzilla.suse.com/show_bug.cgi?id=1227796 * https://bugzilla.suse.com/show_bug.cgi?id=1227797 * https://bugzilla.suse.com/show_bug.cgi?id=1227798 * https://bugzilla.suse.com/show_bug.cgi?id=1227800 * https://bugzilla.suse.com/show_bug.cgi?id=1227802 * https://bugzilla.suse.com/show_bug.cgi?id=1227806 * https://bugzilla.suse.com/show_bug.cgi?id=1227808 * https://bugzilla.suse.com/show_bug.cgi?id=1227810 * https://bugzilla.suse.com/show_bug.cgi?id=1227812 * https://bugzilla.suse.com/show_bug.cgi?id=1227813 * https://bugzilla.suse.com/show_bug.cgi?id=1227814 * https://bugzilla.suse.com/show_bug.cgi?id=1227816 * https://bugzilla.suse.com/show_bug.cgi?id=1227820 * https://bugzilla.suse.com/show_bug.cgi?id=1227823 * https://bugzilla.suse.com/show_bug.cgi?id=1227824 * https://bugzilla.suse.com/show_bug.cgi?id=1227828 * https://bugzilla.suse.com/show_bug.cgi?id=1227829 * https://bugzilla.suse.com/show_bug.cgi?id=1227836 * https://bugzilla.suse.com/show_bug.cgi?id=1227846 * https://bugzilla.suse.com/show_bug.cgi?id=1227849 * https://bugzilla.suse.com/show_bug.cgi?id=1227851 * https://bugzilla.suse.com/show_bug.cgi?id=1227862 * https://bugzilla.suse.com/show_bug.cgi?id=1227864 * https://bugzilla.suse.com/show_bug.cgi?id=1227865 * https://bugzilla.suse.com/show_bug.cgi?id=1227866 * https://bugzilla.suse.com/show_bug.cgi?id=1227870 * https://bugzilla.suse.com/show_bug.cgi?id=1227884 * https://bugzilla.suse.com/show_bug.cgi?id=1227886 * https://bugzilla.suse.com/show_bug.cgi?id=1227891 * https://bugzilla.suse.com/show_bug.cgi?id=1227893 * https://bugzilla.suse.com/show_bug.cgi?id=1227899 * https://bugzilla.suse.com/show_bug.cgi?id=1227900 * https://bugzilla.suse.com/show_bug.cgi?id=1227910 * https://bugzilla.suse.com/show_bug.cgi?id=1227913 * https://bugzilla.suse.com/show_bug.cgi?id=1227917 * https://bugzilla.suse.com/show_bug.cgi?id=1227919 * https://bugzilla.suse.com/show_bug.cgi?id=1227920 * https://bugzilla.suse.com/show_bug.cgi?id=1227921 * https://bugzilla.suse.com/show_bug.cgi?id=1227922 * https://bugzilla.suse.com/show_bug.cgi?id=1227923 * https://bugzilla.suse.com/show_bug.cgi?id=1227924 * https://bugzilla.suse.com/show_bug.cgi?id=1227925 * https://bugzilla.suse.com/show_bug.cgi?id=1227927 * https://bugzilla.suse.com/show_bug.cgi?id=1227928 * https://bugzilla.suse.com/show_bug.cgi?id=1227931 * https://bugzilla.suse.com/show_bug.cgi?id=1227932 * https://bugzilla.suse.com/show_bug.cgi?id=1227933 * https://bugzilla.suse.com/show_bug.cgi?id=1227935 * https://bugzilla.suse.com/show_bug.cgi?id=1227936 * https://bugzilla.suse.com/show_bug.cgi?id=1227938 * https://bugzilla.suse.com/show_bug.cgi?id=1227941 * https://bugzilla.suse.com/show_bug.cgi?id=1227942 * https://bugzilla.suse.com/show_bug.cgi?id=1227944 * https://bugzilla.suse.com/show_bug.cgi?id=1227945 * https://bugzilla.suse.com/show_bug.cgi?id=1227947 * https://bugzilla.suse.com/show_bug.cgi?id=1227948 * https://bugzilla.suse.com/show_bug.cgi?id=1227949 * https://bugzilla.suse.com/show_bug.cgi?id=1227950 * https://bugzilla.suse.com/show_bug.cgi?id=1227952 * https://bugzilla.suse.com/show_bug.cgi?id=1227953 * https://bugzilla.suse.com/show_bug.cgi?id=1227954 * https://bugzilla.suse.com/show_bug.cgi?id=1227956 * https://bugzilla.suse.com/show_bug.cgi?id=1227957 * https://bugzilla.suse.com/show_bug.cgi?id=1227963 * https://bugzilla.suse.com/show_bug.cgi?id=1227964 * https://bugzilla.suse.com/show_bug.cgi?id=1227965 * https://bugzilla.suse.com/show_bug.cgi?id=1227968 * https://bugzilla.suse.com/show_bug.cgi?id=1227969 * https://bugzilla.suse.com/show_bug.cgi?id=1227970 * https://bugzilla.suse.com/show_bug.cgi?id=1227971 * https://bugzilla.suse.com/show_bug.cgi?id=1227972 * https://bugzilla.suse.com/show_bug.cgi?id=1227975 * https://bugzilla.suse.com/show_bug.cgi?id=1227976 * https://bugzilla.suse.com/show_bug.cgi?id=1227981 * https://bugzilla.suse.com/show_bug.cgi?id=1227982 * https://bugzilla.suse.com/show_bug.cgi?id=1227985 * https://bugzilla.suse.com/show_bug.cgi?id=1227986 * https://bugzilla.suse.com/show_bug.cgi?id=1227987 * https://bugzilla.suse.com/show_bug.cgi?id=1227988 * https://bugzilla.suse.com/show_bug.cgi?id=1227989 * https://bugzilla.suse.com/show_bug.cgi?id=1227990 * https://bugzilla.suse.com/show_bug.cgi?id=1227991 * https://bugzilla.suse.com/show_bug.cgi?id=1227992 * https://bugzilla.suse.com/show_bug.cgi?id=1227993 * https://bugzilla.suse.com/show_bug.cgi?id=1227995 * https://bugzilla.suse.com/show_bug.cgi?id=1227996 * https://bugzilla.suse.com/show_bug.cgi?id=1227997 * https://bugzilla.suse.com/show_bug.cgi?id=1228000 * https://bugzilla.suse.com/show_bug.cgi?id=1228002 * https://bugzilla.suse.com/show_bug.cgi?id=1228003 * https://bugzilla.suse.com/show_bug.cgi?id=1228004 * https://bugzilla.suse.com/show_bug.cgi?id=1228005 * https://bugzilla.suse.com/show_bug.cgi?id=1228006 * https://bugzilla.suse.com/show_bug.cgi?id=1228007 * https://bugzilla.suse.com/show_bug.cgi?id=1228008 * https://bugzilla.suse.com/show_bug.cgi?id=1228009 * https://bugzilla.suse.com/show_bug.cgi?id=1228010 * https://bugzilla.suse.com/show_bug.cgi?id=1228011 * https://bugzilla.suse.com/show_bug.cgi?id=1228013 * https://bugzilla.suse.com/show_bug.cgi?id=1228014 * https://bugzilla.suse.com/show_bug.cgi?id=1228015 * https://bugzilla.suse.com/show_bug.cgi?id=1228019 * https://bugzilla.suse.com/show_bug.cgi?id=1228020 * https://bugzilla.suse.com/show_bug.cgi?id=1228025 * https://bugzilla.suse.com/show_bug.cgi?id=1228028 * https://bugzilla.suse.com/show_bug.cgi?id=1228035 * https://bugzilla.suse.com/show_bug.cgi?id=1228037 * https://bugzilla.suse.com/show_bug.cgi?id=1228038 * https://bugzilla.suse.com/show_bug.cgi?id=1228039 * https://bugzilla.suse.com/show_bug.cgi?id=1228040 * https://bugzilla.suse.com/show_bug.cgi?id=1228045 * https://bugzilla.suse.com/show_bug.cgi?id=1228054 * https://bugzilla.suse.com/show_bug.cgi?id=1228055 * https://bugzilla.suse.com/show_bug.cgi?id=1228056 * https://bugzilla.suse.com/show_bug.cgi?id=1228060 * https://bugzilla.suse.com/show_bug.cgi?id=1228061 * https://bugzilla.suse.com/show_bug.cgi?id=1228062 * https://bugzilla.suse.com/show_bug.cgi?id=1228063 * https://bugzilla.suse.com/show_bug.cgi?id=1228064 * https://bugzilla.suse.com/show_bug.cgi?id=1228066 * https://bugzilla.suse.com/show_bug.cgi?id=1228067 * https://bugzilla.suse.com/show_bug.cgi?id=1228068 * https://bugzilla.suse.com/show_bug.cgi?id=1228071 * https://bugzilla.suse.com/show_bug.cgi?id=1228079 * https://bugzilla.suse.com/show_bug.cgi?id=1228090 * https://bugzilla.suse.com/show_bug.cgi?id=1228114 * https://bugzilla.suse.com/show_bug.cgi?id=1228140 * https://bugzilla.suse.com/show_bug.cgi?id=1228190 * https://bugzilla.suse.com/show_bug.cgi?id=1228191 * https://bugzilla.suse.com/show_bug.cgi?id=1228195 * https://bugzilla.suse.com/show_bug.cgi?id=1228202 * https://bugzilla.suse.com/show_bug.cgi?id=1228226 * https://bugzilla.suse.com/show_bug.cgi?id=1228235 * https://bugzilla.suse.com/show_bug.cgi?id=1228237 * https://bugzilla.suse.com/show_bug.cgi?id=1228247 * https://bugzilla.suse.com/show_bug.cgi?id=1228327 * https://bugzilla.suse.com/show_bug.cgi?id=1228328 * https://bugzilla.suse.com/show_bug.cgi?id=1228330 * https://bugzilla.suse.com/show_bug.cgi?id=1228403 * https://bugzilla.suse.com/show_bug.cgi?id=1228405 * https://bugzilla.suse.com/show_bug.cgi?id=1228408 * https://bugzilla.suse.com/show_bug.cgi?id=1228409 * https://bugzilla.suse.com/show_bug.cgi?id=1228410 * https://bugzilla.suse.com/show_bug.cgi?id=1228418 * https://bugzilla.suse.com/show_bug.cgi?id=1228440 * https://bugzilla.suse.com/show_bug.cgi?id=1228459 * https://bugzilla.suse.com/show_bug.cgi?id=1228462 * https://bugzilla.suse.com/show_bug.cgi?id=1228470 * https://bugzilla.suse.com/show_bug.cgi?id=1228518 * https://bugzilla.suse.com/show_bug.cgi?id=1228520 * https://bugzilla.suse.com/show_bug.cgi?id=1228530 * https://bugzilla.suse.com/show_bug.cgi?id=1228561 * https://bugzilla.suse.com/show_bug.cgi?id=1228565 * https://bugzilla.suse.com/show_bug.cgi?id=1228580 * https://bugzilla.suse.com/show_bug.cgi?id=1228581 * https://bugzilla.suse.com/show_bug.cgi?id=1228591 * https://bugzilla.suse.com/show_bug.cgi?id=1228599 * https://bugzilla.suse.com/show_bug.cgi?id=1228617 * https://bugzilla.suse.com/show_bug.cgi?id=1228625 * https://bugzilla.suse.com/show_bug.cgi?id=1228626 * https://bugzilla.suse.com/show_bug.cgi?id=1228633 * https://bugzilla.suse.com/show_bug.cgi?id=1228640 * https://bugzilla.suse.com/show_bug.cgi?id=1228644 * https://bugzilla.suse.com/show_bug.cgi?id=1228649 * https://bugzilla.suse.com/show_bug.cgi?id=1228655 * https://bugzilla.suse.com/show_bug.cgi?id=1228665 * https://bugzilla.suse.com/show_bug.cgi?id=1228672 * https://bugzilla.suse.com/show_bug.cgi?id=1228680 * https://bugzilla.suse.com/show_bug.cgi?id=1228705 * https://bugzilla.suse.com/show_bug.cgi?id=1228723 * https://bugzilla.suse.com/show_bug.cgi?id=1228743 * https://bugzilla.suse.com/show_bug.cgi?id=1228756 * https://bugzilla.suse.com/show_bug.cgi?id=1228801 * https://bugzilla.suse.com/show_bug.cgi?id=1228850 * https://bugzilla.suse.com/show_bug.cgi?id=1228857 * https://jira.suse.com/browse/PED-8582 * https://jira.suse.com/browse/PED-8690

1 0

SUSE-SU-2024:2948-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 16 Aug '24

16 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:2948-1 Rating: important References: * bsc#1065729 * bsc#1179610 * bsc#1186463 * bsc#1216834 * bsc#1218820 * bsc#1220185 * bsc#1220186 * bsc#1220187 * bsc#1221539 * bsc#1222728 * bsc#1222824 * bsc#1223863 * bsc#1224918 * bsc#1225404 * bsc#1225431 * bsc#1226519 * bsc#1226550 * bsc#1226574 * bsc#1226575 * bsc#1226662 * bsc#1226666 * bsc#1226785 * bsc#1227213 * bsc#1227362 * bsc#1227487 * bsc#1227716 * bsc#1227750 * bsc#1227810 * bsc#1227836 * bsc#1227976 * bsc#1228013 * bsc#1228040 * bsc#1228114 * bsc#1228328 * bsc#1228561 * bsc#1228644 * bsc#1228743 Cross-References: * CVE-2020-26558 * CVE-2021-0129 * CVE-2021-47126 * CVE-2021-47219 * CVE-2021-47291 * CVE-2021-47506 * CVE-2021-47520 * CVE-2021-47580 * CVE-2021-47598 * CVE-2021-47600 * CVE-2022-48792 * CVE-2022-48821 * CVE-2022-48822 * CVE-2023-52686 * CVE-2023-52885 * CVE-2024-26583 * CVE-2024-26584 * CVE-2024-26585 * CVE-2024-26800 * CVE-2024-36974 * CVE-2024-38559 * CVE-2024-39494 * CVE-2024-40937 * CVE-2024-40956 * CVE-2024-41011 * CVE-2024-41059 * CVE-2024-41069 * CVE-2024-41090 * CVE-2024-42145 CVSS scores: * CVE-2020-26558 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2020-26558 ( NVD ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2021-0129 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2021-0129 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47126 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47219 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47506 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47520 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47520 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47580 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47600 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48792 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48821 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52686 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52885 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26583 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26583 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26584 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26800 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-36974 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-38559 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-39494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40956 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41011 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41069 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41069 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41090 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-42145 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-42145 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 29 vulnerabilities and has eight security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610). * CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463). * CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). * CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). * CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404). * CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). * CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). * CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575). * CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). * CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). * CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). * CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). * CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). * CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). * CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). * CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). * CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). * CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). * CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). * CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). * CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). * CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). The following non-security bugs were fixed: * Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) * nfs: Clean up directory array handling (bsc#1226662). * nfs: Clean up nfs_readdir_page_filler() (bsc#1226662). * nfs: Clean up readdir struct nfs_cache_array (bsc#1226662). * nfs: Do not discard readdir results (bsc#1226662). * nfs: Do not overfill uncached readdir pages (bsc#1226662). * nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662). * nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). * nfs: Fix up directory verifier races (bsc#1226662). * nfs: Further optimisations for 'ls -l' (bsc#1226662). * nfs: More readdir cleanups (bsc#1226662). * nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). * nfs: Reduce use of uncached readdir (bsc#1226662). * nfs: Support larger readdir buffers (bsc#1226662). * nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662). * nfs: optimise readdir cache page invalidation (bsc#1226662). * nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) * ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). * powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). * powerpc/rtas: clean up includes (bsc#1227487). * x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-2948=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-2948=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-2948=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2948=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2948=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2948=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2948=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2948=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2948=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2948=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * openSUSE Leap 15.3 (noarch) * kernel-source-5.3.18-150300.59.170.1 * kernel-macros-5.3.18-150300.59.170.1 * kernel-source-vanilla-5.3.18-150300.59.170.1 * kernel-docs-html-5.3.18-150300.59.170.2 * kernel-devel-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.170.1 * kernel-debug-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-5.3.18-150300.59.170.1 * kernel-debug-debuginfo-5.3.18-150300.59.170.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.170.1 * kernel-debug-livepatch-devel-5.3.18-150300.59.170.1 * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.170.1 * kernel-debug-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-debug-debugsource-5.3.18-150300.59.170.1 * kernel-debug-devel-5.3.18-150300.59.170.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.170.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-base-rebuild-5.3.18-150300.59.170.1.150300.18.100.1 * dlm-kmp-default-5.3.18-150300.59.170.1 * kernel-default-optional-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-extra-debuginfo-5.3.18-150300.59.170.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-extra-5.3.18-150300.59.170.1 * kernel-default-livepatch-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-5.3.18-150300.59.170.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kselftests-kmp-default-5.3.18-150300.59.170.1 * kernel-obs-qa-5.3.18-150300.59.170.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-default-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * ocfs2-kmp-default-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-default-1-150300.7.3.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-1-150300.7.3.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_170-preempt-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-preempt-debuginfo-1-150300.7.3.1 * openSUSE Leap 15.3 (aarch64 x86_64) * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-extra-5.3.18-150300.59.170.1 * kselftests-kmp-preempt-5.3.18-150300.59.170.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-optional-5.3.18-150300.59.170.1 * reiserfs-kmp-preempt-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-devel-5.3.18-150300.59.170.1 * gfs2-kmp-preempt-5.3.18-150300.59.170.1 * kernel-preempt-livepatch-devel-5.3.18-150300.59.170.1 * cluster-md-kmp-preempt-5.3.18-150300.59.170.1 * ocfs2-kmp-preempt-5.3.18-150300.59.170.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.170.1 * dlm-kmp-preempt-5.3.18-150300.59.170.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.170.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64) * dtb-mediatek-5.3.18-150300.59.170.1 * dlm-kmp-64kb-5.3.18-150300.59.170.1 * dtb-qcom-5.3.18-150300.59.170.1 * dtb-lg-5.3.18-150300.59.170.1 * dtb-broadcom-5.3.18-150300.59.170.1 * kernel-64kb-livepatch-devel-5.3.18-150300.59.170.1 * dtb-socionext-5.3.18-150300.59.170.1 * dtb-apm-5.3.18-150300.59.170.1 * dtb-nvidia-5.3.18-150300.59.170.1 * dtb-zte-5.3.18-150300.59.170.1 * ocfs2-kmp-64kb-5.3.18-150300.59.170.1 * dtb-renesas-5.3.18-150300.59.170.1 * dtb-exynos-5.3.18-150300.59.170.1 * dtb-rockchip-5.3.18-150300.59.170.1 * kselftests-kmp-64kb-5.3.18-150300.59.170.1 * dtb-hisilicon-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * dtb-cavium-5.3.18-150300.59.170.1 * dtb-freescale-5.3.18-150300.59.170.1 * gfs2-kmp-64kb-5.3.18-150300.59.170.1 * dtb-al-5.3.18-150300.59.170.1 * dtb-allwinner-5.3.18-150300.59.170.1 * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-extra-5.3.18-150300.59.170.1 * dtb-amd-5.3.18-150300.59.170.1 * dtb-marvell-5.3.18-150300.59.170.1 * dtb-arm-5.3.18-150300.59.170.1 * dtb-xilinx-5.3.18-150300.59.170.1 * dtb-altera-5.3.18-150300.59.170.1 * dtb-amlogic-5.3.18-150300.59.170.1 * reiserfs-kmp-64kb-5.3.18-150300.59.170.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-64kb-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-optional-5.3.18-150300.59.170.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.170.1 * dtb-sprd-5.3.18-150300.59.170.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-livepatch-devel-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-livepatch-SLE15-SP3_Update_47-debugsource-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-default-debuginfo-1-150300.7.3.1 * kernel-livepatch-5_3_18-150300_59_170-default-1-150300.7.3.1 * kernel-default-livepatch-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-5.3.18-150300.59.170.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.170.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.170.1 * gfs2-kmp-default-5.3.18-150300.59.170.1 * dlm-kmp-default-5.3.18-150300.59.170.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.170.1 * ocfs2-kmp-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.170.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.170.1 * kernel-64kb-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-64kb-devel-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.170.1 * kernel-default-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-preempt-debuginfo-5.3.18-150300.59.170.1 * reiserfs-kmp-default-5.3.18-150300.59.170.1 * kernel-preempt-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-syms-5.3.18-150300.59.170.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.170.1 * kernel-obs-build-debugsource-5.3.18-150300.59.170.1 * kernel-default-devel-5.3.18-150300.59.170.1 * kernel-obs-build-5.3.18-150300.59.170.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-macros-5.3.18-150300.59.170.1 * kernel-devel-5.3.18-150300.59.170.1 * kernel-source-5.3.18-150300.59.170.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.170.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.170.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.170.1.150300.18.100.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.170.1 * kernel-default-debugsource-5.3.18-150300.59.170.1 ## References: * https://www.suse.com/security/cve/CVE-2020-26558.html * https://www.suse.com/security/cve/CVE-2021-0129.html * https://www.suse.com/security/cve/CVE-2021-47126.html * https://www.suse.com/security/cve/CVE-2021-47219.html * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47506.html * https://www.suse.com/security/cve/CVE-2021-47520.html * https://www.suse.com/security/cve/CVE-2021-47580.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2021-47600.html * https://www.suse.com/security/cve/CVE-2022-48792.html * https://www.suse.com/security/cve/CVE-2022-48821.html * https://www.suse.com/security/cve/CVE-2022-48822.html * https://www.suse.com/security/cve/CVE-2023-52686.html * https://www.suse.com/security/cve/CVE-2023-52885.html * https://www.suse.com/security/cve/CVE-2024-26583.html * https://www.suse.com/security/cve/CVE-2024-26584.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://www.suse.com/security/cve/CVE-2024-26800.html * https://www.suse.com/security/cve/CVE-2024-36974.html * https://www.suse.com/security/cve/CVE-2024-38559.html * https://www.suse.com/security/cve/CVE-2024-39494.html * https://www.suse.com/security/cve/CVE-2024-40937.html * https://www.suse.com/security/cve/CVE-2024-40956.html * https://www.suse.com/security/cve/CVE-2024-41011.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-41069.html * https://www.suse.com/security/cve/CVE-2024-41090.html * https://www.suse.com/security/cve/CVE-2024-42145.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1179610 * https://bugzilla.suse.com/show_bug.cgi?id=1186463 * https://bugzilla.suse.com/show_bug.cgi?id=1216834 * https://bugzilla.suse.com/show_bug.cgi?id=1218820 * https://bugzilla.suse.com/show_bug.cgi?id=1220185 * https://bugzilla.suse.com/show_bug.cgi?id=1220186 * https://bugzilla.suse.com/show_bug.cgi?id=1220187 * https://bugzilla.suse.com/show_bug.cgi?id=1221539 * https://bugzilla.suse.com/show_bug.cgi?id=1222728 * https://bugzilla.suse.com/show_bug.cgi?id=1222824 * https://bugzilla.suse.com/show_bug.cgi?id=1223863 * https://bugzilla.suse.com/show_bug.cgi?id=1224918 * https://bugzilla.suse.com/show_bug.cgi?id=1225404 * https://bugzilla.suse.com/show_bug.cgi?id=1225431 * https://bugzilla.suse.com/show_bug.cgi?id=1226519 * https://bugzilla.suse.com/show_bug.cgi?id=1226550 * https://bugzilla.suse.com/show_bug.cgi?id=1226574 * https://bugzilla.suse.com/show_bug.cgi?id=1226575 * https://bugzilla.suse.com/show_bug.cgi?id=1226662 * https://bugzilla.suse.com/show_bug.cgi?id=1226666 * https://bugzilla.suse.com/show_bug.cgi?id=1226785 * https://bugzilla.suse.com/show_bug.cgi?id=1227213 * https://bugzilla.suse.com/show_bug.cgi?id=1227362 * https://bugzilla.suse.com/show_bug.cgi?id=1227487 * https://bugzilla.suse.com/show_bug.cgi?id=1227716 * https://bugzilla.suse.com/show_bug.cgi?id=1227750 * https://bugzilla.suse.com/show_bug.cgi?id=1227810 * https://bugzilla.suse.com/show_bug.cgi?id=1227836 * https://bugzilla.suse.com/show_bug.cgi?id=1227976 * https://bugzilla.suse.com/show_bug.cgi?id=1228013 * https://bugzilla.suse.com/show_bug.cgi?id=1228040 * https://bugzilla.suse.com/show_bug.cgi?id=1228114 * https://bugzilla.suse.com/show_bug.cgi?id=1228328 * https://bugzilla.suse.com/show_bug.cgi?id=1228561 * https://bugzilla.suse.com/show_bug.cgi?id=1228644 * https://bugzilla.suse.com/show_bug.cgi?id=1228743

1 0

openSUSE-SU-2024:0244-1: important: Security update for apptainer
by opensuse-security＠opensuse.org 16 Aug '24

16 Aug '24

openSUSE Security Update: Security update for apptainer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0244-1 Rating: important References: #1221364 #1224114 Cross-References: CVE-2023-30549 CVE-2023-38496 CVE-2024-3727 CVSS scores: CVE-2023-30549 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-38496 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2024-3727 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apptainer fixes the following issues: - Make sure, digest values handled by the Go library github.com/opencontainers/go-digest and used throughout the Go-implemented containers ecosystem are always validated. This prevents attackers from triggering unexpected authenticated registry accesses. (CVE-2024-3727, boo#1224114). - Updated apptainer to version 1.3.0 * FUSE mounts are now supported in setuid mode, enabling full functionality even when kernel filesystem mounts are insecure due to unprivileged users having write access to raw filesystems in containers. When allow `setuid-mount extfs = no` (the default) in apptainer.conf, then the fuse2fs image driver will be used to mount ext3 images in setuid mode instead of the kernel driver (ext3 images are primarily used for the `--overlay` feature), restoring functionality that was removed by default in Apptainer 1.1.8 because of the security risk. The allow `setuid-mount squashfs` configuration option in `apptainer.conf` now has a new default called `iflimited` which allows kernel squashfs mounts only if there is at least one `limit container` option set or if Execution Control Lists are activated in ecl.toml. If kernel squashfs mounts are are not allowed, then the squashfuse image driver will be used instead. `iflimited` is the default because if one of those limits are used the system administrator ensures that unprivileged users do not have write access to the containers, but on the other hand using FUSE would enable a user to theoretically bypass the limits via `ptrace()` because the FUSE process runs as that user. The `fuse-overlayfs` image driver will also now be tried in setuid mode if the kernel overlayfs driver does not work (for example if one of the layers is a FUSE filesystem). In addition, if `allow setuid-mount encrypted = no` then the unprivileged gocryptfs format will be used for encrypting SIF files instead of the kernel device-mapper. If a SIF file was encrypted using the gocryptfs format, it can now be mounted in setuid mode in addition to non-setuid mode. * Change the default in user namespace mode to use either kernel overlayfs or fuse-overlayfs instead of the underlay feature for the purpose of adding bind mount points. That was already the default in setuid mode; this change makes it consistent. The underlay feature can still be used with the `--underlay` option, but it is deprecated because the implementation is complicated and measurements have shown that the performance of underlay is similar to overlayfs and fuse-overlayfs. For now the underlay feature can be made the default again with a new `preferred` value on the `enable underlay` configuration option. Also the `--underlay` option can be used in setuid mode or as the root user, although it was ignored previously. * Prefer again to use kernel overlayfs over fuse-overlayfs when a lower layer is FUSE and there's no writable upper layer, undoing the change from 1.2.0. Another workaround was found for the problem that change addressed. This applies in both setuid mode and in user namespace mode. * `--cwd` is now the preferred form of the flag for setting the container's working directory, though `--pwd` is still supported for compatibility. * The way `--home` is handled when running as root (e.g. sudo apptainer) or with `--fakeroot` has changed. Previously, we were only modifying the `HOME` environment variable in these cases, while leaving the container's `/etc/passwd` file unchanged (with its homedir field pointing to `/root`, regardless of the value passed to `--home`). With this change, both value of HOME and the contents of `/etc/passwd` in the container will reflect the value passed to `--home` if the container is readonly. If the container is writable, the `/etc/passwd` file is left alone because it can interfere with commands that want to modify it. * The `--vm` and related flags to start apptainer inside a VM have been removed. This functionality was related to the retired Singularity Desktop / SyOS projects. * The keyserver-related commands that were under `remote` have been moved to their own, dedicated `keyserver` command. Run `apptainer help keyserver` for more information. * The commands related to OCI/Docker registries that were under `remote` have been moved to their own, dedicated `registry` command. Run `apptainer help registry` for more information. * The the `remote list` subcommand now outputs only remote endpoints (with keyservers and OCI/Docker registries having been moved to separate commands), and the output has been streamlined. * Adding a new remote endpoint using the `apptainer remote add` command will now set the new endpoint as default. This behavior can be suppressed by supplying the `--no-default` (or `-n`) flag to `remote add`. * Skip parsing build definition file template variables after comments beginning with a hash symbol. * The global `/tmp` directory is no longer used for gocryptfs mountpoints. - New Features & Functionality * The `remote status` command will now print the username, realname, and email of the logged-in user, if available. * Add monitoring feature support, which requires the usage of an additional tool named `apptheus`, this tool will put apptainer starter into a newly created cgroup and collect system metrics. * A new `--no-pid` flag for `apptainer run/shell/exec` disables the PID namespace inferred by `--containall` and `--compat`. * Added `--config` option to `keyserver` commands. * Honor an optional remoteName argument to the `keyserver list` command. * Added the `APPTAINER_ENCRYPTION_PEM_DATA` env var to allow for encrypting and running encrypted containers without a PEM file. * Adding `--sharens` mode for `apptainer exec/run/shell`, which enables to run multiple apptainer instances created by the same parent using the same image in the same user namespace. - Make 'gocryptfs' an optional dependency. - Make apptainer definition templates version dependent. - Fix 'apptainer build' using signed packages from the SUSE Registry (boo#1221364). - Updated apptainer to version 1.2.5 * Added `libnvidia-nvvm` to `nvliblist.conf`. Newer NVIDIA Drivers (known with >= 525.85.05) require this lib to compile OpenCL programs against NVIDIA GPUs, i.e. `libnvidia-opencl` depends on `libnvidia-nvvm`. * Disable the usage of cgroup in instance creation when `--fakeroot` is passed. * Disable the usage of cgroup in instance creation when `hidepid` mount option on `/proc` is set. * Fixed a regression introduced in 1.2.0 where the user's password file information was not copied in to the container when there was a parent root-mapped user namespace (as is the case for example in `cvmfsexec`). * Added the upcoming NVIDIA driver library `libnvidia-gpucomp.so` to the list of libraries to add to NVIDIA GPU-enabled containers. Fixed missing error handling during the creation of an encrypted image that lead to the generation of corrupted images. * Use `APPTAINER_TMPDIR` for temporary files during privileged image encryption. * If rootless unified cgroups v2 is available when starting an image but `XDG_RUNTIME_DIR` or `DBUS_SESSION_BUS_ADDRESS` is not set, print an info message that stats will not be available instead of exiting with a fatal error. * Allow templated build arguments to definition files to have empty values. - Package .def templates separately for different SPs. - Do not build squashfuse, require it as a dependency. - Replace awkward 'Obsoletes: singularity-*' as well as the 'Provides: Singularity' by 'Conflicts:' and drop the provides - the versioning scheme does not match and we do not automatically migrate from one to the other. - Exclude platforms which do not provide all build dependencies. - updated to 1.2.3 with following changes: * The apptainer push/pull commands now show a progress bar for the oras protocol like there was for docker and library protocols. * The --nv and --rocm flags can now be used simultaneously. * Fix the use of APPTAINER_CONFIGDIR with apptainer instance start and action commands that refer to instance://. * Fix the issue that apptainer would not read credentials from the Docker fallback path ~/.docker/config.json if missing in the apptainer credentials. - updated to 1.2.2 with following changes: * Fix $APPTAINER_MESSAGELEVEL to correctly set the logging level. * Fix build failures when in setuid mode and unprivileged user namespaces are unavailable and the --fakeroot option is not selected. - updated to 1.2.1 to fix CVE-2023-38496 although not relevant as package is compiled with setuid - update to 1.2.0 with following changes: * binary is built reproducible which disables plugins * Create the current working directory in a container when it doesn't exist. This restores behavior as it was before singularity 3.6.0. As a result, using --no-mount home won't have any effect when running apptainer from a home directory and will require --no-mount home,cwd to avoid mounting that directory. * Handle current working directory paths containing symlinks both on the host and in a container but pointing to different destinations. If detected, the current working directory is not mounted when the destination directory in the container exists. * Destination mount points are now sorted by shortest path first to ensure that a user bind doesn't override a previous bind path when set in arbitrary order on the CLI. This is also applied to image binds. * When the kernel supports unprivileged overlay mounts in a user namespace, the container will be constructed by default using an overlay instead of an underlay layout for bind mounts. A new --underlay action option can be used to prefer underlay instead of overlay. * sessiondir maxsize in apptainer.conf now defaults to 64 MiB for new installations. This is an increase from 16 MiB in prior versions. * The apptainer cache is now architecture aware, so the same home directory cache can be shared by machines with different architectures. * Overlay is blocked on the panfs filesystem, allowing sandbox directories to be run from panfs without error. * Lookup and store user/group information in stage one prior to entering any namespaces, to fix an issue with winbind not correctly looking up user/group information when using user namespaces. - New features / functionalities * Support for unprivileged encryption of SIF files using gocryptfs. This is not compatible with privileged encryption, so containers encrypted by root need to be rebuilt by an unprivileged user. * Templating support for definition files. Users can now define variables in definition files via a matching pair of double curly brackets. Variables of the form {{ variable }} will be replaced by a value defined either by a variable=value entry in the %arguments section of the definition file or through new build options --build-arg or --build-arg-file. * Add a new instance run command that will execute the runscript when an instance is initiated instead of executing the startscript. * The sign and verify commands now support signing and verification with non-PGP key material by specifying the path to a private key via the --key flag. * The verify command now supports verification with X.509 certificates by specifying the path to a certificate via the --certificate flag. By default, the system root certificate pool is used as trust anchors unless overridden via the --certificate-roots flag. A pool of intermediate certificates that are not trust anchors, but can be used to form a certificate chain, can also be specified via the --certificate-intermediates flag. * Support for online verification checks of X.509 certificates using OCSP protocol via the new verify --ocsp-verify option. * The instance stats command displays the resource usage every second. The --no-stream option disables this interactive mode and shows the point-in-time usage. * Instances are now started in a cgroup by default, when run as root or when unified cgroups v2 with systemd as manager is configured. This allows apptainer instance stats to be supported by default when possible. * The instance start command now accepts an optional --app <name> argument which invokes a start script within the %appstart <name> section in the definition file. The instance stop command still only requires the instance name. * The instance name is now available inside an instance via the new APPTAINER_INSTANCE environment variable. * The --no-mount flag now accepts the value bind-paths to disable mounting of all bind path entries in apptainer.conf. Support for DOCKER_HOST parsing when using docker-daemon:// DOCKER_USERNAME and DOCKER_PASSWORD supported without APPTAINER_ prefix. Add new Linux capabilities CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE. * The remote get-login-password command allows users to retrieve a remote's token. This enables piping the secret directly into docker login while preventing it from showing up in a shell's history. * Define EUID in %environment alongside UID. * In --rocm mode, the whole of /dev/dri is now bound into the container when --contain is in use. This makes /dev/dri/render devices available, required for later ROCm versions. - update to 1.1.9 with following changes: * Remove warning about unknown xino=on option from fuse-overlayfs, introduced in 1.1.8. * Ignore extraneous warning from fuse-overlayfs about a readonly /proc. * Fix dropped "n" characters on some platforms in definition file stored as part of SIF metadata. * Remove duplicated group ids. * Fix not being able to handle multiple entries in LD_PRELOAD when binding fakeroot into container during apptainer startup for --fakeroot with fakeroot command. - Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root installations of Apptainer iwhich was not active in the recent openSUSE packages. Still this is included for completenss. The fix adds allow setuid-mount configuration options encrypted, squashfs, and extfs, and makes the default for extfs be "no". That disables the use of extfs mounts including for overlays or binds while in the setuid-root mode, while leaving it enabled for unprivileged user namespace mode. The default for encrypted and squashfs is "yes". - Other bug fixes: * Fix loop device 'no such device or address' spurious errors when using shared loop devices. * Add xino=on mount option for writable kernel overlay mount points to fix inode numbers consistency after kernel cache flush (not applicable to fuse-overlayfs). - updated to 1.1.7 with following changes: * Allow gpu options such as --nv to be nested by always inheriting all libraries bound in to a parent container's /.singularity.d/libs. * Map the user's home directory to the root home directory by default in the non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both action commands and building containers from definition files. * Make the error message more helpful in another place where a remote is found to have no library client. * Avoid incorrect error when requesting fakeroot network. * Pass computed LD_LIBRARY_PATH to wrapped unsquashfs. Fixes issues where unsquashfs on host uses libraries in non-default paths. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-244=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): libsquashfuse0-0.5.0-bp155.2.1 libsquashfuse0-debuginfo-0.5.0-bp155.2.1 squashfuse-0.5.0-bp155.2.1 squashfuse-debuginfo-0.5.0-bp155.2.1 squashfuse-debugsource-0.5.0-bp155.2.1 squashfuse-devel-0.5.0-bp155.2.1 squashfuse-tools-0.5.0-bp155.2.1 squashfuse-tools-debuginfo-0.5.0-bp155.2.1 - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): apptainer-1.3.0-bp155.3.3.2 - openSUSE Backports SLE-15-SP5 (noarch): apptainer-leap-1.3.0-bp155.3.3.2 apptainer-sle15_5-1.3.0-bp155.3.3.2 apptainer-sle15_6-1.3.0-bp155.3.3.2 References: https://www.suse.com/security/cve/CVE-2023-30549.html https://www.suse.com/security/cve/CVE-2023-38496.html https://www.suse.com/security/cve/CVE-2024-3727.html https://bugzilla.suse.com/1221364 https://bugzilla.suse.com/1224114

1 0

openSUSE-SU-2024:0243-1: important: Security update for python-aiosmtpd
by opensuse-security＠opensuse.org 16 Aug '24

16 Aug '24

openSUSE Security Update: Security update for python-aiosmtpd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0243-1 Rating: important References: #1221328 #1224467 Cross-References: CVE-2024-27305 CVE-2024-34083 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-aiosmtpd fixes the following issues: - CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS (boo#1224467) - CVE-2024-27305: Fixed SMTP smuggling (boo#1221328) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-243=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python3-aiosmtpd-1.2.1-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-27305.html https://www.suse.com/security/cve/CVE-2024-34083.html https://bugzilla.suse.com/1221328 https://bugzilla.suse.com/1224467

1 0

openSUSE-SU-2024:0242-1: important: Security update for opera
by opensuse-security＠opensuse.org 15 Aug '24

15 Aug '24

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0242-1 Rating: important References: Cross-References: CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 Affected Products: openSUSE Leap 15.6:NonFree ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 112.0.5197.53 * CHR-9814 Update Chromium on desktop-stable-126-5197 to 126.0.6478.226 * DNA-116974 Site settings popup size not expanding causing display issues * DNA-117115 Tab islands are extending partially after Workspace change * DNA-117708 H.264 SW decoding only possible if HW decoding is possible * DNA-117792 Crash at content::RenderWidgetHostImpl:: ForwardMouseEventWithLatencyInfo(blink:: WebMouseEvent const&, ui::LatencyInfo const&) - The update to chromium >= 126.0.6478.182 fixes following issues: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 - Update to 112.0.5197.30 * CHR-9416 Updating Chromium on desktop-stable-* branches Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.6:NonFree: zypper in -t patch openSUSE-2024-242=1 Package List: - openSUSE Leap 15.6:NonFree (x86_64): opera-112.0.5197.53-lp156.2.14.1 References: https://www.suse.com/security/cve/CVE-2024-6772.html https://www.suse.com/security/cve/CVE-2024-6773.html https://www.suse.com/security/cve/CVE-2024-6774.html https://www.suse.com/security/cve/CVE-2024-6775.html https://www.suse.com/security/cve/CVE-2024-6776.html https://www.suse.com/security/cve/CVE-2024-6777.html https://www.suse.com/security/cve/CVE-2024-6778.html https://www.suse.com/security/cve/CVE-2024-6779.html

1 0

SUSE-SU-2024:2933-1: moderate: Security update for openssl-1_1
by OPENSUSE-SECURITY-UPDATES 15 Aug '24

15 Aug '24

# Security update for openssl-1_1 Announcement ID: SUSE-SU-2024:2933-1 Rating: moderate References: * bsc#1225907 * bsc#1226463 * bsc#1227138 Cross-References: * CVE-2024-5535 CVSS scores: * CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: \- Build with no-afalgeng. (bsc#1226463) \- Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2933=1 openSUSE-SLE-15.6-2024-2933=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2933=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2933=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-2933=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-1_1-devel-1.1.1w-150600.5.6.1 * libopenssl1_1-debuginfo-1.1.1w-150600.5.6.1 * openssl-1_1-1.1.1w-150600.5.6.1 * libopenssl1_1-1.1.1w-150600.5.6.1 * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 * openSUSE Leap 15.6 (x86_64) * libopenssl1_1-32bit-1.1.1w-150600.5.6.1 * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.6.1 * libopenssl-1_1-devel-32bit-1.1.1w-150600.5.6.1 * openSUSE Leap 15.6 (noarch) * openssl-1_1-doc-1.1.1w-150600.5.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.6.1 * libopenssl1_1-64bit-1.1.1w-150600.5.6.1 * libopenssl-1_1-devel-64bit-1.1.1w-150600.5.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1w-150600.5.6.1 * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 * libopenssl1_1-debuginfo-1.1.1w-150600.5.6.1 * Basesystem Module 15-SP6 (x86_64) * libopenssl1_1-32bit-1.1.1w-150600.5.6.1 * libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1w-150600.5.6.1 * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150600.5.6.1 * openssl-1_1-1.1.1w-150600.5.6.1 * openssl-1_1-debuginfo-1.1.1w-150600.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1225907 * https://bugzilla.suse.com/show_bug.cgi?id=1226463 * https://bugzilla.suse.com/show_bug.cgi?id=1227138

1 0

SUSE-SU-2024:2905-1: important: Security update for webkit2gtk3
by OPENSUSE-SECURITY-UPDATES 14 Aug '24

14 Aug '24

# Security update for webkit2gtk3 Announcement ID: SUSE-SU-2024:2905-1 Rating: important References: * bsc#1228613 * bsc#1228693 * bsc#1228694 * bsc#1228695 Cross-References: * CVE-2024-40776 * CVE-2024-40779 * CVE-2024-40780 * CVE-2024-40782 CVSS scores: * CVE-2024-40776 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-40776 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2024-40779 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40780 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40782 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: * CVE-2024-40776: Fixed a use-after-free issue with improved memory management (bsc#1228613). * CVE-2024-40779: Fixed a out-of-bounds read with improved bounds checking (bsc#1228693). * CVE-2024-40780: Fixed another out-of-bounds read with improved bounds checking (bsc#1228694). * CVE-2024-40782: Fixed a second use-after-free issue with improved memory management (bsc#1228695). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2905=1 openSUSE-SLE-15.6-2024-2905=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2905=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2905=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2905=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-4.0-lang-2.44.2-150600.12.6.1 * WebKitGTK-6.0-lang-2.44.2-150600.12.6.1 * WebKitGTK-4.1-lang-2.44.2-150600.12.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk3-soup2-minibrowser-2.44.2-150600.12.6.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_1-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk3-minibrowser-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-2.44.2-150600.12.6.1 * typelib-1_0-WebKit-6_0-2.44.2-150600.12.6.1 * webkit2gtk4-devel-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-devel-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-2.44.2-150600.12.6.1 * webkit-jsc-4-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-6_0-1-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk4-minibrowser-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_0-2.44.2-150600.12.6.1 * webkit2gtk4-debugsource-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk3-debugsource-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-2.44.2-150600.12.6.1 * webkit2gtk3-minibrowser-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk4-minibrowser-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_0-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * webkit-jsc-4.1-2.44.2-150600.12.6.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-6_0-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-debugsource-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.2-150600.12.6.1 * webkit-jsc-4.1-debuginfo-2.44.2-150600.12.6.1 * webkit-jsc-6.0-2.44.2-150600.12.6.1 * webkit-jsc-6.0-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * webkit-jsc-4-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_1-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_1-2.44.2-150600.12.6.1 * webkit2gtk3-devel-2.44.2-150600.12.6.1 * openSUSE Leap 15.6 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-32bit-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-32bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-32bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-32bit-2.44.2-150600.12.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-64bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-64bit-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-64bit-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-64bit-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.44.2-150600.12.6.1 * Basesystem Module 15-SP6 (noarch) * WebKitGTK-4.0-lang-2.44.2-150600.12.6.1 * WebKitGTK-6.0-lang-2.44.2-150600.12.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_0-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-devel-2.44.2-150600.12.6.1 * webkit2gtk4-debugsource-2.44.2-150600.12.6.1 * libjavascriptcoregtk-6_0-1-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_0-18-2.44.2-150600.12.6.1 * libwebkitgtk-6_0-4-2.44.2-150600.12.6.1 * webkitgtk-6_0-injected-bundles-2.44.2-150600.12.6.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_0-2.44.2-150600.12.6.1 * webkit2gtk3-soup2-debugsource-2.44.2-150600.12.6.1 * Desktop Applications Module 15-SP6 (noarch) * WebKitGTK-4.1-lang-2.44.2-150600.12.6.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_1-0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-4_1-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-2.44.2-150600.12.6.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-2.44.2-150600.12.6.1 * webkit2gtk3-debugsource-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2WebExtension-4_1-2.44.2-150600.12.6.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.44.2-150600.12.6.1 * libwebkit2gtk-4_1-0-debuginfo-2.44.2-150600.12.6.1 * typelib-1_0-WebKit2-4_1-2.44.2-150600.12.6.1 * webkit2gtk3-devel-2.44.2-150600.12.6.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit-6_0-2.44.2-150600.12.6.1 * typelib-1_0-JavaScriptCore-6_0-2.44.2-150600.12.6.1 * webkit2gtk4-devel-2.44.2-150600.12.6.1 * webkit2gtk4-debugsource-2.44.2-150600.12.6.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.44.2-150600.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40776.html * https://www.suse.com/security/cve/CVE-2024-40779.html * https://www.suse.com/security/cve/CVE-2024-40780.html * https://www.suse.com/security/cve/CVE-2024-40782.html * https://bugzilla.suse.com/show_bug.cgi?id=1228613 * https://bugzilla.suse.com/show_bug.cgi?id=1228693 * https://bugzilla.suse.com/show_bug.cgi?id=1228694 * https://bugzilla.suse.com/show_bug.cgi?id=1228695

1 0

SUSE-SU-2024:2891-1: moderate: Security update for openssl-1_1
by OPENSUSE-SECURITY-UPDATES 13 Aug '24

13 Aug '24

# Security update for openssl-1_1 Announcement ID: SUSE-SU-2024:2891-1 Rating: moderate References: * bsc#1226463 * bsc#1227138 Cross-References: * CVE-2024-5535 CVSS scores: * CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: \- Build with no-afalgeng (bsc#1226463) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-2891=1 openSUSE-SLE-15.5-2024-2891=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2891=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2891=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2891=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.34.1 * libopenssl1_1-32bit-1.1.1l-150500.17.34.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.34.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.34.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.34.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.34.1 * libopenssl1_1-64bit-1.1.1l-150500.17.34.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.34.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.34.1 * openssl-1_1-debugsource-1.1.1l-150500.17.34.1 * libopenssl1_1-1.1.1l-150500.17.34.1 * libopenssl-1_1-devel-1.1.1l-150500.17.34.1 * openssl-1_1-1.1.1l-150500.17.34.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.34.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.34.1 * libopenssl1_1-32bit-1.1.1l-150500.17.34.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1226463 * https://bugzilla.suse.com/show_bug.cgi?id=1227138

1 0

SUSE-SU-2024:2869-1: important: Security update for ca-certificates-mozilla
by OPENSUSE-SECURITY-UPDATES 09 Aug '24

09 Aug '24

# Security update for ca-certificates-mozilla Announcement ID: SUSE-SU-2024:2869-1 Rating: important References: * bsc#1220356 * bsc#1227525 Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two security fixes can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) * Added: FIRMAPROFESIONAL CA ROOT-A WEB * Distrust: GLOBALTRUST 2020 * Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: * CommScope Public Trust ECC Root-01 * CommScope Public Trust ECC Root-02 * CommScope Public Trust RSA Root-01 * CommScope Public Trust RSA Root-02 * D-Trust SBR Root CA 1 2022 * D-Trust SBR Root CA 2 2022 * Telekom Security SMIME ECC Root 2021 * Telekom Security SMIME RSA Root 2023 * Telekom Security TLS ECC Root 2020 * Telekom Security TLS RSA Root 2023 * TrustAsia Global Root CA G3 * TrustAsia Global Root CA G4 Removed: * Autoridad de Certificacion Firmaprofesional CIF A62634068 * Chambers of Commerce Root - 2008 * Global Chambersign Root - 2008 * Security Communication Root CA * Symantec Class 1 Public Primary Certification Authority - G6 * Symantec Class 2 Public Primary Certification Authority - G6 * TrustCor ECA-1 * TrustCor RootCert CA-1 * TrustCor RootCert CA-2 * VeriSign Class 1 Public Primary Certification Authority - G3 * VeriSign Class 2 Public Primary Certification Authority - G3 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2869=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2869=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2869=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2869=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2869=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2869=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2869=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2869=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2869=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2869=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2869=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2869=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2869=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2869=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2869=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2869=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2869=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2869=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2869=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2869=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2869=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2869=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2869=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2869=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2869=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2869=1 ## Package List: * openSUSE Leap Micro 5.5 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * openSUSE Leap 15.5 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * openSUSE Leap 15.6 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * Basesystem Module 15-SP5 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * Basesystem Module 15-SP6 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * Development Tools Module 15-SP5 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * Development Tools Module 15-SP6 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Manager Proxy 4.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Manager Server 4.3 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Enterprise Storage 7.1 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * ca-certificates-mozilla-prebuilt-2.68-150200.33.1 * ca-certificates-mozilla-2.68-150200.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1220356 * https://bugzilla.suse.com/show_bug.cgi?id=1227525

1 0

SUSE-SU-2024:2785-1: moderate: Security update for kernel-firmware
by OPENSUSE-SECURITY-UPDATES 06 Aug '24

06 Aug '24

# Security update for kernel-firmware Announcement ID: SUSE-SU-2024:2785-1 Rating: moderate References: * bsc#1225600 * bsc#1225601 Cross-References: * CVE-2023-38417 * CVE-2023-47210 CVSS scores: * CVE-2023-38417 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47210 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for kernel-firmware fixes the following issues: Update to version 20240728: * amdgpu: update DMCUB to v0.0.227.0 for DCN35 and DCN351 * Revert "iwlwifi: update ty/So/Ma firmwares for core89-58 release" * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: add gl FW for core89-58 release * iwlwifi: update ty/So/Ma firmwares for core89-58 release * iwlwifi: update cc/Qu/QuZ firmwares for core89-58 release * mediatek: Update mt8195 SOF firmware and sof-tplg * ASoC: tas2781: fix the license issue for tas781 firmware * rtl_bt: Update RTL8852B BT USB FW to 0x048F_4008 * i915: Update Xe2LPD DMC to v2.21 * qcom: move signed x1e80100 signed firmware to the SoC subdir * qcom: add video firmware file for vpu-3.0 * intel: avs: Add topology file for I2S Analog Devices 4567 * intel: avs: Add topology file for I2S Nuvoton 8825 * intel: avs: Add topology file for I2S Maxim 98927 * intel: avs: Add topology file for I2S Maxim 98373 * intel: avs: Add topology file for I2S Maxim 98357a * intel: avs: Add topology file for I2S Dialog 7219 * intel: avs: Add topology file for I2S Realtek 5663 * intel: avs: Add topology file for I2S Realtek 5640 * intel: avs: Add topology file for I2S Realtek 5514 * intel: avs: Add topology file for I2S Realtek 298 * intel: avs: Add topology file for I2S Realtek 286 * intel: avs: Add topology file for I2S Realtek 274 * intel: avs: Add topology file for Digital Microphone Array * intel: avs: Add topology file for HDMI codecs * intel: avs: Add topology file for HDAudio codecs * intel: avs: Update AudioDSP base firmware for APL-based platforms ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2785=1 openSUSE-SLE-15.6-2024-2785=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2785=1 ## Package List: * openSUSE Leap 15.6 (noarch) * kernel-firmware-marvell-20240728-150600.3.6.1 * kernel-firmware-iwlwifi-20240728-150600.3.6.1 * kernel-firmware-nfp-20240728-150600.3.6.1 * kernel-firmware-ath10k-20240728-150600.3.6.1 * kernel-firmware-ueagle-20240728-150600.3.6.1 * kernel-firmware-bluetooth-20240728-150600.3.6.1 * kernel-firmware-network-20240728-150600.3.6.1 * kernel-firmware-usb-network-20240728-150600.3.6.1 * kernel-firmware-qlogic-20240728-150600.3.6.1 * kernel-firmware-brcm-20240728-150600.3.6.1 * kernel-firmware-ti-20240728-150600.3.6.1 * kernel-firmware-mediatek-20240728-150600.3.6.1 * kernel-firmware-20240728-150600.3.6.1 * kernel-firmware-dpaa2-20240728-150600.3.6.1 * kernel-firmware-radeon-20240728-150600.3.6.1 * kernel-firmware-liquidio-20240728-150600.3.6.1 * kernel-firmware-ath12k-20240728-150600.3.6.1 * kernel-firmware-i915-20240728-150600.3.6.1 * kernel-firmware-serial-20240728-150600.3.6.1 * kernel-firmware-bnx2-20240728-150600.3.6.1 * kernel-firmware-ath11k-20240728-150600.3.6.1 * kernel-firmware-platform-20240728-150600.3.6.1 * kernel-firmware-prestera-20240728-150600.3.6.1 * kernel-firmware-nvidia-20240728-150600.3.6.1 * kernel-firmware-qcom-20240728-150600.3.6.1 * kernel-firmware-mwifiex-20240728-150600.3.6.1 * kernel-firmware-realtek-20240728-150600.3.6.1 * kernel-firmware-all-20240728-150600.3.6.1 * kernel-firmware-media-20240728-150600.3.6.1 * kernel-firmware-amdgpu-20240728-150600.3.6.1 * ucode-amd-20240728-150600.3.6.1 * kernel-firmware-intel-20240728-150600.3.6.1 * kernel-firmware-mellanox-20240728-150600.3.6.1 * kernel-firmware-atheros-20240728-150600.3.6.1 * kernel-firmware-chelsio-20240728-150600.3.6.1 * kernel-firmware-sound-20240728-150600.3.6.1 * Basesystem Module 15-SP6 (noarch) * kernel-firmware-marvell-20240728-150600.3.6.1 * kernel-firmware-iwlwifi-20240728-150600.3.6.1 * kernel-firmware-nfp-20240728-150600.3.6.1 * kernel-firmware-ath10k-20240728-150600.3.6.1 * kernel-firmware-ueagle-20240728-150600.3.6.1 * kernel-firmware-bluetooth-20240728-150600.3.6.1 * kernel-firmware-network-20240728-150600.3.6.1 * kernel-firmware-usb-network-20240728-150600.3.6.1 * kernel-firmware-qlogic-20240728-150600.3.6.1 * kernel-firmware-brcm-20240728-150600.3.6.1 * kernel-firmware-ti-20240728-150600.3.6.1 * kernel-firmware-mediatek-20240728-150600.3.6.1 * kernel-firmware-dpaa2-20240728-150600.3.6.1 * kernel-firmware-radeon-20240728-150600.3.6.1 * kernel-firmware-liquidio-20240728-150600.3.6.1 * kernel-firmware-ath12k-20240728-150600.3.6.1 * kernel-firmware-i915-20240728-150600.3.6.1 * kernel-firmware-serial-20240728-150600.3.6.1 * kernel-firmware-bnx2-20240728-150600.3.6.1 * kernel-firmware-ath11k-20240728-150600.3.6.1 * kernel-firmware-platform-20240728-150600.3.6.1 * kernel-firmware-prestera-20240728-150600.3.6.1 * kernel-firmware-nvidia-20240728-150600.3.6.1 * kernel-firmware-qcom-20240728-150600.3.6.1 * kernel-firmware-mwifiex-20240728-150600.3.6.1 * kernel-firmware-realtek-20240728-150600.3.6.1 * kernel-firmware-all-20240728-150600.3.6.1 * kernel-firmware-media-20240728-150600.3.6.1 * kernel-firmware-amdgpu-20240728-150600.3.6.1 * ucode-amd-20240728-150600.3.6.1 * kernel-firmware-intel-20240728-150600.3.6.1 * kernel-firmware-mellanox-20240728-150600.3.6.1 * kernel-firmware-atheros-20240728-150600.3.6.1 * kernel-firmware-chelsio-20240728-150600.3.6.1 * kernel-firmware-sound-20240728-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38417.html * https://www.suse.com/security/cve/CVE-2023-47210.html * https://bugzilla.suse.com/show_bug.cgi?id=1225600 * https://bugzilla.suse.com/show_bug.cgi?id=1225601

1 0