openSUSE Updates
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
February 2022
- 2 participants
- 134 discussions
openSUSE-RU-2022:0070-2: moderate: Recommended update for python-configshell-fb
by maintenance@opensuse.org 14 Feb '22
by maintenance@opensuse.org 14 Feb '22
14 Feb '22
openSUSE Recommended Update: Recommended update for python-configshell-fb
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:0070-2
Rating: moderate
References: SLE-17360
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that has 0 recommended fixes and contains one
feature can now be installed.
Description:
This update for python-configshell-fb fixes the following issues:
- Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360):
* setup.py: specify a version range for pyparsing
* setup.py: lets stick to pyparsing v2.4.7
* Don't warn if prefs file doesn't exist
- Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360):
* version 1.1.28
* Ensure that all output reaches the client when daemonized
* Remove Epydoc markup from command messages
* Remove epydoc imports and epydoc calls
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-70=1
Package List:
- openSUSE Leap 15.4 (noarch):
python2-configshell-fb-1.1.29-3.3.1
python3-configshell-fb-1.1.29-3.3.1
References:
1
0
openSUSE-RU-2022:0373-1: moderate: Recommended update for rpmlint
by maintenance@opensuse.org 14 Feb '22
by maintenance@opensuse.org 14 Feb '22
14 Feb '22
openSUSE Recommended Update: Recommended update for rpmlint
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:0373-1
Rating: moderate
References: #1195491 #1195548 #1195662
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that has three recommended fixes can now be
installed.
Description:
This update for rpmlint fixes the following issues:
- Whitelisting `kdenetwork-filesharing`. (bsc#1195548)
- Whitelisting of `powerdevil5`. (bsc#1195662)
- Whitelisting of `plasma5-disks`. (bsc#1195491)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-373=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-373=1
Package List:
- openSUSE Leap 15.4 (noarch):
rpmlint-1.10-7.38.1
- openSUSE Leap 15.3 (noarch):
rpmlint-1.10-7.38.1
References:
https://bugzilla.suse.com/1195491
https://bugzilla.suse.com/1195548
https://bugzilla.suse.com/1195662
1
0
openSUSE-SU-2022:0375-1: moderate: Security update for wireshark
by opensuse-security@opensuse.org 14 Feb '22
by opensuse-security@opensuse.org 14 Feb '22
14 Feb '22
openSUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0375-1
Rating: moderate
References: #1194166 #1194167 #1194168 #1194169 #1194170
#1194171 #1194780 SLE-18727
Cross-References: CVE-2021-4181 CVE-2021-4182 CVE-2021-4183
CVE-2021-4184 CVE-2021-4185 CVE-2021-4190
CVSS scores:
CVE-2021-4181 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4181 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-4182 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4182 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-4183 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4183 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-4184 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4184 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-4185 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4185 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-4190 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4190 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 6 vulnerabilities, contains one
feature and has one errata is now available.
Description:
This update for wireshark fixes the following issues:
Update to version 3.6.1:
- CVE-2021-4185: RTMPT dissector infinite loop (bsc#1194166)
- CVE-2021-4184: BitTorrent DHT dissector infinite loop (bsc#1194167)
- CVE-2021-4183: pcapng file parser crash (bsc#1194168)
- CVE-2021-4182: RFC 7468 file parser infinite loop (bsc#1194169)
- CVE-2021-4181: Sysdig Event dissector crash (bsc#1194170)
- CVE-2021-4190: Kafka dissector infinite loop (bsc#1194171)
- Support for Shared Memory Communications (SMC) (jsc#SLE-18727)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-375=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libvirt-7.1.0-150300.6.23.1
libvirt-admin-7.1.0-150300.6.23.1
libvirt-admin-debuginfo-7.1.0-150300.6.23.1
libvirt-client-7.1.0-150300.6.23.1
libvirt-client-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-7.1.0-150300.6.23.1
libvirt-daemon-config-network-7.1.0-150300.6.23.1
libvirt-daemon-config-nwfilter-7.1.0-150300.6.23.1
libvirt-daemon-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-interface-7.1.0-150300.6.23.1
libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-lxc-7.1.0-150300.6.23.1
libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-network-7.1.0-150300.6.23.1
libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-nodedev-7.1.0-150300.6.23.1
libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-nwfilter-7.1.0-150300.6.23.1
libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-qemu-7.1.0-150300.6.23.1
libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-secret-7.1.0-150300.6.23.1
libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-core-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-disk-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-gluster-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-gluster-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-logical-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-hooks-7.1.0-150300.6.23.1
libvirt-daemon-lxc-7.1.0-150300.6.23.1
libvirt-daemon-qemu-7.1.0-150300.6.23.1
libvirt-debugsource-7.1.0-150300.6.23.1
libvirt-devel-7.1.0-150300.6.23.1
libvirt-libs-7.1.0-150300.6.23.1
libvirt-libs-debuginfo-7.1.0-150300.6.23.1
libvirt-lock-sanlock-7.1.0-150300.6.23.1
libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.23.1
libvirt-nss-7.1.0-150300.6.23.1
libvirt-nss-debuginfo-7.1.0-150300.6.23.1
libwireshark15-3.6.1-3.68.1
libwireshark15-debuginfo-3.6.1-3.68.1
libwiretap12-3.6.1-3.68.1
libwiretap12-debuginfo-3.6.1-3.68.1
libwsutil13-3.6.1-3.68.1
libwsutil13-debuginfo-3.6.1-3.68.1
wireshark-3.6.1-3.68.1
wireshark-debuginfo-3.6.1-3.68.1
wireshark-debugsource-3.6.1-3.68.1
wireshark-devel-3.6.1-3.68.1
wireshark-plugin-libvirt-7.1.0-150300.6.23.1
wireshark-plugin-libvirt-debuginfo-7.1.0-150300.6.23.1
wireshark-ui-qt-3.6.1-3.68.1
wireshark-ui-qt-debuginfo-3.6.1-3.68.1
- openSUSE Leap 15.3 (aarch64 x86_64):
libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.23.1
libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.23.1
- openSUSE Leap 15.3 (x86_64):
libvirt-client-32bit-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-driver-libxl-7.1.0-150300.6.23.1
libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.23.1
libvirt-daemon-xen-7.1.0-150300.6.23.1
libvirt-devel-32bit-7.1.0-150300.6.23.1
- openSUSE Leap 15.3 (noarch):
libvirt-bash-completion-7.1.0-150300.6.23.1
libvirt-doc-7.1.0-150300.6.23.1
References:
https://www.suse.com/security/cve/CVE-2021-4181.html
https://www.suse.com/security/cve/CVE-2021-4182.html
https://www.suse.com/security/cve/CVE-2021-4183.html
https://www.suse.com/security/cve/CVE-2021-4184.html
https://www.suse.com/security/cve/CVE-2021-4185.html
https://www.suse.com/security/cve/CVE-2021-4190.html
https://bugzilla.suse.com/1194166
https://bugzilla.suse.com/1194167
https://bugzilla.suse.com/1194168
https://bugzilla.suse.com/1194169
https://bugzilla.suse.com/1194170
https://bugzilla.suse.com/1194171
https://bugzilla.suse.com/1194780
1
0
openSUSE-SU-2022:0141-2: moderate: Security update for permissions
by opensuse-security@opensuse.org 14 Feb '22
by opensuse-security@opensuse.org 14 Feb '22
14 Feb '22
openSUSE Security Update: Security update for permissions
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0141-2
Rating: moderate
References: #1169614
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for permissions fixes the following issues:
- Update to version 20181225: setuid bit for cockpit session binary
(bsc#1169614).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-141=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
permissions-20181225-23.12.1
permissions-debuginfo-20181225-23.12.1
permissions-debugsource-20181225-23.12.1
- openSUSE Leap 15.4 (noarch):
permissions-zypp-plugin-20181225-23.12.1
References:
https://bugzilla.suse.com/1169614
1
0
openSUSE-RU-2022:0087-2: moderate: Recommended update for go1.16
by maintenance@opensuse.org 14 Feb '22
by maintenance@opensuse.org 14 Feb '22
14 Feb '22
openSUSE Recommended Update: Recommended update for go1.16
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:0087-2
Rating: moderate
References: #1182345
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for go1.16 fixes the following issues:
Update to go1.16.13 (bsc#1182345)
- it includes fixes to the compiler, linker, runtime, and the net/http
package.
* x/net/http2: `http.Server.WriteTimeout` does not fire if the http2
stream's window is out of space.
* runtime/race: building for iOS, but linking in object file built for
macOS
* runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey
* runtime: mallocs cause "base outside usable address space" panic when
running on iOS 14
* cmd/link: does not set section type of `.init_array` correctly
* cmd/link: support more load commands on `Mach-O`
* cmd/compile: internal compiler error: `Op...LECall and OpDereference
have mismatched mem`
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-87=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.16-1.16.13-1.40.1
go1.16-doc-1.16.13-1.40.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.16-race-1.16.13-1.40.1
References:
https://bugzilla.suse.com/1182345
1
0
openSUSE-SU-2022:0062-2: important: Security update for openexr
by opensuse-security@opensuse.org 14 Feb '22
by opensuse-security@opensuse.org 14 Feb '22
14 Feb '22
openSUSE Security Update: Security update for openexr
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0062-2
Rating: important
References: #1194333
Cross-References: CVE-2021-45942
CVSS scores:
CVE-2021-45942 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openexr fixes the following issues:
- CVE-2021-45942: Fixed heap-based buffer overflow in
Imf_3_1:LineCompositeTask:execute. (bsc#1194333)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-62=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libIlmImf-2_2-23-2.2.1-3.41.1
libIlmImf-2_2-23-debuginfo-2.2.1-3.41.1
libIlmImfUtil-2_2-23-2.2.1-3.41.1
libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.41.1
openexr-2.2.1-3.41.1
openexr-debuginfo-2.2.1-3.41.1
openexr-debugsource-2.2.1-3.41.1
openexr-devel-2.2.1-3.41.1
openexr-doc-2.2.1-3.41.1
- openSUSE Leap 15.4 (x86_64):
libIlmImf-2_2-23-32bit-2.2.1-3.41.1
libIlmImf-2_2-23-32bit-debuginfo-2.2.1-3.41.1
libIlmImfUtil-2_2-23-32bit-2.2.1-3.41.1
libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-3.41.1
References:
https://www.suse.com/security/cve/CVE-2021-45942.html
https://bugzilla.suse.com/1194333
1
0
openSUSE-SU-2022:0370-1: critical: Security update for the Linux Kernel
by opensuse-security@opensuse.org 11 Feb '22
by opensuse-security@opensuse.org 11 Feb '22
11 Feb '22
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0370-1
Rating: critical
References: #1154353 #1154488 #1156395 #1160634 #1176447
#1177599 #1183405 #1185377 #1187428 #1187723
#1188605 #1191881 #1193096 #1193506 #1193767
#1193802 #1193861 #1193864 #1193867 #1194048
#1194227 #1194291 #1194880 #1195009 #1195062
#1195065 #1195073 #1195183 #1195184 #1195254
#1195267 #1195293 #1195371 #1195476 #1195477
#1195478 #1195479 #1195480 #1195481 #1195482
Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648
CVE-2021-39657 CVE-2021-39685 CVE-2021-44733
CVE-2021-45095 CVE-2022-0286 CVE-2022-0330
CVE-2022-0435 CVE-2022-22942
CVSS scores:
CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 29 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that
validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store
(bsc#1194880).
- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa()
that may have lead to local denial of service (bnc#1195371).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy
(bsc#1195065).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c
in the TEE subsystem, that could have occured because of a race
condition in tee_shm_get_from_id during an attempt to free a shared
memory object (bnc#1193767).
- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large
endpoint 0 requests (bsc#1193802).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check
in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local
information disclosure with System execution privileges needed
(bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a
race condition in gadget_dev_desc_UDC_show of configfs.c. This could
lead to local information disclosure with System execution privileges
needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in
net/packet/af_packet.c that could have been exploited by a local user
through crafted syscalls to escalate privileges or deny service
(bnc#1195184).
- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that
mishandled software scrollback (bnc#1187723).
The following non-security bugs were fixed:
- ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in
acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
(git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a row
(git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
- ALSA: usb-audio: initialize variables that could ignore errors
(git-fixes).
- ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
(git-fixes).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
- ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period
bytes (git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
- Bluetooth: refactor malicious adv data check (git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
- HID: uhid: Fix worker destroying device without any protection
(git-fixes).
- HID: wacom: Reset expected and received contact counts at the same time
(git-fixes).
- IB/cm: Avoid a loop when device has 255 ports (git-fixes)
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- IB/isert: Fix a use after free in isert_connect_request (git-fixes)
- IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
- IB/mlx5: Add missing error code (git-fixes)
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
- IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- Input: wm97xx: Simplify resource management (git-fixes).
- NFS: Ensure the server had an up to date ctime before renaming
(git-fixes).
- NFSv4: Handle case where the lookup of a directory fails (git-fixes).
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file
(git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
(git-fixes).
- PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
- RDMA/addr: Be strict with gid size (git-fixes)
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal()
(git-fixes)
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
(git-fixes)
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- RDMA/core: Do not access cm_id after its destruction (git-fixes)
- RDMA/core: Do not indicate device ready when device enablement fails
(git-fixes)
- RDMA/core: Fix corrupted SL on passive side (git-fixes)
- RDMA/core: Unify RoCE check and re-factor code (git-fixes)
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening
server (git-fixes)
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
- RDMA/hns: Remove unnecessary access right set during INIT2INIT
(git-fixes)
- RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr()
(git-fixes)
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
- RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters()
(git-fixes)
- RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
- RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
- RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd()
(git-fixes)
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
- RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
- RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
- RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs
(git-fixes)
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
(git-fixes).
- USB: serial: mos7840: fix probe error handling (git-fixes).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
(git-fixes).
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in
__pata_platform_probe() (git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers (git-fixes).
- blk-cgroup: fix missing put device in error path from blkg_conf_pref()
(bsc#1195481).
- blk-mq: introduce blk_mq_set_request_complete (git-fixes).
- bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds() (bsc#1194227).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
(bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely
(bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
improperly (bsc#1195009).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
- dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before
registration (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/etnaviv: relax submit size limits (git-fixes).
- drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
(git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
(git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
(git-fixes).
- drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
(git-fixes).
- ext4: fix an use-after-free issue about data=journal writeback mode
(bsc#1195482).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: set csum seed in tmp inode while migrating to extents
(bsc#1195267).
- floppy: Add max size check for user space request (git-fixes).
- fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479).
- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
(git-fixes).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters (git-fixes).
- i2c: i801: Do not silently correct invalid transfer size (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- i40iw: Add support to make destroy QP synchronous (git-fixes)
- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
(git-fixes).
- media: igorplugusb: receiver overflow should be reported (git-fixes).
- media: m920x: do not use stack on USB reads (git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
hexium_attach() (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in
hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
(git-fixes).
- mlxsw: Only advertise link modes supported by both driver and device
(bsc#1154488).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
(git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
(git-fixes).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering
(jsc#SLE-8464).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- net/mlx5e: Protect encap route dev from concurrent release
(jsc#SLE-8464).
- net: allow retransmitting a TCP packet if original is still in queue
(bsc#1188605 bsc#1187428).
- net: bonding: fix bond_xmit_broadcast return value error bug
(bsc#1176447).
- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
- net: bridge: vlan: fix single net device option dumping (bsc#1176447).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless
qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc
(bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace
(bsc#1183405).
- net: sfp: fix high power modules without diagnostic monitoring
(bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind() (git-fixes).
- nvme-core: use list_add_tail_rcu instead of list_add_tail for
nvme_init_ns_head (git-fixes).
- nvme-fabrics: avoid double completions in nvmf_fail_nonready_command
(git-fixes).
- nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes).
- nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options
(git-fixes).
- nvme-tcp: fix data digest pointer calculation (git-fixes).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes).
- nvme-tcp: fix memory leak when freeing a queue (git-fixes).
- nvme-tcp: fix possible use-after-completion (git-fixes).
- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- nvme: fix use after free when disconnecting a reconnecting ctrl
(git-fixes).
- nvme: introduce a nvme_host_path_error helper (git-fixes).
- nvme: refactor ns->ctrl by request (git-fixes).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
(git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured
line (git-fixes).
- pinctrl: intel: fix unexpected interrupt (git-fixes).
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs
entry (bsc#1195183 ltc#193865).
- powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only
if PMI is pending (bsc#1156395).
- regulator: qcom_smd: Align probe function with rpmh-regulator
(git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
(git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
(git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes
(sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
- scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting
(git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset property
(git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice (git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync
(git-fixes).
- serial: pl010: Drop CR register reset on set_termios (git-fixes).
- serial: stm32: fix software flow control transfer (git-fixes).
- spi: bcm-qspi: check for valid cs before applying chip select
(git-fixes).
- spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes).
- spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes).
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- tty: Add support for Brainboxes UC cards (git-fixes).
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- udf: Fix NULL ptr deref when converting from inline format (bsc#1195476).
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
(git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
(git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
(git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- video: hyperv_fb: Fix validation of screen resolution (git-fixes).
- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
- workqueue: Fix unbind_workers() VS wq_worker_running() race
(bsc#1195062).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU
(git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-370=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-370=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.49.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
dlm-kmp-preempt-5.3.18-150300.59.49.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
gfs2-kmp-preempt-5.3.18-150300.59.49.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-5.3.18-150300.59.49.1
kernel-preempt-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-debugsource-5.3.18-150300.59.49.1
kernel-preempt-devel-5.3.18-150300.59.49.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-extra-5.3.18-150300.59.49.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.49.1
kernel-preempt-optional-5.3.18-150300.59.49.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.49.1
kselftests-kmp-preempt-5.3.18-150300.59.49.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
ocfs2-kmp-preempt-5.3.18-150300.59.49.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
reiserfs-kmp-preempt-5.3.18-150300.59.49.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.49.1
dtb-zte-5.3.18-150300.59.49.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.49.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.49.1
dlm-kmp-default-5.3.18-150300.59.49.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.49.1
gfs2-kmp-default-5.3.18-150300.59.49.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1
kernel-default-5.3.18-150300.59.49.1
kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1
kernel-default-base-rebuild-5.3.18-150300.59.49.1.150300.18.31.1
kernel-default-debuginfo-5.3.18-150300.59.49.1
kernel-default-debugsource-5.3.18-150300.59.49.1
kernel-default-devel-5.3.18-150300.59.49.1
kernel-default-devel-debuginfo-5.3.18-150300.59.49.1
kernel-default-extra-5.3.18-150300.59.49.1
kernel-default-extra-debuginfo-5.3.18-150300.59.49.1
kernel-default-livepatch-5.3.18-150300.59.49.1
kernel-default-livepatch-devel-5.3.18-150300.59.49.1
kernel-default-optional-5.3.18-150300.59.49.1
kernel-default-optional-debuginfo-5.3.18-150300.59.49.1
kernel-obs-build-5.3.18-150300.59.49.1
kernel-obs-build-debugsource-5.3.18-150300.59.49.1
kernel-obs-qa-5.3.18-150300.59.49.1
kernel-syms-5.3.18-150300.59.49.1
kselftests-kmp-default-5.3.18-150300.59.49.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.49.1
ocfs2-kmp-default-5.3.18-150300.59.49.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.49.1
reiserfs-kmp-default-5.3.18-150300.59.49.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.49.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.49.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
dlm-kmp-preempt-5.3.18-150300.59.49.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
gfs2-kmp-preempt-5.3.18-150300.59.49.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-5.3.18-150300.59.49.1
kernel-preempt-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-debugsource-5.3.18-150300.59.49.1
kernel-preempt-devel-5.3.18-150300.59.49.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-extra-5.3.18-150300.59.49.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.49.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.49.1
kernel-preempt-optional-5.3.18-150300.59.49.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.49.1
kselftests-kmp-preempt-5.3.18-150300.59.49.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
ocfs2-kmp-preempt-5.3.18-150300.59.49.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
reiserfs-kmp-preempt-5.3.18-150300.59.49.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.49.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.49.1
kernel-debug-debuginfo-5.3.18-150300.59.49.1
kernel-debug-debugsource-5.3.18-150300.59.49.1
kernel-debug-devel-5.3.18-150300.59.49.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.49.1
kernel-debug-livepatch-devel-5.3.18-150300.59.49.1
kernel-kvmsmall-5.3.18-150300.59.49.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.49.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.49.1
kernel-kvmsmall-devel-5.3.18-150300.59.49.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.49.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.49.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.49.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.49.1
dlm-kmp-64kb-5.3.18-150300.59.49.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.49.1
dtb-al-5.3.18-150300.59.49.1
dtb-allwinner-5.3.18-150300.59.49.1
dtb-altera-5.3.18-150300.59.49.1
dtb-amd-5.3.18-150300.59.49.1
dtb-amlogic-5.3.18-150300.59.49.1
dtb-apm-5.3.18-150300.59.49.1
dtb-arm-5.3.18-150300.59.49.1
dtb-broadcom-5.3.18-150300.59.49.1
dtb-cavium-5.3.18-150300.59.49.1
dtb-exynos-5.3.18-150300.59.49.1
dtb-freescale-5.3.18-150300.59.49.1
dtb-hisilicon-5.3.18-150300.59.49.1
dtb-lg-5.3.18-150300.59.49.1
dtb-marvell-5.3.18-150300.59.49.1
dtb-mediatek-5.3.18-150300.59.49.1
dtb-nvidia-5.3.18-150300.59.49.1
dtb-qcom-5.3.18-150300.59.49.1
dtb-renesas-5.3.18-150300.59.49.1
dtb-rockchip-5.3.18-150300.59.49.1
dtb-socionext-5.3.18-150300.59.49.1
dtb-sprd-5.3.18-150300.59.49.1
dtb-xilinx-5.3.18-150300.59.49.1
dtb-zte-5.3.18-150300.59.49.1
gfs2-kmp-64kb-5.3.18-150300.59.49.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.49.1
kernel-64kb-5.3.18-150300.59.49.1
kernel-64kb-debuginfo-5.3.18-150300.59.49.1
kernel-64kb-debugsource-5.3.18-150300.59.49.1
kernel-64kb-devel-5.3.18-150300.59.49.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.49.1
kernel-64kb-extra-5.3.18-150300.59.49.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.49.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.49.1
kernel-64kb-optional-5.3.18-150300.59.49.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.49.1
kselftests-kmp-64kb-5.3.18-150300.59.49.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.49.1
ocfs2-kmp-64kb-5.3.18-150300.59.49.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.49.1
reiserfs-kmp-64kb-5.3.18-150300.59.49.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.49.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.49.1
kernel-docs-5.3.18-150300.59.49.1
kernel-docs-html-5.3.18-150300.59.49.1
kernel-macros-5.3.18-150300.59.49.1
kernel-source-5.3.18-150300.59.49.1
kernel-source-vanilla-5.3.18-150300.59.49.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.49.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.49.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.49.1
References:
https://www.suse.com/security/cve/CVE-2020-28097.html
https://www.suse.com/security/cve/CVE-2021-22600.html
https://www.suse.com/security/cve/CVE-2021-39648.html
https://www.suse.com/security/cve/CVE-2021-39657.html
https://www.suse.com/security/cve/CVE-2021-39685.html
https://www.suse.com/security/cve/CVE-2021-44733.html
https://www.suse.com/security/cve/CVE-2021-45095.html
https://www.suse.com/security/cve/CVE-2022-0286.html
https://www.suse.com/security/cve/CVE-2022-0330.html
https://www.suse.com/security/cve/CVE-2022-0435.html
https://www.suse.com/security/cve/CVE-2022-22942.html
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1154488
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1160634
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1177599
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1185377
https://bugzilla.suse.com/1187428
https://bugzilla.suse.com/1187723
https://bugzilla.suse.com/1188605
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1193096
https://bugzilla.suse.com/1193506
https://bugzilla.suse.com/1193767
https://bugzilla.suse.com/1193802
https://bugzilla.suse.com/1193861
https://bugzilla.suse.com/1193864
https://bugzilla.suse.com/1193867
https://bugzilla.suse.com/1194048
https://bugzilla.suse.com/1194227
https://bugzilla.suse.com/1194291
https://bugzilla.suse.com/1194880
https://bugzilla.suse.com/1195009
https://bugzilla.suse.com/1195062
https://bugzilla.suse.com/1195065
https://bugzilla.suse.com/1195073
https://bugzilla.suse.com/1195183
https://bugzilla.suse.com/1195184
https://bugzilla.suse.com/1195254
https://bugzilla.suse.com/1195267
https://bugzilla.suse.com/1195293
https://bugzilla.suse.com/1195371
https://bugzilla.suse.com/1195476
https://bugzilla.suse.com/1195477
https://bugzilla.suse.com/1195478
https://bugzilla.suse.com/1195479
https://bugzilla.suse.com/1195480
https://bugzilla.suse.com/1195481
https://bugzilla.suse.com/1195482
1
0
openSUSE-SU-2022:0363-1: critical: Security update for the Linux Kernel
by opensuse-security@opensuse.org 10 Feb '22
by opensuse-security@opensuse.org 10 Feb '22
10 Feb '22
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0363-1
Rating: critical
References: #1154353 #1154488 #1160634 #1176447 #1177599
#1183405 #1185377 #1187428 #1187723 #1188605
#1191881 #1193096 #1193506 #1193767 #1193802
#1193861 #1193864 #1193867 #1194048 #1194227
#1194291 #1194880 #1195009 #1195062 #1195065
#1195073 #1195183 #1195184 #1195254 #1195267
#1195293 #1195371
Cross-References: CVE-2020-28097 CVE-2021-22600 CVE-2021-39648
CVE-2021-39657 CVE-2021-39685 CVE-2021-4159
CVE-2021-44733 CVE-2021-45095 CVE-2022-0286
CVE-2022-0330 CVE-2022-0435 CVE-2022-22942
CVSS scores:
CVE-2020-28097 (NVD) : 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2020-28097 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-22600 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-22600 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-39685 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-0286 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0286 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0435 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 20 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that
validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store
(bsc#1194880).
- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa()
that may have lead to local denial of service (bnc#1195371).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy
(bsc#1195065).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c
in the TEE subsystem, that could have occured because of a race
condition in tee_shm_get_from_id during an attempt to free a shared
memory object (bnc#1193767).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check
in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local
information disclosure with System execution privileges needed
(bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a
race condition in gadget_dev_desc_UDC_show of configfs.c. This could
lead to local information disclosure with System execution privileges
needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in
net/packet/af_packet.c that could have been exploited by a local user
through crafted syscalls to escalate privileges or deny service
(bnc#1195184).
- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that
mishandled software scrollback (bnc#1187723).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in
coerce_reg_to_size (bsc#1194227).
The following security references were added to already fixed issues:
- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large
endpoint 0 requests (bsc#1193802).
The following non-security bugs were fixed:
- ACPI: battery: Add the ThinkPad "Not Charging" quirk (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in
acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
(git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a row
(git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
- HID: uhid: Fix worker destroying device without any protection
(git-fixes).
- HID: wacom: Reset expected and received contact counts at the same time
(git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
(git-fixes).
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
(git-fixes).
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in
__pata_platform_probe() (git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers (git-fixes).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check
(bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely
(bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
improperly (bsc#1195009).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before
registration (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/etnaviv: relax submit size limits (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
(git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
(git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
(git-fixes).
- drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
(git-fixes).
- ext4: set csum seed in tmp inode while migrating to extents
(bsc#1195267).
- floppy: Add max size check for user space request (git-fixes).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
(git-fixes).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters (git-fixes).
- i2c: i801: Do not silently correct invalid transfer size (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
(git-fixes).
- media: igorplugusb: receiver overflow should be reported (git-fixes).
- media: m920x: do not use stack on USB reads (git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in
hexium_attach() (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in
hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
(git-fixes).
- mlxsw: Only advertise link modes supported by both driver and device
(bsc#1154488).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
(git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
(git-fixes).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering
(jsc#SLE-8464).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- net/mlx5e: Protect encap route dev from concurrent release
(jsc#SLE-8464).
- net: allow retransmitting a TCP packet if original is still in queue
(bsc#1188605 bsc#1187428).
- net: bonding: fix bond_xmit_broadcast return value error bug
(bsc#1176447).
- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
- net: bridge: vlan: fix single net device option dumping (bsc#1176447).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless
qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc
(bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace
(bsc#1183405).
- net: sfp: fix high power modules without diagnostic monitoring
(bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed
bind() (git-fixes).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
(git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs
entry (bsc#1195183 ltc#193865).
- regulator: qcom_smd: Align probe function with rpmh-regulator
(git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes
(sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset property
(git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice (git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync
(git-fixes).
- serial: pl010: Drop CR register reset on set_termios (git-fixes).
- serial: stm32: fix software flow control transfer (git-fixes).
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
(git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
(git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- video: hyperv_fb: Fix validation of screen resolution (git-fixes).
- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
- workqueue: Fix unbind_workers() VS wq_worker_running() race
(bsc#1195062).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU
(git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-363=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.40.4
kernel-source-azure-5.3.18-150300.38.40.4
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.40.4
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.40.4
dlm-kmp-azure-5.3.18-150300.38.40.4
dlm-kmp-azure-debuginfo-5.3.18-150300.38.40.4
gfs2-kmp-azure-5.3.18-150300.38.40.4
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.40.4
kernel-azure-5.3.18-150300.38.40.4
kernel-azure-debuginfo-5.3.18-150300.38.40.4
kernel-azure-debugsource-5.3.18-150300.38.40.4
kernel-azure-devel-5.3.18-150300.38.40.4
kernel-azure-devel-debuginfo-5.3.18-150300.38.40.4
kernel-azure-extra-5.3.18-150300.38.40.4
kernel-azure-extra-debuginfo-5.3.18-150300.38.40.4
kernel-azure-livepatch-devel-5.3.18-150300.38.40.4
kernel-azure-optional-5.3.18-150300.38.40.4
kernel-azure-optional-debuginfo-5.3.18-150300.38.40.4
kernel-syms-azure-5.3.18-150300.38.40.1
kselftests-kmp-azure-5.3.18-150300.38.40.4
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.40.4
ocfs2-kmp-azure-5.3.18-150300.38.40.4
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.40.4
reiserfs-kmp-azure-5.3.18-150300.38.40.4
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.40.4
References:
https://www.suse.com/security/cve/CVE-2020-28097.html
https://www.suse.com/security/cve/CVE-2021-22600.html
https://www.suse.com/security/cve/CVE-2021-39648.html
https://www.suse.com/security/cve/CVE-2021-39657.html
https://www.suse.com/security/cve/CVE-2021-39685.html
https://www.suse.com/security/cve/CVE-2021-4159.html
https://www.suse.com/security/cve/CVE-2021-44733.html
https://www.suse.com/security/cve/CVE-2021-45095.html
https://www.suse.com/security/cve/CVE-2022-0286.html
https://www.suse.com/security/cve/CVE-2022-0330.html
https://www.suse.com/security/cve/CVE-2022-0435.html
https://www.suse.com/security/cve/CVE-2022-22942.html
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1154488
https://bugzilla.suse.com/1160634
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1177599
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1185377
https://bugzilla.suse.com/1187428
https://bugzilla.suse.com/1187723
https://bugzilla.suse.com/1188605
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1193096
https://bugzilla.suse.com/1193506
https://bugzilla.suse.com/1193767
https://bugzilla.suse.com/1193802
https://bugzilla.suse.com/1193861
https://bugzilla.suse.com/1193864
https://bugzilla.suse.com/1193867
https://bugzilla.suse.com/1194048
https://bugzilla.suse.com/1194227
https://bugzilla.suse.com/1194291
https://bugzilla.suse.com/1194880
https://bugzilla.suse.com/1195009
https://bugzilla.suse.com/1195062
https://bugzilla.suse.com/1195065
https://bugzilla.suse.com/1195073
https://bugzilla.suse.com/1195183
https://bugzilla.suse.com/1195184
https://bugzilla.suse.com/1195254
https://bugzilla.suse.com/1195267
https://bugzilla.suse.com/1195293
https://bugzilla.suse.com/1195371
1
0
openSUSE-SU-2022:0366-1: critical: Security update for the Linux Kernel
by opensuse-security@opensuse.org 10 Feb '22
by opensuse-security@opensuse.org 10 Feb '22
10 Feb '22
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0366-1
Rating: critical
References: #1071995 #1124431 #1167162 #1169514 #1172073
#1179599 #1184804 #1185377 #1186207 #1186222
#1187167 #1189305 #1189841 #1190358 #1190428
#1191229 #1191241 #1191384 #1191731 #1192032
#1192267 #1192740 #1192845 #1192847 #1192877
#1192946 #1193306 #1193440 #1193442 #1193575
#1193669 #1193727 #1193731 #1193767 #1193861
#1193864 #1193867 #1193927 #1194001 #1194048
#1194087 #1194227 #1194302 #1194516 #1194529
#1194880 #1194888 #1194985 #1195166 #1195254
Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820
CVE-2021-0920 CVE-2021-0935 CVE-2021-28711
CVE-2021-28712 CVE-2021-28713 CVE-2021-28714
CVE-2021-28715 CVE-2021-33098 CVE-2021-3564
CVE-2021-39648 CVE-2021-39657 CVE-2021-4002
CVE-2021-4083 CVE-2021-4135 CVE-2021-4149
CVE-2021-4197 CVE-2021-4202 CVE-2021-43975
CVE-2021-43976 CVE-2021-44733 CVE-2021-45095
CVE-2021-45486 CVE-2022-0322 CVE-2022-0330
CVSS scores:
CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28714 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 27 vulnerabilities and has 23 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that
validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store
(bsc#1194880).
- CVE-2021-45486: Fixed an information leak because the hash table is very
small in net/ipv4/route.c (bnc#1194087).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in
net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c
in the TEE subsystem, that could have occured because of a race
condition in tee_shm_get_from_id during an attempt to free a shared
memory object (bnc#1193767).
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can
connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could
allow an attacker (who can introduce a crafted device) to trigger an
out-of-bounds write via a crafted length value. (bsc#1192845)
- CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag
(bsc#1194529).
- CVE-2021-4197: Use cgroup open-time credentials for process migraton
perm checks (bsc#1194302).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in
coerce_reg_to_size (bsc#1194227).
- CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after
error (bsc#1194001).
- CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new
map's value in function nsim_bpf_map_alloc (bsc#1193927).
- CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage
collection for Unix domain socket file handlers when users call close()
and fget() simultaneouslyand can potentially trigger a race condition
(bnc#1193727).
- CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after
huge_pmd_unshare (bsc#1192946).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check
in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local
information disclosure with System execution privileges needed
(bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a
race condition in gadget_dev_desc_UDC_show of configfs.c. This could
lead to local information disclosure with System execution privileges
needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel
HCI device initialization subsystem that could have been used by
attaching malicious HCI TTY Bluetooth devices. A local user could use
this flaw to crash the system (bnc#1186207).
- CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet
ixgbe driver due to improper input validation. (bsc#1192877)
- CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited
number of packages (XSA-392) (bsc#1193442).
- CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall
detection (XSA-392) (bsc#1193442).
- CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against
event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against
event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against
event channel storms (XSA-391) (bsc#1193440).
- CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of
ip6_output.c due to a use after free. This could lead to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1192032).
- CVE-2021-0920: Fixed a local privilege escalation due to an use after
free bug in unix_gc (bsc#1193731).
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in
nouveau's postclose() handler could happen if removing device
(bsc#1179599).
- CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi
chips, used in RPi family of devices aka "Kr00k". (bsc#1167162)
- CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a
mishandling of a long jump over an instruction sequence where inner
instructions require substantial expansions into multiple BPF
instructions. This affects kernel/bpf/core.c and net/core/filter.c
(bnc#1193575).
The following non-security bugs were fixed:
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241
bsc#1195166).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- elfcore: fix building with clang (bsc#1169514).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241 bsc#1195166).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
(bsc#1190358).
- kernel-binary.spec.in: add zstd to BuildRequires if used
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- kernel-binary.spec: Check for no kernel signing certificates. Also
remove unused variable.
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- kernel-binary.spec: Do not fail silently when KMP is empty
(bsc#1190358). Copy the code from kernel-module-subpackage that deals
with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- kernel-binary.spec: Fix kernel-default-base scriptlets after packaging
merge.
- kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is
enabled (jsc#SLE-17288).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
- kernel-cert-subpackage: Fix certificate location in scriptlets
(bsc#1189841).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
The semantic changed in an incompatible way so invoking the macro now
causes a build failure.
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net: Using proper atomic helper (bsc#1186222).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: mana: Allow setting the number of queues while the NIC is down
(bsc#1193506).
- net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193506).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port()
(bsc#1193506).
- net: mana: Improve the HWC error handling (bsc#1193506).
- net: mana: Support hibernation and kexec (bsc#1193506).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506).
- objtool: Support Clang non-section symbols in ORC generation
(bsc#1169514).
- post.sh: detect /usr mountpoint too
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390
(bsc#1192267).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible
to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release
had arbitrary values in staging, we can't use it for dependencies. The
filesystem one has to be enough (boo#1184804).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306).
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305).
- rpm/kernel-source.rpmlintrc: ignore new include/config files.
- rpm/kernel-source.spec.in: do some more for vanilla_only.
- rpm: Abolish image suffix (bsc#1189841).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary
and KMP scriptlets to suse-module-tools.
- rpm: Define $certs as rpm macro (bsc#1189841).
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
(bsc#1189841).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- tty: hvc: replace BUG_ON() with negative return value.
- vfs: check fd has read access in kernel_read_file_from_fd()
(bsc#1194888).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514).
- xen/blkfront: do not take local copy of a request from the ring page
(git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version
(git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-366=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-366=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-197.105.1
kernel-vanilla-4.12.14-197.105.1
kernel-vanilla-base-4.12.14-197.105.1
kernel-vanilla-base-debuginfo-4.12.14-197.105.1
kernel-vanilla-debuginfo-4.12.14-197.105.1
kernel-vanilla-debugsource-4.12.14-197.105.1
kernel-vanilla-devel-4.12.14-197.105.1
kernel-vanilla-devel-debuginfo-4.12.14-197.105.1
kernel-vanilla-livepatch-devel-4.12.14-197.105.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-197.105.1
kernel-debug-base-debuginfo-4.12.14-197.105.1
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-197.105.1
kernel-kvmsmall-base-debuginfo-4.12.14-197.105.1
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-197.105.1
kernel-zfcpdump-man-4.12.14-197.105.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-197.105.1
kernel-vanilla-4.12.14-197.105.1
kernel-vanilla-base-4.12.14-197.105.1
kernel-vanilla-base-debuginfo-4.12.14-197.105.1
kernel-vanilla-debuginfo-4.12.14-197.105.1
kernel-vanilla-debugsource-4.12.14-197.105.1
kernel-vanilla-devel-4.12.14-197.105.1
kernel-vanilla-devel-debuginfo-4.12.14-197.105.1
kernel-vanilla-livepatch-devel-4.12.14-197.105.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-197.105.1
kernel-debug-base-debuginfo-4.12.14-197.105.1
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-197.105.1
kernel-kvmsmall-base-debuginfo-4.12.14-197.105.1
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-197.105.1
kernel-zfcpdump-man-4.12.14-197.105.1
References:
https://www.suse.com/security/cve/CVE-2018-25020.html
https://www.suse.com/security/cve/CVE-2019-15126.html
https://www.suse.com/security/cve/CVE-2020-27820.html
https://www.suse.com/security/cve/CVE-2021-0920.html
https://www.suse.com/security/cve/CVE-2021-0935.html
https://www.suse.com/security/cve/CVE-2021-28711.html
https://www.suse.com/security/cve/CVE-2021-28712.html
https://www.suse.com/security/cve/CVE-2021-28713.html
https://www.suse.com/security/cve/CVE-2021-28714.html
https://www.suse.com/security/cve/CVE-2021-28715.html
https://www.suse.com/security/cve/CVE-2021-33098.html
https://www.suse.com/security/cve/CVE-2021-3564.html
https://www.suse.com/security/cve/CVE-2021-39648.html
https://www.suse.com/security/cve/CVE-2021-39657.html
https://www.suse.com/security/cve/CVE-2021-4002.html
https://www.suse.com/security/cve/CVE-2021-4083.html
https://www.suse.com/security/cve/CVE-2021-4135.html
https://www.suse.com/security/cve/CVE-2021-4149.html
https://www.suse.com/security/cve/CVE-2021-4197.html
https://www.suse.com/security/cve/CVE-2021-4202.html
https://www.suse.com/security/cve/CVE-2021-43975.html
https://www.suse.com/security/cve/CVE-2021-43976.html
https://www.suse.com/security/cve/CVE-2021-44733.html
https://www.suse.com/security/cve/CVE-2021-45095.html
https://www.suse.com/security/cve/CVE-2021-45486.html
https://www.suse.com/security/cve/CVE-2022-0322.html
https://www.suse.com/security/cve/CVE-2022-0330.html
https://bugzilla.suse.com/1071995
https://bugzilla.suse.com/1124431
https://bugzilla.suse.com/1167162
https://bugzilla.suse.com/1169514
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1179599
https://bugzilla.suse.com/1184804
https://bugzilla.suse.com/1185377
https://bugzilla.suse.com/1186207
https://bugzilla.suse.com/1186222
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1189305
https://bugzilla.suse.com/1189841
https://bugzilla.suse.com/1190358
https://bugzilla.suse.com/1190428
https://bugzilla.suse.com/1191229
https://bugzilla.suse.com/1191241
https://bugzilla.suse.com/1191384
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1192032
https://bugzilla.suse.com/1192267
https://bugzilla.suse.com/1192740
https://bugzilla.suse.com/1192845
https://bugzilla.suse.com/1192847
https://bugzilla.suse.com/1192877
https://bugzilla.suse.com/1192946
https://bugzilla.suse.com/1193306
https://bugzilla.suse.com/1193440
https://bugzilla.suse.com/1193442
https://bugzilla.suse.com/1193575
https://bugzilla.suse.com/1193669
https://bugzilla.suse.com/1193727
https://bugzilla.suse.com/1193731
https://bugzilla.suse.com/1193767
https://bugzilla.suse.com/1193861
https://bugzilla.suse.com/1193864
https://bugzilla.suse.com/1193867
https://bugzilla.suse.com/1193927
https://bugzilla.suse.com/1194001
https://bugzilla.suse.com/1194048
https://bugzilla.suse.com/1194087
https://bugzilla.suse.com/1194227
https://bugzilla.suse.com/1194302
https://bugzilla.suse.com/1194516
https://bugzilla.suse.com/1194529
https://bugzilla.suse.com/1194880
https://bugzilla.suse.com/1194888
https://bugzilla.suse.com/1194985
https://bugzilla.suse.com/1195166
https://bugzilla.suse.com/1195254
1
0
openSUSE-RU-2022:0352-1: moderate: Recommended update for release-notes-ha
by maintenance@opensuse.org 08 Feb '22
by maintenance@opensuse.org 08 Feb '22
08 Feb '22
openSUSE Recommended Update: Recommended update for release-notes-ha
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:0352-1
Rating: moderate
References: #1187664 #1188305 #933411 SLE-22898 TEAM-62
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has three recommended fixes and contains two
features can now be installed.
Description:
This update for release-notes-ha fixes the following issues:
- 15.3.20220202 (tracked in bsc#933411)
- Added note about pingd deprecation (jsc#DOCTEAM-62)
- Added note about python-cluster-preflight-check deprecation
(jsc#SLE-22898)
- Removed mention of SES (bsc#1188305)
- Updated links (bsc#1187664)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-352=1
Package List:
- openSUSE Leap 15.3 (noarch):
release-notes-ha-15.3.20220202-150300.3.3.1
References:
https://bugzilla.suse.com/1187664
https://bugzilla.suse.com/1188305
https://bugzilla.suse.com/933411
1
0