openSUSE Updates
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
November 2023
- 2 participants
- 210 discussions
SUSE-SU-2023:4412-1: moderate: Maintenance update for SUSE Manager 4.3.9 Release Notes
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Maintenance update for SUSE Manager 4.3.9 Release Notes
Announcement ID: SUSE-SU-2023:4412-1
Rating: moderate
References:
* bsc#1204270
* bsc#1211047
* bsc#1211145
* bsc#1211270
* bsc#1211912
* bsc#1212168
* bsc#1212507
* bsc#1213132
* bsc#1213376
* bsc#1213469
* bsc#1213680
* bsc#1213689
* bsc#1214041
* bsc#1214121
* bsc#1214463
* bsc#1214553
* bsc#1214746
* bsc#1215027
* bsc#1215120
* bsc#1215157
* bsc#1215412
* bsc#1215514
* bsc#1216411
* bsc#1216661
* jsc#MSQA-706
* jsc#SUMA-111
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability, contains two features and has 23
security fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
### Description:
This update fixes the following issues:
release-notes-susemanager-proxy:
* Update to SUSE Manager 4.3.9
* Bugs mentioned bsc#1212507, bsc#1216411
## Security update for SUSE Manager Server 4.3
### Description:
This update fixes the following issues:
* Update to SUSE Manager 4.3.9
* Debian 12 support as client
* New Update Notification (jsc#SUMA-111)
* Monitoring: Grafana upgraded to 9.5.8
* Update 'saltkey' endpoints to accept GET instead of POST
* CVEs fixed: CVE-2023-34049
* Bugs mentioned: bsc#1204270, bsc#1211047, bsc#1211145, bsc#1211270,
bsc#1211912 bsc#1212168, bsc#1212507, bsc#1213132, bsc#1213376, bsc#1213469
bsc#1213680, bsc#1213689, bsc#1214041, bsc#1214121, bsc#1214463 bsc#1214553,
bsc#1214746, bsc#1215027, bsc#1215120, bsc#1215412 bsc#1215514, bsc#1216661,
bsc#1215157
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4412=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4412=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2023-4412=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4412=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-4.3.9-150400.3.90.1
* release-notes-susemanager-proxy-4.3.9-150400.3.69.1
* SUSE Manager Proxy 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.9-150400.3.69.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.9-150400.3.69.1
* SUSE Manager Server 4.3 (noarch)
* release-notes-susemanager-4.3.9-150400.3.90.1
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1204270
* https://bugzilla.suse.com/show_bug.cgi?id=1211047
* https://bugzilla.suse.com/show_bug.cgi?id=1211145
* https://bugzilla.suse.com/show_bug.cgi?id=1211270
* https://bugzilla.suse.com/show_bug.cgi?id=1211912
* https://bugzilla.suse.com/show_bug.cgi?id=1212168
* https://bugzilla.suse.com/show_bug.cgi?id=1212507
* https://bugzilla.suse.com/show_bug.cgi?id=1213132
* https://bugzilla.suse.com/show_bug.cgi?id=1213376
* https://bugzilla.suse.com/show_bug.cgi?id=1213469
* https://bugzilla.suse.com/show_bug.cgi?id=1213680
* https://bugzilla.suse.com/show_bug.cgi?id=1213689
* https://bugzilla.suse.com/show_bug.cgi?id=1214041
* https://bugzilla.suse.com/show_bug.cgi?id=1214121
* https://bugzilla.suse.com/show_bug.cgi?id=1214463
* https://bugzilla.suse.com/show_bug.cgi?id=1214553
* https://bugzilla.suse.com/show_bug.cgi?id=1214746
* https://bugzilla.suse.com/show_bug.cgi?id=1215027
* https://bugzilla.suse.com/show_bug.cgi?id=1215120
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://bugzilla.suse.com/show_bug.cgi?id=1215412
* https://bugzilla.suse.com/show_bug.cgi?id=1215514
* https://bugzilla.suse.com/show_bug.cgi?id=1216411
* https://bugzilla.suse.com/show_bug.cgi?id=1216661
* https://jira.suse.com/browse/MSQA-706
* https://jira.suse.com/browse/SUMA-111
1
0
08 Nov '23
# Recommended update for crmsh
Announcement ID: SUSE-RU-2023:4383-1
Rating: moderate
References:
* bsc#1203601
* bsc#1208216
* bsc#1213797
* bsc#1215438
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that has four fixes can now be installed.
## Description:
This update for crmsh fixes the following issues:
* Update to version 4.4.2+20231010.03e9316f
* report: Pick up tarball suffix dynamically (bsc#1215438)
* report: Pick 'gzip' as the first compress prog for cross-platform
compatibility(bsc#1215438)
* upgradeutil: reduce ConnectTimeout when checking the availability of ssh
access (bsc#1213797)
* ui_cluster: 'crm cluster stop' failed to stop services (bsc#1203601)
* utils: Change the way to get pacemaker's version (bsc#1208216)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4383=1 openSUSE-SLE-15.4-2023-4383=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4383=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* crmsh-test-4.4.2+20231010.03e9316f-150400.3.28.1
* crmsh-scripts-4.4.2+20231010.03e9316f-150400.3.28.1
* crmsh-4.4.2+20231010.03e9316f-150400.3.28.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch)
* crmsh-scripts-4.4.2+20231010.03e9316f-150400.3.28.1
* crmsh-4.4.2+20231010.03e9316f-150400.3.28.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1203601
* https://bugzilla.suse.com/show_bug.cgi?id=1208216
* https://bugzilla.suse.com/show_bug.cgi?id=1213797
* https://bugzilla.suse.com/show_bug.cgi?id=1215438
1
0
openSUSE-RU-2023:0359-1: moderate: Recommended update for xfce4-notify
by maintenance@opensuse.org 07 Nov '23
by maintenance@opensuse.org 07 Nov '23
07 Nov '23
openSUSE Recommended Update: Recommended update for xfce4-notify
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0359-1
Rating: moderate
References: #1216516
Affected Products:
openSUSE Backports SLE-15-SP5
openSUSE Leap 15.5
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for xfce4-dev-tools, xfce4-notifyd fixes the following issues:
- X11 support which was broken in a previous update for xfce4-notifyd
(boo#1216516)
- xfce4-dev-tools was updated as a build dependency
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:
zypper in -t patch openSUSE-2023-359=1
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-359=1
Package List:
- openSUSE Leap 15.5 (noarch):
libgarcon-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
libxfce4ui-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
thunar-volman-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-notifyd-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-panel-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-power-manager-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-session-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-settings-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfdesktop-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfwm4-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
xfce4-dev-tools-4.18.1-bp155.3.5.1
xfce4-notifyd-0.9.2-bp155.2.6.1
xfce4-notifyd-debuginfo-0.9.2-bp155.2.6.1
xfce4-notifyd-debugsource-0.9.2-bp155.2.6.1
- openSUSE Backports SLE-15-SP5 (noarch):
xfce4-notifyd-branding-upstream-0.9.2-bp155.2.6.1
xfce4-notifyd-lang-0.9.2-bp155.2.6.1
References:
https://bugzilla.suse.com/1216516
1
0
openSUSE-RU-2023:0358-1: moderate: Recommended update for go1.15, go1.16, go1.17
by maintenance@opensuse.org 07 Nov '23
by maintenance@opensuse.org 07 Nov '23
07 Nov '23
openSUSE Recommended Update: Recommended update for go1.15, go1.16, go1.17
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0358-1
Rating: moderate
References:
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update adds go1.15, go1.16 and go1.17 to bootstrap newer go versions.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2023-358=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
go1.15-1.15.15-5.1
go1.15-doc-1.15.15-5.1
go1.16-1.16.15-2.3
go1.16-doc-1.16.15-2.3
go1.17-1.17.13-2.1
go1.17-doc-1.17.13-2.1
References:
1
0
SUSE-RU-2023:4382-1: important: Recommended update for release-notes-sles
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Recommended update for release-notes-sles
Announcement ID: SUSE-RU-2023:4382-1
Rating: important
References:
* bsc#933411
* jsc#PED-4489
* jsc#PED-4564
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that contains two features and has one fix can now be installed.
## Description:
This update for release-notes-sles fixes the following issues:
* Version 15.5.20231106:
* aarch64: Added recommendation of 64K for NVIDIA Grace
(jsc#PED-4564/jsc#PED-4489)
* aarch64: Mention NVIDIA Grace Hopper and GPU (jsc#PED-4564)
* aarch64: Updated 64K page size kernel flavor to supported (jsc#PED-4489)
* aarch64: Added NVIDIA Grace (jsc#PED-4564)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-2023-4382=1 SUSE-SLE-
INSTALLER-15-SP5-2023-4382=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4382=1 openSUSE-SLE-15.5-2023-4382=1
* SUSE Linux Enterprise High Performance Computing 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1
* SUSE Linux Enterprise Desktop 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1
## Package List:
* SUSE Linux Enterprise Server 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* openSUSE Leap 15.5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* SUSE Linux Enterprise Desktop 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=933411
* https://jira.suse.com/browse/PED-4489
* https://jira.suse.com/browse/PED-4564
1
0
SUSE-SU-2023:4375-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4375-1
Rating: important
References:
* bsc#1208788
* bsc#1211162
* bsc#1211307
* bsc#1212423
* bsc#1212649
* bsc#1213705
* bsc#1213772
* bsc#1214754
* bsc#1214874
* bsc#1215095
* bsc#1215104
* bsc#1215523
* bsc#1215545
* bsc#1215921
* bsc#1215955
* bsc#1215986
* bsc#1216062
* bsc#1216202
* bsc#1216322
* bsc#1216323
* bsc#1216324
* bsc#1216333
* bsc#1216345
* bsc#1216512
* bsc#1216621
* bsc#802154
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39191
* CVE-2023-39193
* CVE-2023-46813
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves nine vulnerabilities and has 17 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed a local privilege escalation with user-space programs
that have access to MMIO regions (bsc#1212649).
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could
allow a malicious user to execute a remote code execution. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-
supplied eBPF programs that may have allowed an attacker with CAP_BPF
privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
* ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
* ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
* ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
* ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* NFS: Fix O_DIRECT locking issues (bsc#1211162).
* NFS: Fix a few more clear_bit() instances that need release semantics
(bsc#1211162).
* NFS: Fix a potential data corruption (bsc#1211162).
* NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
* NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
* NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
* NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
* NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
* NFS: only issue commit in DIO codepath if we have uncommitted data
(bsc#1211162).
* NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
(git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* bonding: Fix extraction of ports from the packet headers (bsc#1214754).
* bonding: Return pointer to data after pull on skb (bsc#1214754).
* bonding: do not assume skb mac_header is set (bsc#1214754).
* bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
* bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
* bpf: Add override check to kprobe multi link attach (git-fixes).
* bpf: Add zero_map_value to zero map value with special fields (git-fixes).
* bpf: Cleanup check_refcount_ok (git-fixes).
* bpf: Fix max stack depth check for async callbacks (git-fixes).
* bpf: Fix offset calculation error in __copy_map_value and zero_map_value
(git-fixes).
* bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
* bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
* bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
* bpf: Gate dynptr API behind CAP_BPF (git-fixes).
* bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
* bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
* bpf: Tighten ptr_to_btf_id checks (git-fixes).
* bpf: fix precision propagation verbose logging (git-fixes).
* bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
* bpf: propagate precision across all frames, not just the last one (git-
fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* btf: Export bpf_dynptr definition (git-fixes).
* btrfs: do not start transaction for scrub if the fs is mounted read-only
(bsc#1214874).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
* ceph: add encryption support to writepage and writepages (jsc#SES-1880).
* ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
* ceph: add helpers for converting names for userland presentation
(jsc#SES-1880).
* ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
* ceph: add new mount option to enable sparse reads (jsc#SES-1880).
* ceph: add object version support for sync read (jsc#SES-1880).
* ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
* ceph: add some fscrypt guardrails (jsc#SES-1880).
* ceph: add support for encrypted snapshot names (jsc#SES-1880).
* ceph: add support to readdir for encrypted names (jsc#SES-1880).
* ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
* ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
* ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
* ceph: create symlinks with encrypted and base64-encoded targets
(jsc#SES-1880).
* ceph: decode alternate_name in lease info (jsc#SES-1880).
* ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
* ceph: drop messages from MDS when unmounting (jsc#SES-1880).
* ceph: encode encrypted name in ceph_mdsc_build_path and dentry release
(jsc#SES-1880).
* ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1216322).
* ceph: fix type promotion bug on 32bit systems (bsc#1216324).
* ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
* ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
* ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
* ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
* ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
* ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
* ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
* ceph: make d_revalidate call fscrypt revalidator for encrypted dentries
(jsc#SES-1880).
* ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
* ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
* ceph: mark directory as non-complete after loading key (jsc#SES-1880).
* ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
* ceph: plumb in decryption during reads (jsc#SES-1880).
* ceph: preallocate inode for ops that may create one (jsc#SES-1880).
* ceph: prevent snapshot creation in encrypted locked directories
(jsc#SES-1880).
* ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
* ceph: send alternate_name in MClientRequest (jsc#SES-1880).
* ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open()
(jsc#SES-1880).
* ceph: size handling in MClientRequest, cap updates and inode traces
(jsc#SES-1880).
* ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper
(jsc#SES-1880).
* ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
* ceph: voluntarily drop Xx caps for requests those touch parent mtime
(jsc#SES-1880).
* ceph: wait for OSD requests' callbacks to finish when unmounting
(jsc#SES-1880).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
* drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
* drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-
fixes).
* drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
* drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
* drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
* drm/atomic-helper: relax unregistered connector check (git-fixes).
* drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-
fixes).
* drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
* drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* fix x86/mm: print the encryption features in hyperv is disabled
* fprobe: Ensure running fprobe_exit_handler() finished before calling
rethook_free() (git-fixes).
* fscrypt: new helper function - fscrypt_prepare_lookup_partial()
(jsc#SES-1880).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio:Â Replace custom acpi_get_local_address() (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-
fixes).
* iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* intel x86 platform vsec kABI workaround (bsc#1216202).
* io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
* io_uring/rw: defer fsnotify calls to task context (git-fixes).
* io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
* io_uring/rw: remove leftover debug statement (git-fixes).
* io_uring: Replace 0-length array with flexible array (git-fixes).
* io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
* io_uring: fix fdinfo sqe offsets calculation (git-fixes).
* io_uring: fix memory leak when removing provided buffers (git-fixes).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
* kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
* libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type
(jsc#SES-1880).
* libceph: add sparse read support to OSD client (jsc#SES-1880).
* libceph: add sparse read support to msgr1 (jsc#SES-1880).
* libceph: add spinlock around osd->o_requests (jsc#SES-1880).
* libceph: allow ceph_osdc_new_request to accept a multi-op read
(jsc#SES-1880).
* libceph: define struct ceph_sparse_extent and add some helpers
(jsc#SES-1880).
* libceph: new sparse_read op, support sparse reads on msgr2 crc codepath
(jsc#SES-1880).
* libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
* libceph: use kernel_connect() (bsc#1216323).
* misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* net: use sk_is_tcp() in more places (git-fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
* platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
* platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
* platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
* platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* quota: Fix slow quotaoff (bsc#1216621).
* r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
* r8152: Release firmware if we have an error in probe (git-fixes).
* r8152: Run the unload routine if we have errors during probe (git-fixes).
* r8152: check budget for r8152_poll() (git-fixes).
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
* scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
* scsi: iscsi: Add length check for nlattr payload (git-fixes).
* scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
* scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
* scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
* scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-
fixes).
* scsi: pm8001: Setup IRQs on resume (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in
qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
* scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
* scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
* selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-
fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-
fixes).
* selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
* selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* treewide: Spelling fix in comment (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: hub: Guard against accesses to uninitialized BOS descriptors (git-
fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* usb: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/mm: Print the encryption features correctly when a paravisor is present
(bsc#1206453).
* x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* x86/sev: Make enc_dec_hypercall() accept a size instead of npages
(bsc#1214635).
* xen-netback: use default TX queue size for vifs (git-fixes).
* xhci: Keep interrupt disabled in initialization until host is running (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4375=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4375=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4375=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4375=1 openSUSE-SLE-15.5-2023-4375=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4375=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4375=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4375=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4375=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150500.55.36.1
* kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-livepatch-devel-5.14.21-150500.55.36.1
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* ocfs2-kmp-default-5.14.21-150500.55.36.1
* dlm-kmp-default-5.14.21-150500.55.36.1
* cluster-md-kmp-default-5.14.21-150500.55.36.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debugsource-5.14.21-150500.55.36.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1
* gfs2-kmp-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-extra-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (noarch)
* kernel-devel-5.14.21-150500.55.36.1
* kernel-source-vanilla-5.14.21-150500.55.36.1
* kernel-docs-html-5.14.21-150500.55.36.1
* kernel-source-5.14.21-150500.55.36.1
* kernel-macros-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-debug-debuginfo-5.14.21-150500.55.36.1
* kernel-debug-devel-5.14.21-150500.55.36.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.36.1
* kernel-debug-debugsource-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-debuginfo-5.14.21-150500.55.36.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.36.1
* kernel-debug-vdso-5.14.21-150500.55.36.1
* kernel-default-vdso-5.14.21-150500.55.36.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.36.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-5.14.21-150500.55.36.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.36.1
* kernel-default-base-rebuild-5.14.21-150500.55.36.1.150500.6.15.3
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.36.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.36.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-qa-5.14.21-150500.55.36.1
* kselftests-kmp-default-5.14.21-150500.55.36.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-devel-5.14.21-150500.55.36.1
* reiserfs-kmp-default-5.14.21-150500.55.36.1
* kernel-obs-build-debugsource-5.14.21-150500.55.36.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.36.1
* kernel-obs-build-5.14.21-150500.55.36.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-livepatch-5.14.21-150500.55.36.1
* kernel-default-extra-5.14.21-150500.55.36.1
* cluster-md-kmp-default-5.14.21-150500.55.36.1
* kernel-default-livepatch-devel-5.14.21-150500.55.36.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.36.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1
* ocfs2-kmp-default-5.14.21-150500.55.36.1
* dlm-kmp-default-5.14.21-150500.55.36.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-syms-5.14.21-150500.55.36.1
* gfs2-kmp-default-5.14.21-150500.55.36.1
* kernel-default-optional-5.14.21-150500.55.36.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.36.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debugsource-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64)
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-debugsource-5.14.21-150500.55.36.1
* ocfs2-kmp-64kb-5.14.21-150500.55.36.1
* reiserfs-kmp-64kb-5.14.21-150500.55.36.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.36.1
* dtb-allwinner-5.14.21-150500.55.36.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.36.1
* dtb-arm-5.14.21-150500.55.36.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1
* dtb-rockchip-5.14.21-150500.55.36.1
* dtb-socionext-5.14.21-150500.55.36.1
* dtb-altera-5.14.21-150500.55.36.1
* kernel-64kb-devel-5.14.21-150500.55.36.1
* dtb-broadcom-5.14.21-150500.55.36.1
* dtb-cavium-5.14.21-150500.55.36.1
* dtb-freescale-5.14.21-150500.55.36.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* dtb-lg-5.14.21-150500.55.36.1
* dtb-amlogic-5.14.21-150500.55.36.1
* kernel-64kb-debuginfo-5.14.21-150500.55.36.1
* dlm-kmp-64kb-5.14.21-150500.55.36.1
* dtb-apple-5.14.21-150500.55.36.1
* dtb-sprd-5.14.21-150500.55.36.1
* dtb-renesas-5.14.21-150500.55.36.1
* dtb-mediatek-5.14.21-150500.55.36.1
* kernel-64kb-extra-5.14.21-150500.55.36.1
* gfs2-kmp-64kb-5.14.21-150500.55.36.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* dtb-qcom-5.14.21-150500.55.36.1
* dtb-apm-5.14.21-150500.55.36.1
* dtb-xilinx-5.14.21-150500.55.36.1
* dtb-nvidia-5.14.21-150500.55.36.1
* kselftests-kmp-64kb-5.14.21-150500.55.36.1
* dtb-exynos-5.14.21-150500.55.36.1
* kernel-64kb-optional-5.14.21-150500.55.36.1
* dtb-amd-5.14.21-150500.55.36.1
* dtb-amazon-5.14.21-150500.55.36.1
* dtb-marvell-5.14.21-150500.55.36.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* cluster-md-kmp-64kb-5.14.21-150500.55.36.1
* dtb-hisilicon-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-debugsource-5.14.21-150500.55.36.1
* kernel-64kb-devel-5.14.21-150500.55.36.1
* kernel-64kb-debuginfo-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-devel-5.14.21-150500.55.36.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (noarch)
* kernel-macros-5.14.21-150500.55.36.1
* kernel-devel-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.36.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.36.1
* kernel-obs-build-5.14.21-150500.55.36.1
* kernel-syms-5.14.21-150500.55.36.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.36.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-default-5.14.21-150500.55.36.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39191.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1211162
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1214754
* https://bugzilla.suse.com/show_bug.cgi?id=1214874
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215104
* https://bugzilla.suse.com/show_bug.cgi?id=1215523
* https://bugzilla.suse.com/show_bug.cgi?id=1215545
* https://bugzilla.suse.com/show_bug.cgi?id=1215921
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1215986
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216202
* https://bugzilla.suse.com/show_bug.cgi?id=1216322
* https://bugzilla.suse.com/show_bug.cgi?id=1216323
* https://bugzilla.suse.com/show_bug.cgi?id=1216324
* https://bugzilla.suse.com/show_bug.cgi?id=1216333
* https://bugzilla.suse.com/show_bug.cgi?id=1216345
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
* https://bugzilla.suse.com/show_bug.cgi?id=802154
1
0
SUSE-SU-2023:4378-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4378-1
Rating: important
References:
* bsc#1208788
* bsc#1210778
* bsc#1211307
* bsc#1212423
* bsc#1212649
* bsc#1213705
* bsc#1213772
* bsc#1214842
* bsc#1215095
* bsc#1215104
* bsc#1215518
* bsc#1215955
* bsc#1215956
* bsc#1215957
* bsc#1215986
* bsc#1216062
* bsc#1216345
* bsc#1216510
* bsc#1216511
* bsc#1216512
* bsc#1216621
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39193
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* Legacy Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves seven vulnerabilities and has 14 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* r8152: check budget for r8152_poll() (git-fixes).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4378=1 SUSE-2023-4378=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4378=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4378=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4378=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4378=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4378=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4378=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4378=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4378=1
## Package List:
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-5.14.21-150400.24.97.1
* kernel-source-5.14.21-150400.24.97.1
* kernel-source-vanilla-5.14.21-150400.24.97.1
* kernel-macros-5.14.21-150400.24.97.1
* kernel-docs-html-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debuginfo-5.14.21-150400.24.97.1
* kernel-debug-devel-5.14.21-150400.24.97.1
* kernel-debug-debugsource-5.14.21-150400.24.97.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.97.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.97.1
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* kernel-default-base-rebuild-5.14.21-150400.24.97.1.150400.24.44.2
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-kvmsmall-devel-5.14.21-150400.24.97.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.97.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* dlm-kmp-default-5.14.21-150400.24.97.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.97.1
* gfs2-kmp-default-5.14.21-150400.24.97.1
* kernel-default-extra-5.14.21-150400.24.97.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.97.1
* kernel-obs-qa-5.14.21-150400.24.97.1
* cluster-md-kmp-default-5.14.21-150400.24.97.1
* kernel-default-devel-5.14.21-150400.24.97.1
* kernel-obs-build-debugsource-5.14.21-150400.24.97.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-livepatch-devel-5.14.21-150400.24.97.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.97.1
* ocfs2-kmp-default-5.14.21-150400.24.97.1
* kernel-syms-5.14.21-150400.24.97.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1
* reiserfs-kmp-default-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* kernel-default-optional-5.14.21-150400.24.97.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-livepatch-5.14.21-150400.24.97.1
* kselftests-kmp-default-5.14.21-150400.24.97.1
* kernel-obs-build-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64)
* kernel-64kb-extra-5.14.21-150400.24.97.1
* dtb-xilinx-5.14.21-150400.24.97.1
* dtb-socionext-5.14.21-150400.24.97.1
* ocfs2-kmp-64kb-5.14.21-150400.24.97.1
* dtb-sprd-5.14.21-150400.24.97.1
* dlm-kmp-64kb-5.14.21-150400.24.97.1
* dtb-allwinner-5.14.21-150400.24.97.1
* reiserfs-kmp-64kb-5.14.21-150400.24.97.1
* dtb-amd-5.14.21-150400.24.97.1
* dtb-exynos-5.14.21-150400.24.97.1
* dtb-mediatek-5.14.21-150400.24.97.1
* dtb-arm-5.14.21-150400.24.97.1
* dtb-altera-5.14.21-150400.24.97.1
* dtb-lg-5.14.21-150400.24.97.1
* dtb-renesas-5.14.21-150400.24.97.1
* dtb-freescale-5.14.21-150400.24.97.1
* kernel-64kb-debuginfo-5.14.21-150400.24.97.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* dtb-qcom-5.14.21-150400.24.97.1
* dtb-marvell-5.14.21-150400.24.97.1
* dtb-cavium-5.14.21-150400.24.97.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* gfs2-kmp-64kb-5.14.21-150400.24.97.1
* kernel-64kb-optional-5.14.21-150400.24.97.1
* cluster-md-kmp-64kb-5.14.21-150400.24.97.1
* dtb-apm-5.14.21-150400.24.97.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.97.1
* dtb-rockchip-5.14.21-150400.24.97.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* dtb-hisilicon-5.14.21-150400.24.97.1
* dtb-amlogic-5.14.21-150400.24.97.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* dtb-amazon-5.14.21-150400.24.97.1
* kselftests-kmp-64kb-5.14.21-150400.24.97.1
* dtb-apple-5.14.21-150400.24.97.1
* dtb-nvidia-5.14.21-150400.24.97.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-devel-5.14.21-150400.24.97.1
* dtb-broadcom-5.14.21-150400.24.97.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.97.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-debugsource-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* kernel-default-debugsource-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-debugsource-5.14.21-150400.24.97.1
* kernel-64kb-devel-5.14.21-150400.24.97.1
* kernel-64kb-debuginfo-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (noarch)
* kernel-macros-5.14.21-150400.24.97.1
* kernel-devel-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1
* Development Tools Module 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.97.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150400.24.97.1
* kernel-syms-5.14.21-150400.24.97.1
* kernel-obs-build-5.14.21-150400.24.97.1
* Development Tools Module 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.97.1
* Legacy Module 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* kernel-default-livepatch-devel-5.14.21-150400.24.97.1
* kernel-default-livepatch-5.14.21-150400.24.97.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* gfs2-kmp-default-5.14.21-150400.24.97.1
* ocfs2-kmp-default-5.14.21-150400.24.97.1
* cluster-md-kmp-default-5.14.21-150400.24.97.1
* dlm-kmp-default-5.14.21-150400.24.97.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* kernel-default-extra-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1214842
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215104
* https://bugzilla.suse.com/show_bug.cgi?id=1215518
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1215956
* https://bugzilla.suse.com/show_bug.cgi?id=1215957
* https://bugzilla.suse.com/show_bug.cgi?id=1215986
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216345
* https://bugzilla.suse.com/show_bug.cgi?id=1216510
* https://bugzilla.suse.com/show_bug.cgi?id=1216511
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
1
0
06 Nov '23
# Security update for squid
Announcement ID: SUSE-SU-2023:4380-1
Rating: important
References:
* bsc#1216495
* bsc#1216498
* bsc#1216500
* bsc#1216803
Cross-References:
* CVE-2023-46724
* CVE-2023-46846
* CVE-2023-46847
* CVE-2023-46848
CVSS scores:
* CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
* CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
* CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Server Applications Module 15-SP4
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves four vulnerabilities can now be installed.
## Description:
This update for squid fixes the following issues:
* CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP
(bsc#1216500).
* CVE-2023-46847: Denial of Service in HTTP Digest Authentication
(bsc#1216495).
* CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803).
* CVE-2023-46848: Denial of Service in FTP (bsc#1216498).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4380=1 openSUSE-SLE-15.4-2023-4380=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4380=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4380=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4380=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2023-46724.html
* https://www.suse.com/security/cve/CVE-2023-46846.html
* https://www.suse.com/security/cve/CVE-2023-46847.html
* https://www.suse.com/security/cve/CVE-2023-46848.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216495
* https://bugzilla.suse.com/show_bug.cgi?id=1216498
* https://bugzilla.suse.com/show_bug.cgi?id=1216500
* https://bugzilla.suse.com/show_bug.cgi?id=1216803
1
0
openSUSE-RU-2023:0357-1: moderate: Recommended update for tayga
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
openSUSE Recommended Update: Recommended update for tayga
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0357-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for tayga fixes the following issues:
- Add tayga_destroy_tun to delete the tunnel interface when the service is
stopped
- Drop PrivateDevices and ProtectClock hardening options to repair startup
failure while accessing /dev/net/tun
- Add conditional to tayga_setup_tun to facilitate operation on systems
without iptables
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-357=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
tayga-0.9.2-bp155.4.3.1
References:
1
0
06 Nov '23
# Security update for tiff
Announcement ID: SUSE-SU-2023:4370-1
Rating: moderate
References:
* bsc#1212535
* bsc#1212881
* bsc#1212883
* bsc#1212888
* bsc#1213273
* bsc#1213274
* bsc#1213589
* bsc#1213590
* bsc#1214574
Cross-References:
* CVE-2020-18768
* CVE-2023-25433
* CVE-2023-26966
* CVE-2023-2908
* CVE-2023-3316
* CVE-2023-3576
* CVE-2023-3618
* CVE-2023-38288
* CVE-2023-38289
CVSS scores:
* CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-2908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3316 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-3576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3618 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-38289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves nine vulnerabilities can now be installed.
## Description:
This update for tiff fixes the following issues:
* CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589).
* CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
* CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
* CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
* CVE-2023-26966: Fixed an out of bounds read when transforming a little-
endian file to a big-endian output (bsc#1212881)
* CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files
(bsc#1213274).
* CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
* CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an
inaccessible path (bsc#1212535).
* CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4370=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4370=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4370=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4370=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4370=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4370=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4370=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4370=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4370=1
## Package List:
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* openSUSE Leap 15.4 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* libtiff-devel-32bit-4.0.9-150000.45.32.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* openSUSE Leap 15.5 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* libtiff-devel-32bit-4.0.9-150000.45.32.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* Basesystem Module 15-SP4 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* Basesystem Module 15-SP5 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
## References:
* https://www.suse.com/security/cve/CVE-2020-18768.html
* https://www.suse.com/security/cve/CVE-2023-25433.html
* https://www.suse.com/security/cve/CVE-2023-26966.html
* https://www.suse.com/security/cve/CVE-2023-2908.html
* https://www.suse.com/security/cve/CVE-2023-3316.html
* https://www.suse.com/security/cve/CVE-2023-3576.html
* https://www.suse.com/security/cve/CVE-2023-3618.html
* https://www.suse.com/security/cve/CVE-2023-38288.html
* https://www.suse.com/security/cve/CVE-2023-38289.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212535
* https://bugzilla.suse.com/show_bug.cgi?id=1212881
* https://bugzilla.suse.com/show_bug.cgi?id=1212883
* https://bugzilla.suse.com/show_bug.cgi?id=1212888
* https://bugzilla.suse.com/show_bug.cgi?id=1213273
* https://bugzilla.suse.com/show_bug.cgi?id=1213274
* https://bugzilla.suse.com/show_bug.cgi?id=1213589
* https://bugzilla.suse.com/show_bug.cgi?id=1213590
* https://bugzilla.suse.com/show_bug.cgi?id=1214574
1
0