openSUSE Updates
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
November 2023
- 2 participants
- 210 discussions
openSUSE-RU-2023:0356-1: moderate: Recommended update for seamonkey
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
openSUSE Recommended Update: Recommended update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0356-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for seamonkey fixes the following issues:
- Fixed building with rust >= 1.48
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-356=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 x86_64):
seamonkey-2.53.17.1-bp155.2.9.1
seamonkey-dom-inspector-2.53.17.1-bp155.2.9.1
seamonkey-irc-2.53.17.1-bp155.2.9.1
References:
1
0
openSUSE-RU-2023:0355-1: moderate: Recommended update for seamonkey
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
openSUSE Recommended Update: Recommended update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0355-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for seamonkey fixes the following issues:
- Fixed building with rust >= 1.48
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-355=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 x86_64):
seamonkey-2.53.17.1-bp154.2.17.1
seamonkey-dom-inspector-2.53.17.1-bp154.2.17.1
seamonkey-irc-2.53.17.1-bp154.2.17.1
References:
1
0
openSUSE-SU-2023:0351-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0351-1
Rating: important
References: #1216363 #1216364 #1216365
Cross-References: CVE-2023-22098 CVE-2023-22099 CVE-2023-22100
CVSS scores:
CVE-2023-22098 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22098 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22099 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2023-22099 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22100 (NVD) : 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
CVE-2023-22100 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for virtualbox fixes the following issues:
- Version bump to VirtualBox 7.0.12 (released October 17 2023 by Oracle)
Fixes the following:
- CVE-2023-22098 (boo#1216363)
- CVE-2023-22099 (boo#1216364)
- CVE-2023-22100 (boo#1216365)
This is a maintenance release. The following items were fixed and/or added:
- VMM: Fixed using a debugger inside the guest under certain circumstances
(bugs #21413 and #21546)
- VMM: Fixed detection of VT-x being used by other hypervisors (bug #21867)
- VMM: Introduced additional improvements in Split Lock Detection feature
of recent Intel CPUs on Linux hosts (bug #20180)
- GUI: Fixed issue when the nested hardware virtualization setting was not
displayed in the VM details panel (bug #21707)
- GUI: Introduced NLS update for Croatian, Indonesian, Italian, Japanese,
Korean, Dutch and Turkish languages as well as added general
look-and-feel improvements
- Devices: Fixed black screen in Windows guests with multiple guest
screens when 3D is disabled (7.0.10 regression)
- Devices: Fixed PCI device identifiers for the VirtIO network interface
(bug #21516)
- Devices: Fixed VLAN support for the VirtIO network interface (bug #21778)
- Devices: Fixed loading saved states when a TPM is configured (7.0.10
regression, bug #21773)
- Networking: Fixed memory leaks in the VBoxIntNetSwitch process on macOS
(bug #21752)
- Networking: Fixed TCP connections with IP addresses ending on .2 when
the NAT network attachment is used (bug #21513)
- VRDP: Added general improvements
- VBoxManage: Added improvements for "list usbfilters" command
- Unattended: Added kick start file support for Oracle Linux 8 and Oracle
Linux 9.
- Main: Added more Linux OS subtypes
- Host Services: Fixed Guest Properties service crash under rare
circumstance
- Linux Host and Guest: Fixed few "field-spanning write" kernel warnings
(bugs #21410 and #21862)
- Linux Guest Additions: Added more fixes for RHEL 8.9 and 9.3 kernel
- Linux Guest Additions: Added more fixes for kernel 6.4
- Linux Guest Additions: Added initial support for OpenSUSE 15.5 kernel
- Linux Guest Additions: Added initial support for kernels 6.5 and 6.6
- Linux Guest Additions: Added version reporting for "rcvboxadd
status-kernel" and "rcvboxadd status-user" commands
- BIOS: Restored support for ISA SCSI HBAs in the BIOS (bug #21736)
- Convert to systemd-sysusers
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2023-351=1
Package List:
- openSUSE Leap 15.4 (x86_64):
python3-virtualbox-7.0.12-lp154.2.43.1
python3-virtualbox-debuginfo-7.0.12-lp154.2.43.1
virtualbox-7.0.12-lp154.2.43.1
virtualbox-debuginfo-7.0.12-lp154.2.43.1
virtualbox-debugsource-7.0.12-lp154.2.43.1
virtualbox-devel-7.0.12-lp154.2.43.1
virtualbox-guest-tools-7.0.12-lp154.2.43.1
virtualbox-guest-tools-debuginfo-7.0.12-lp154.2.43.1
virtualbox-kmp-debugsource-7.0.12-lp154.2.43.1
virtualbox-kmp-default-7.0.12_k5.14.21_150400.24.92-lp154.2.43.1
virtualbox-kmp-default-debuginfo-7.0.12_k5.14.21_150400.24.92-lp154.2.43.1
virtualbox-qt-7.0.12-lp154.2.43.1
virtualbox-qt-debuginfo-7.0.12-lp154.2.43.1
virtualbox-vnc-7.0.12-lp154.2.43.1
virtualbox-websrv-7.0.12-lp154.2.43.1
virtualbox-websrv-debuginfo-7.0.12-lp154.2.43.1
- openSUSE Leap 15.4 (noarch):
virtualbox-guest-desktop-icons-7.0.12-lp154.2.43.1
virtualbox-guest-source-7.0.12-lp154.2.43.1
virtualbox-host-source-7.0.12-lp154.2.43.1
References:
https://www.suse.com/security/cve/CVE-2023-22098.html
https://www.suse.com/security/cve/CVE-2023-22099.html
https://www.suse.com/security/cve/CVE-2023-22100.html
https://bugzilla.suse.com/1216363
https://bugzilla.suse.com/1216364
https://bugzilla.suse.com/1216365
1
0
openSUSE-SU-2023:0352-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0352-1
Rating: important
References: #1215463 #1216363 #1216364 #1216365
Cross-References: CVE-2023-22098 CVE-2023-22099 CVE-2023-22100
CVSS scores:
CVE-2023-22098 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22098 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22099 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2023-22099 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22100 (NVD) : 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
CVE-2023-22100 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.5
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for virtualbox fixes the following issues:
- Version bump to VirtualBox 7.0.12 (released October 17 2023 by Oracle)
Fixes the following:
- CVE-2023-22098 (boo#1216363)
- CVE-2023-22099 (boo#1216364)
- CVE-2023-22100 (boo#1216365)
This is a maintenance release. The following items were fixed and/or added:
- VMM: Fixed using a debugger inside the guest under certain circumstances
(bugs #21413 and #21546)
- VMM: Fixed detection of VT-x being used by other hypervisors (bug #21867)
- VMM: Introduced additional improvements in Split Lock Detection feature
of recent Intel CPUs on Linux hosts (bug #20180)
- GUI: Fixed issue when the nested hardware virtualization setting was not
displayed in the VM details panel (bug #21707)
- GUI: Introduced NLS update for Croatian, Indonesian, Italian, Japanese,
Korean, Dutch and Turkish languages as well as added general
look-and-feel improvements
- Devices: Fixed black screen in Windows guests with multiple guest
screens when 3D is disabled (7.0.10 regression)
- Devices: Fixed PCI device identifiers for the VirtIO network interface
(bug #21516)
- Devices: Fixed VLAN support for the VirtIO network interface (bug #21778)
- Devices: Fixed loading saved states when a TPM is configured (7.0.10
regression, bug #21773)
- Networking: Fixed memory leaks in the VBoxIntNetSwitch process on macOS
(bug #21752)
- Networking: Fixed TCP connections with IP addresses ending on .2 when
the NAT network attachment is used (bug #21513)
- VRDP: Added general improvements
- VBoxManage: Added improvements for "list usbfilters" command
- Unattended: Added kick start file support for Oracle Linux 8 and Oracle
Linux 9.
- Main: Added more Linux OS subtypes
- Host Services: Fixed Guest Properties service crash under rare
circumstance
- Linux Host and Guest: Fixed few "field-spanning write" kernel warnings
(bugs #21410 and #21862)
- Linux Guest Additions: Added more fixes for RHEL 8.9 and 9.3 kernel
- Linux Guest Additions: Added more fixes for kernel 6.4
- Linux Guest Additions: Added initial support for OpenSUSE 15.5 kernel
- Linux Guest Additions: Added initial support for kernels 6.5 and 6.6
- Linux Guest Additions: Added version reporting for "rcvboxadd
status-kernel" and "rcvboxadd status-user" commands
- BIOS: Restored support for ISA SCSI HBAs in the BIOS (bug #21736)
- Convert to systemd-sysusers
- Fix problems with 6.5 kernels and shared folders. (boo#1215463).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:
zypper in -t patch openSUSE-2023-352=1
Package List:
- openSUSE Leap 15.5 (noarch):
virtualbox-guest-desktop-icons-7.0.12-lp155.2.13.1
virtualbox-guest-source-7.0.12-lp155.2.13.1
virtualbox-host-source-7.0.12-lp155.2.13.1
- openSUSE Leap 15.5 (x86_64):
python3-virtualbox-7.0.12-lp155.2.13.1
python3-virtualbox-debuginfo-7.0.12-lp155.2.13.1
virtualbox-7.0.12-lp155.2.13.1
virtualbox-debuginfo-7.0.12-lp155.2.13.1
virtualbox-debugsource-7.0.12-lp155.2.13.1
virtualbox-devel-7.0.12-lp155.2.13.1
virtualbox-guest-tools-7.0.12-lp155.2.13.1
virtualbox-guest-tools-debuginfo-7.0.12-lp155.2.13.1
virtualbox-kmp-debugsource-7.0.12-lp155.2.13.1
virtualbox-kmp-default-7.0.12_k5.14.21_150500.55.31-lp155.2.13.1
virtualbox-kmp-default-debuginfo-7.0.12_k5.14.21_150500.55.31-lp155.2.13.1
virtualbox-qt-7.0.12-lp155.2.13.1
virtualbox-qt-debuginfo-7.0.12-lp155.2.13.1
virtualbox-vnc-7.0.12-lp155.2.13.1
virtualbox-websrv-7.0.12-lp155.2.13.1
virtualbox-websrv-debuginfo-7.0.12-lp155.2.13.1
References:
https://www.suse.com/security/cve/CVE-2023-22098.html
https://www.suse.com/security/cve/CVE-2023-22099.html
https://www.suse.com/security/cve/CVE-2023-22100.html
https://bugzilla.suse.com/1215463
https://bugzilla.suse.com/1216363
https://bugzilla.suse.com/1216364
https://bugzilla.suse.com/1216365
1
0
openSUSE-SU-2023:0354-1: important: Security update for opera
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0354-1
Rating: important
References:
Cross-References: CVE-2023-5472
CVSS scores:
CVE-2023-5472 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.5:NonFree
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opera fixes the following issues:
- Update to 104.0.4944.36
* CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118
* DNA-112757 [Tab close button] Close button is cutted when a lot tabs
are opened
- The update to chromium 118.0.5993.118 fixes following issues:
CVE-2023-5472
- Update to 104.0.4944.33
* CHR-9487 Update Chromium on desktop-stable-118-4944 to 118.0.5993.96
* DNA-111963 Show duplicate indicator when hovering tab in tab tooltip
- Changes in 104.0.4944.28
* DNA-112454 [Start Page] No context menu in Search bar using right
button of mouse
* DNA-112053 Context menu is too large on Mac
* DNA-111989 Favicons are displayed too close to titles in history menu
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:NonFree:
zypper in -t patch openSUSE-2023-354=1
Package List:
- openSUSE Leap 15.5:NonFree (x86_64):
opera-104.0.4944.36-lp155.3.18.1
References:
https://www.suse.com/security/cve/CVE-2023-5472.html
1
0
openSUSE-SU-2023:0353-1: important: Security update for opera
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0353-1
Rating: important
References:
Cross-References: CVE-2023-5472
CVSS scores:
CVE-2023-5472 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.4:NonFree
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opera fixes the following issues:
- Update to 104.0.4944.36
* CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118
* DNA-112757 [Tab close button] Close button is cutted when a lot tabs
are opened
- The update to chromium 118.0.5993.118 fixes following issues:
CVE-2023-5472
- Update to 104.0.4944.33
* CHR-9487 Update Chromium on desktop-stable-118-4944 to 118.0.5993.96
* DNA-111963 Show duplicate indicator when hovering tab in tab tooltip
- Changes in 104.0.4944.28
* DNA-112454 [Start Page] No context menu in Search bar using right
button of mouse
* DNA-112053 Context menu is too large on Mac
* DNA-111989 Favicons are displayed too close to titles in history menu
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:NonFree:
zypper in -t patch openSUSE-2023-353=1
Package List:
- openSUSE Leap 15.4:NonFree (x86_64):
opera-104.0.4944.36-lp154.2.59.1
References:
https://www.suse.com/security/cve/CVE-2023-5472.html
1
0
openSUSE-SU-2023:0350-1: moderate: Security update for rubygem-activesupport-5.2
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for rubygem-activesupport-5.2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0350-1
Rating: moderate
References: #1214807
Cross-References: CVE-2023-38037
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-activesupport-5.2 fixes the following issue:
- CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files
(bsc#1214807)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-350=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5.2-5.2.3-bp155.3.5.1
ruby2.5-rubygem-activesupport-doc-5.2-5.2.3-bp155.3.5.1
References:
https://www.suse.com/security/cve/CVE-2023-38037.html
https://bugzilla.suse.com/1214807
1
0
SUSE-RU-2023:4365-1: moderate: Recommended update for kubernetes1.25
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Recommended update for kubernetes1.25
Announcement ID: SUSE-RU-2023:4365-1
Rating: moderate
References:
* bsc#1214406
* jsc#PED-5839
Affected Products:
* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains one feature and has one fix can now be installed.
## Description:
This update for kubernetes1.25 fixes the following issues:
This update ships the kubernetes1.25-client package. (jsc#PED-5839)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4365=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4365=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4365=1 openSUSE-SLE-15.4-2023-4365=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4365=1
## Package List:
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-kubelet-common-1.25.14-150400.9.3.2
* kubernetes1.25-apiserver-1.25.14-150400.9.3.2
* kubernetes1.25-kubelet-1.25.14-150400.9.3.2
* kubernetes1.25-controller-manager-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
* kubernetes1.25-scheduler-1.25.14-150400.9.3.2
* kubernetes1.25-kubeadm-1.25.14-150400.9.3.2
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-proxy-1.25.14-150400.9.3.2
* openSUSE Leap 15.4 (noarch)
* kubernetes1.25-client-bash-completion-1.25.14-150400.9.3.2
* kubernetes1.25-client-fish-completion-1.25.14-150400.9.3.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1214406
* https://jira.suse.com/browse/PED-5839
1
0
SUSE-RU-2023:4366-1: moderate: Recommended update for kubernetes1.26
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Recommended update for kubernetes1.26
Announcement ID: SUSE-RU-2023:4366-1
Rating: moderate
References:
* bsc#1213829
* bsc#1214406
* jsc#PED-5839
Affected Products:
* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains one feature and has two fixes can now be installed.
## Description:
This update for kubernetes1.26 fixes the following issues:
This update ships the kubernetes1.26-client package. (jsc#PED-5839)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4366=1 openSUSE-SLE-15.4-2023-4366=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4366=1
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4366=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4366=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-kubelet-common-1.26.9-150400.9.3.2
* kubernetes1.26-proxy-1.26.9-150400.9.3.2
* kubernetes1.26-controller-manager-1.26.9-150400.9.3.2
* kubernetes1.26-kubelet-1.26.9-150400.9.3.2
* kubernetes1.26-scheduler-1.26.9-150400.9.3.2
* kubernetes1.26-apiserver-1.26.9-150400.9.3.2
* kubernetes1.26-kubeadm-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
* kubernetes1.26-client-1.26.9-150400.9.3.2
* openSUSE Leap 15.4 (noarch)
* kubernetes1.26-client-bash-completion-1.26.9-150400.9.3.2
* kubernetes1.26-client-fish-completion-1.26.9-150400.9.3.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1213829
* https://bugzilla.suse.com/show_bug.cgi?id=1214406
* https://jira.suse.com/browse/PED-5839
1
0
openSUSE-RU-2023:0349-1: Security update for rubygem-railties-5.2
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
openSUSE Recommended Update: Security update for rubygem-railties-5.2
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0349-1
Rating: low
References: #1214807
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-railties-5.2 fixes the following issue:
- CVE-2023-38037: Fixed File Disclosure of Locally Encrypted [bsc#1214807]
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-349=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
ruby2.5-rubygem-railties-5.2-5.2.3-bp155.3.3.1
ruby2.5-rubygem-railties-doc-5.2-5.2.3-bp155.3.3.1
References:
https://www.suse.com/security/cve/CVE-2023-38037.html
https://bugzilla.suse.com/1214807
1
0
openSUSE-RU-2023:0348-1: moderate: Recommended update for yast2-theme
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
openSUSE Recommended Update: Recommended update for yast2-theme
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0348-1
Rating: moderate
References:
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update of yast2-theme provides a rebuild of yast2 theme, no other
changes.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2023-348=1
Package List:
- openSUSE Leap 15.4 (noarch):
yast2-theme-4.4.4-lp154.2.10.1
yast2-theme-breeze-4.4.4-lp154.2.10.1
yast2-theme-oxygen-4.4.4-lp154.2.10.1
References:
1
0
SUSE-SU-2023:4360-1: important: Security update for gstreamer-plugins-bad
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2023:4360-1
Rating: important
References:
* bsc#1215793
Cross-References:
* CVE-2023-40474
CVSS scores:
* CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Desktop Applications Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues:
* CVE-2023-40474: Fixed a remote code execution issue due to improper parsing
of H265 encoded video files (bsc#1215793).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4360=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4360=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4360=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4360=1
## Package List:
* openSUSE Leap 15.4 (x86_64)
* libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstplay-1_0-0-32bit-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-32bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-32bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstva-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-32bit-1.20.1-150400.3.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1
* libgstplay-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-1.20.1-150400.3.6.1
* libgsttranscoder-1_0-0-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1
* gstreamer-transcoder-devel-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-transcoder-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-1.20.1-150400.3.6.1
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1
* gstreamer-transcoder-debuginfo-1.20.1-150400.3.6.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* gstreamer-plugins-bad-64bit-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-64bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstva-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgstplay-1_0-0-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-1.20.1-150400.3.6.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1
* Desktop Applications Module 15-SP4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-1.20.1-150400.3.6.1
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40474.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215793
1
0
SUSE-SU-2023:4361-1: important: Security update for gstreamer-plugins-bad
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2023:4361-1
Rating: important
References:
* bsc#1215793
Cross-References:
* CVE-2023-40474
CVSS scores:
* CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues:
* CVE-2023-40474: Fixed a remote code execution issue due to improper parsing
of H265 encoded video files (bsc#1215793).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4361=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4361=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4361=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4361=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4361=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4361=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-plugins-bad-doc-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* openSUSE Leap 15.3 (x86_64)
* libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-32bit-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-32bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-32bit-1.16.3-150300.9.9.1
* openSUSE Leap 15.3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-64bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-64bit-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Enterprise Storage 7.1 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40474.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215793
1
0
03 Nov '23
# Security update for poppler
Announcement ID: SUSE-SU-2023:4363-1
Rating: moderate
References:
* bsc#1213888
* bsc#1214726
Cross-References:
* CVE-2022-37052
* CVE-2023-34872
CVSS scores:
* CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-34872 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-34872 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for poppler fixes the following issues:
* CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted
file (bsc#1214726).
* CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc
(bsc#1213888).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4363=1 openSUSE-SLE-15.4-2023-4363=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4363=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4363=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4363=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler-devel-22.01.0-150400.3.16.1
* libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt6-3-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt6-devel-22.01.0-150400.3.16.1
* poppler-tools-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1
* poppler-qt6-debugsource-22.01.0-150400.3.16.1
* poppler-tools-22.01.0-150400.3.16.1
* libpoppler-cpp0-22.01.0-150400.3.16.1
* poppler-qt5-debugsource-22.01.0-150400.3.16.1
* libpoppler117-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt6-3-22.01.0-150400.3.16.1
* libpoppler-glib8-22.01.0-150400.3.16.1
* libpoppler-qt5-1-22.01.0-150400.3.16.1
* libpoppler-glib-devel-22.01.0-150400.3.16.1
* libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1
* libpoppler117-22.01.0-150400.3.16.1
* typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1
* libpoppler-qt5-devel-22.01.0-150400.3.16.1
* openSUSE Leap 15.4 (x86_64)
* libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1
* libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-32bit-22.01.0-150400.3.16.1
* libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-glib8-32bit-22.01.0-150400.3.16.1
* libpoppler117-32bit-22.01.0-150400.3.16.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpoppler-glib8-64bit-22.01.0-150400.3.16.1
* libpoppler117-64bit-22.01.0-150400.3.16.1
* libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt5-1-64bit-22.01.0-150400.3.16.1
* libpoppler-cpp0-64bit-22.01.0-150400.3.16.1
* libpoppler117-64bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.16.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler-devel-22.01.0-150400.3.16.1
* libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1
* poppler-tools-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1
* poppler-tools-22.01.0-150400.3.16.1
* libpoppler-cpp0-22.01.0-150400.3.16.1
* libpoppler117-debuginfo-22.01.0-150400.3.16.1
* libpoppler-glib8-22.01.0-150400.3.16.1
* libpoppler-glib-devel-22.01.0-150400.3.16.1
* libpoppler117-22.01.0-150400.3.16.1
* typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler-devel-22.01.0-150400.3.16.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-22.01.0-150400.3.16.1
* poppler-qt5-debugsource-22.01.0-150400.3.16.1
* libpoppler-qt5-1-22.01.0-150400.3.16.1
* libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt5-devel-22.01.0-150400.3.16.1
* SUSE Package Hub 15 15-SP4 (x86_64)
* libpoppler-glib8-32bit-22.01.0-150400.3.16.1
* libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler117-32bit-22.01.0-150400.3.16.1
* libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler117-22.01.0-150400.3.16.1
* libpoppler117-debuginfo-22.01.0-150400.3.16.1
## References:
* https://www.suse.com/security/cve/CVE-2022-37052.html
* https://www.suse.com/security/cve/CVE-2023-34872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213888
* https://bugzilla.suse.com/show_bug.cgi?id=1214726
1
0
SUSE-SU-2023:4357-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Security update for kubevirt, virt-api-container, virt-controller-container,
virt-handler-container, virt-launcher-container, virt-libguestfs-tools-
container, virt-operator-container
Announcement ID: SUSE-SU-2023:4357-1
Rating: important
References:
Affected Products:
* Containers Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that can now be installed.
## Description:
This update for kubevirt, virt-api-container, virt-controller-container, virt-
handler-container, virt-launcher-container, virt-libguestfs-tools-container,
virt-operator-container fixes the following issues:
kubevirt is rebuilt against the current GO security release.
* Set cache mode on hotplugged disks
* Delete VMI prior to NFS server pod in tests
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4357=1 openSUSE-SLE-15.4-2023-4357=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4357=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4357=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4357=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4357=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4357=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4357=1
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4357=1
## Package List:
* openSUSE Leap 15.4 (x86_64)
* kubevirt-virt-handler-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-tests-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-api-0.54.0-150400.3.23.1
* kubevirt-virt-controller-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-launcher-0.54.0-150400.3.23.1
* kubevirt-container-disk-0.54.0-150400.3.23.1
* kubevirt-virt-api-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-tests-0.54.0-150400.3.23.1
* kubevirt-virt-controller-0.54.0-150400.3.23.1
* kubevirt-virt-operator-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.23.1
* obs-service-kubevirt_containers_meta-0.54.0-150400.3.23.1
* kubevirt-virt-handler-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-operator-0.54.0-150400.3.23.1
* kubevirt-container-disk-debuginfo-0.54.0-150400.3.23.1
* openSUSE Leap Micro 5.3 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* openSUSE Leap Micro 5.4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* Containers Module 15-SP4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
1
0
SUSE-SU-2023:4351-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4351-1
Rating: important
References:
* bsc#1211307
* bsc#1212423
* bsc#1213772
* bsc#1215955
* bsc#1216062
* bsc#1216512
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-45862
* CVE-2023-46813
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4
An update that solves eight vulnerabilities can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed a local privilege escalation with user-space programs
that have access to MMIO regions (bsc#1212649).
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* Fix metadata references
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes).
* Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
* USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* USB: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio:Â Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* quota: Fix slow quotaoff (bsc#1216621).
* r8152: check budget for r8152_poll() (git-fixes).
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4351=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4351=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4351=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4351=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4351=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4351=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4351=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4351=1
* SUSE Real Time Module 15-SP4
zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-4351=1
## Package List:
* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* openSUSE Leap 15.4 (x86_64)
* kernel-rt_debug-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-5.14.21-150400.15.59.1
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* dlm-kmp-rt-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt-devel-5.14.21-150400.15.59.1
* kernel-syms-rt-5.14.21-150400.15.59.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.59.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.59.1
* kernel-source-rt-5.14.21-150400.15.59.1
* openSUSE Leap 15.4 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150400.15.59.1
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_59-rt-debuginfo-1-150400.1.3.1
* kernel-livepatch-SLE15-SP4-RT_Update_15-debugsource-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_59-rt-1-150400.1.3.1
* SUSE Real Time Module 15-SP4 (x86_64)
* kernel-rt_debug-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-5.14.21-150400.15.59.1
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* dlm-kmp-rt-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt-devel-5.14.21-150400.15.59.1
* kernel-syms-rt-5.14.21-150400.15.59.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.59.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Real Time Module 15-SP4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.59.1
* kernel-source-rt-5.14.21-150400.15.59.1
* SUSE Real Time Module 15-SP4 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150400.15.59.1
* kernel-rt-5.14.21-150400.15.59.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
1
0
openSUSE-RU-2023:0346-1: moderate: Recommended update for python-yamllint
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
openSUSE Recommended Update: Recommended update for python-yamllint
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0346-1
Rating: moderate
References: #1151703 #1216677
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for python-yamllint fixes the following issues:
- Add python-setuptools requirement needed for entrypoints (boo#1151703,
boo#1216677)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-346=1
Package List:
- openSUSE Backports SLE-15-SP4 (noarch):
python3-yamllint-1.22.1-bp154.2.3.1
References:
https://bugzilla.suse.com/1151703
https://bugzilla.suse.com/1216677
1
0
openSUSE-RU-2023:0347-1: moderate: Recommended update for python-yamllint
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
openSUSE Recommended Update: Recommended update for python-yamllint
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0347-1
Rating: moderate
References: #1151703 #1216677
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for python-yamllint fixes the following issues:
- Add python-setuptools requirement needed for entrypoints (boo#1151703,
boo#1216677)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-347=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
python3-yamllint-1.22.1-bp155.3.3.1
References:
https://bugzilla.suse.com/1151703
https://bugzilla.suse.com/1216677
1
0
openSUSE-SU-2023:0345-1: important: Security update for roundcubemail
by opensuse-security@opensuse.org 02 Nov '23
by opensuse-security@opensuse.org 02 Nov '23
02 Nov '23
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0345-1
Rating: important
References: #1216429
Cross-References: CVE-2023-5631
CVSS scores:
CVE-2023-5631 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2023-5631 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for roundcubemail fixes the following issues:
Update to version 1.6.4 (boo#1216429):
* CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG
in HTML messages
* Fix PHP8 warnings
* Fix default 'mime.types' path on Windows
* Managesieve: Fix javascript error when relational or spamtest extension
is not enabled
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-345=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
roundcubemail-1.6.4-bp155.2.6.1
References:
https://www.suse.com/security/cve/CVE-2023-5631.html
https://bugzilla.suse.com/1216429
1
0
SUSE-RU-2023:4342-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-
driver-G06-signed
Announcement ID: SUSE-RU-2023:4342-1
Rating: moderate
References:
* bsc#1211892
* jsc#PED-4964
* jsc#PED-7112
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains two features and has one fix can now be installed.
## Description:
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
* Update to version 535.113.01
* post install scripts:
* add/remove nosimplefb=1 kernel option in order to fix Linux console also on
sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support
* Add a devel package so other modules can be built against this one.
[jira#PED-4964]
* disabled build of nvidia-peermem module; it's no longer needed and never
worked anyway (it was only a stub) [boo#1211892]
* preamble: added conflict to nvidia-gfxG05-kmp to prevent users from
accidently installing conflicting proprietary kernelspace drivers from CUDA
repository
Changes in kernel-firmware-nvidia-gspx-G06:
* update firmware to version 535.113.01
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4342=1 openSUSE-SLE-15.4-2023-4342=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4342=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4342=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4342=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4342=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4342=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4342=1
## Package List:
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* openSUSE Leap 15.4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-azure-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-azure-devel-535.113.01-150400.9.24.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* openSUSE Leap 15.4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-64kb-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-64kb-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* Basesystem Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* Basesystem Module 15-SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-64kb-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-64kb-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* Basesystem Module 15-SP4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* Public Cloud Module 15-SP4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-azure-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-azure-devel-535.113.01-150400.9.24.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1211892
* https://jira.suse.com/browse/PED-4964
* https://jira.suse.com/browse/PED-7112
1
0
SUSE-RU-2023:4344-1: moderate: Recommended update for nodejs20
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Recommended update for nodejs20
Announcement ID: SUSE-RU-2023:4344-1
Rating: moderate
References:
* jsc#PED-4819
* jsc#PED-7088
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Web and Scripting Module 15-SP5
An update that contains two features can now be installed.
## Description:
This update for nodejs20 fixes the following issues:
This update provides nodejs 20 in version 20.8.1.
For overview of changes and details since 19.x and earlier see:
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20…
* Permission Model
Node.js now has an experimental feature called the Permission Model. It allows
developers to restrict access to specific resources during program execution,
such as file system operations, child process spawning, and worker thread
creation. The API exists behind a flag \--experimental-permission which when
enabled will restrict access to all available permissions. By using this
feature, developers can prevent their applications from accessing or modifying
sensitive data or running potentially harmful code. More information about the
Permission Model can be found in the Node.js documentation.
The Permission Model was a contribution by Rafael Gonzaga in #44004.
* Custom ESM loader hooks run on dedicated thread
ESM hooks supplied via loaders (--experimental-loader=foo.mjs) now run in a
dedicated thread, isolated from the main thread. This provides a separate scope
for loaders and ensures no cross-contamination between loaders and application
code.
* Synchronous import.meta.resolve()
In alignment with browser behavior, this function now returns synchronously.
Despite this, user loader resolve hooks can still be defined as async functions
(or as sync functions, if the author prefers). Even when there are async resolve
hooks loaded, import.meta.resolve will still return synchronously for
application code.
Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford,
Jacob Smith, and Michaël Zasso in #44710
* V8 11.3
The V8 engine is updated to version 11.3, which is part of Chromium 113. This
version includes three new features to the JavaScript API:
String.prototype.isWellFormed and toWellFormed Methods that change Array and
TypedArray by copy Resizable ArrayBuffer and growable SharedArrayBuffer RegExp v
flag with set notation + properties of strings WebAssembly Tail Call
The V8 update was a contribution by Michaël Zasso in #47251.
* Stable Test Runner
The recent update to Node.js, version 20, includes an important change to the
test_runner module. The module has been marked as stable after a recent update.
Previously, the test_runner module was experimental, but this change marks it as
a stable module that is ready for production use.
Contributed by Colin Ihrig in #46983
* Ada 2.0
Node.js v20 comes with the latest version of the URL parser, Ada. This update
brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions in
node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts
of the application can benefit from the improved performance. Additionally, Ada
2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname
parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in #47339
* Preparing single executable apps now requires injecting a Blob
Building a single executable app now requires injecting a blob prepared by
Node.js from a JSON config instead of injecting the raw JS file. This opens up
the possibility of embedding multiple co-existing resources into the SEA (Single
Executable Apps).
Contributed by Joyee Cheung in #47125
* Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their
WebIDL definitions like in other Web Crypto API implementations. This further
improves interoperability with other implementations of Web Crypto API.
This change was made by Filip Skokan in #46067.
* WASI version must now be specified
When new WASI() is called, the version option is now required and has no default
value. Any code that relied on the default for the version will need to be
updated to request a specific version.
This change was made by Michael Dawson in #47391.
* Deprecations and Removals
* (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich
Trott) #45526
url.parse() accepts URLs with ports that are not numbers. This behavior might
result in host name spoofing with unexpected input. These URLs will throw an
error in future versions of Node.js, as the WHATWG URL API does already.
Starting with Node.js 20, these URLS cause url.parse() to emit a warning.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4344=1 openSUSE-SLE-15.5-2023-4344=1
* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4344=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* nodejs20-20.8.1-150500.11.3.1
* nodejs20-debugsource-20.8.1-150500.11.3.1
* nodejs20-devel-20.8.1-150500.11.3.1
* npm20-20.8.1-150500.11.3.1
* nodejs20-debuginfo-20.8.1-150500.11.3.1
* corepack20-20.8.1-150500.11.3.1
* openSUSE Leap 15.5 (noarch)
* nodejs20-docs-20.8.1-150500.11.3.1
* Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* nodejs20-20.8.1-150500.11.3.1
* nodejs20-debugsource-20.8.1-150500.11.3.1
* nodejs20-devel-20.8.1-150500.11.3.1
* npm20-20.8.1-150500.11.3.1
* nodejs20-debuginfo-20.8.1-150500.11.3.1
* Web and Scripting Module 15-SP5 (noarch)
* nodejs20-docs-20.8.1-150500.11.3.1
## References:
* https://jira.suse.com/browse/PED-4819
* https://jira.suse.com/browse/PED-7088
1
0
SUSE-SU-2023:4345-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4345-1
Rating: important
References:
* bsc#1208788
* bsc#1210778
* bsc#1211307
* bsc#1212423
* bsc#1212649
* bsc#1213705
* bsc#1214842
* bsc#1215095
* bsc#1215104
* bsc#1215518
* bsc#1215745
* bsc#1215768
* bsc#1215860
* bsc#1215955
* bsc#1215986
* bsc#1216046
* bsc#1216051
* bsc#1216062
* bsc#1216345
* bsc#1216510
* bsc#1216511
* bsc#1216512
* bsc#1216621
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39193
* CVE-2023-45862
* CVE-2023-46813
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves nine vulnerabilities and has 14 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed an incorrect access checking in the VC handler and
instruction emulation of the SEV-ES emulation of MMIO accesses that could
lead to arbitrary write access to kernel memory. (bsc#1212649)
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* quota: Fix slow quotaoff (bsc#1216621).
* r8152: check budget for r8152_poll() (git-fixes).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4345=1 openSUSE-SLE-15.4-2023-4345=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4345=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-extra-5.14.21-150400.14.72.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.72.1
* kselftests-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-debuginfo-5.14.21-150400.14.72.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-devel-5.14.21-150400.14.72.1
* reiserfs-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.72.1
* dlm-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.72.1
* ocfs2-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-optional-5.14.21-150400.14.72.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-debugsource-5.14.21-150400.14.72.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* cluster-md-kmp-azure-5.14.21-150400.14.72.1
* kernel-syms-azure-5.14.21-150400.14.72.1
* gfs2-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.72.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.72.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.72.1
* kernel-source-azure-5.14.21-150400.14.72.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.72.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-syms-azure-5.14.21-150400.14.72.1
* kernel-azure-devel-5.14.21-150400.14.72.1
* kernel-azure-debugsource-5.14.21-150400.14.72.1
* kernel-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.72.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.72.1
* kernel-source-azure-5.14.21-150400.14.72.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1214842
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215104
* https://bugzilla.suse.com/show_bug.cgi?id=1215518
* https://bugzilla.suse.com/show_bug.cgi?id=1215745
* https://bugzilla.suse.com/show_bug.cgi?id=1215768
* https://bugzilla.suse.com/show_bug.cgi?id=1215860
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1215986
* https://bugzilla.suse.com/show_bug.cgi?id=1216046
* https://bugzilla.suse.com/show_bug.cgi?id=1216051
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216345
* https://bugzilla.suse.com/show_bug.cgi?id=1216510
* https://bugzilla.suse.com/show_bug.cgi?id=1216511
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
1
0
SUSE-SU-2023:4348-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4348-1
Rating: important
References:
* bsc#1210778
* bsc#1210853
* bsc#1212051
* bsc#1214842
* bsc#1215095
* bsc#1215467
* bsc#1215518
* bsc#1215745
* bsc#1215858
* bsc#1215860
* bsc#1215861
* bsc#1216046
* bsc#1216051
* bsc#1216134
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-3111
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39192
* CVE-2023-39193
* CVE-2023-39194
* CVE-2023-42754
* CVE-2023-45862
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves 11 vulnerabilities and has three security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate
in fs/btrfs/relocation.c (bsc#1212051).
* CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem
(bsc#1215861).
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
* CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that
could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4348=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4348=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4348=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4348=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4348=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4348=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4348=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4348=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4348=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-4348=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4348=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4348=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4348=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4348=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4348=1
## Package List:
* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-source-vanilla-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-docs-html-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-debug-5.3.18-150300.59.141.2
* kernel-kvmsmall-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-debug-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-debug-devel-5.3.18-150300.59.141.2
* kernel-debug-debuginfo-5.3.18-150300.59.141.2
* kernel-debug-livepatch-devel-5.3.18-150300.59.141.2
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.141.2
* kernel-kvmsmall-devel-5.3.18-150300.59.141.2
* kernel-debug-debugsource-5.3.18-150300.59.141.2
* kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.141.2
* kernel-kvmsmall-debugsource-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-5.3.18-150300.59.141.2
* kselftests-kmp-default-5.3.18-150300.59.141.2
* kernel-default-extra-debuginfo-5.3.18-150300.59.141.2
* dlm-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-extra-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-livepatch-5.3.18-150300.59.141.2
* kernel-obs-qa-5.3.18-150300.59.141.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-optional-debuginfo-5.3.18-150300.59.141.2
* gfs2-kmp-default-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* kernel-default-base-rebuild-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-optional-5.3.18-150300.59.141.2
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-livepatch-devel-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* dlm-kmp-default-5.3.18-150300.59.141.2
* ocfs2-kmp-default-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_38-debugsource-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_141-default-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-1-150300.7.3.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_141-preempt-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-1-150300.7.3.2
* openSUSE Leap 15.3 (aarch64 x86_64)
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-preempt-5.3.18-150300.59.141.2
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kselftests-kmp-preempt-5.3.18-150300.59.141.2
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-optional-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-livepatch-devel-5.3.18-150300.59.141.2
* dlm-kmp-preempt-5.3.18-150300.59.141.2
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-extra-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* gfs2-kmp-preempt-5.3.18-150300.59.141.2
* reiserfs-kmp-preempt-5.3.18-150300.59.141.2
* cluster-md-kmp-preempt-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.141.1
* openSUSE Leap 15.3 (aarch64)
* reiserfs-kmp-64kb-5.3.18-150300.59.141.2
* kselftests-kmp-64kb-5.3.18-150300.59.141.2
* gfs2-kmp-64kb-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.141.2
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-livepatch-devel-5.3.18-150300.59.141.2
* kernel-64kb-optional-5.3.18-150300.59.141.2
* dtb-al-5.3.18-150300.59.141.1
* dtb-exynos-5.3.18-150300.59.141.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* dtb-xilinx-5.3.18-150300.59.141.1
* ocfs2-kmp-64kb-5.3.18-150300.59.141.2
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.141.2
* dtb-cavium-5.3.18-150300.59.141.1
* dtb-apm-5.3.18-150300.59.141.1
* dtb-arm-5.3.18-150300.59.141.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* dtb-altera-5.3.18-150300.59.141.1
* dtb-rockchip-5.3.18-150300.59.141.1
* kernel-64kb-devel-5.3.18-150300.59.141.2
* dtb-broadcom-5.3.18-150300.59.141.1
* dtb-zte-5.3.18-150300.59.141.1
* dtb-amd-5.3.18-150300.59.141.1
* dlm-kmp-64kb-5.3.18-150300.59.141.2
* cluster-md-kmp-64kb-5.3.18-150300.59.141.2
* dtb-renesas-5.3.18-150300.59.141.1
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* dtb-marvell-5.3.18-150300.59.141.1
* dtb-amlogic-5.3.18-150300.59.141.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* dtb-freescale-5.3.18-150300.59.141.1
* dtb-hisilicon-5.3.18-150300.59.141.1
* dtb-socionext-5.3.18-150300.59.141.1
* dtb-sprd-5.3.18-150300.59.141.1
* dtb-qcom-5.3.18-150300.59.141.1
* dtb-allwinner-5.3.18-150300.59.141.1
* kernel-64kb-extra-5.3.18-150300.59.141.2
* dtb-nvidia-5.3.18-150300.59.141.1
* dtb-mediatek-5.3.18-150300.59.141.1
* dtb-lg-5.3.18-150300.59.141.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.3.18-150300.59.141.1
* openSUSE Leap 15.4 (aarch64)
* dtb-al-5.3.18-150300.59.141.1
* dtb-zte-5.3.18-150300.59.141.1
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-livepatch-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-livepatch-5_3_18-150300_59_141-default-1-150300.7.3.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.141.2
* gfs2-kmp-default-5.3.18-150300.59.141.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* cluster-md-kmp-default-5.3.18-150300.59.141.2
* dlm-kmp-default-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* ocfs2-kmp-default-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* dlm-kmp-default-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* SUSE Manager Proxy 4.2 (nosrc x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Manager Proxy 4.2 (x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Proxy 4.2 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* SUSE Manager Retail Branch Server 4.2 (nosrc x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Retail Branch Server 4.2 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* SUSE Manager Server 4.2 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-3111.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39192.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-39194.html
* https://www.suse.com/security/cve/CVE-2023-42754.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1212051
* https://bugzilla.suse.com/show_bug.cgi?id=1214842
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215467
* https://bugzilla.suse.com/show_bug.cgi?id=1215518
* https://bugzilla.suse.com/show_bug.cgi?id=1215745
* https://bugzilla.suse.com/show_bug.cgi?id=1215858
* https://bugzilla.suse.com/show_bug.cgi?id=1215860
* https://bugzilla.suse.com/show_bug.cgi?id=1215861
* https://bugzilla.suse.com/show_bug.cgi?id=1216046
* https://bugzilla.suse.com/show_bug.cgi?id=1216051
* https://bugzilla.suse.com/show_bug.cgi?id=1216134
1
0
SUSE-SU-2023:4343-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4343-1
Rating: important
References:
* bsc#1211162
* bsc#1211307
* bsc#1213772
* bsc#1214754
* bsc#1214874
* bsc#1215545
* bsc#1215921
* bsc#1215955
* bsc#1216062
* bsc#1216202
* bsc#1216322
* bsc#1216324
* bsc#1216333
* bsc#1216512
Cross-References:
* CVE-2023-2163
* CVE-2023-2860
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-39189
* CVE-2023-39191
* CVE-2023-39193
* CVE-2023-45862
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5
An update that solves nine vulnerabilities and has five security fixes can now
be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-
supplied eBPF programs that may have allowed an attacker with CAP_BPF
privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
* CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing
of seg6 attributes. This flaw allowed a privileged local user to disclose
sensitive information. (bsc#1211592)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
* ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
* ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
* ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
* ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* Fix metadata references
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* NFS: Fix O_DIRECT locking issues (bsc#1211162).
* NFS: Fix a few more clear_bit() instances that need release semantics
(bsc#1211162).
* NFS: Fix a potential data corruption (bsc#1211162).
* NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
* NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
* NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
* NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
* NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
* NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
(git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes).
* Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
* USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* USB: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* bonding: Fix extraction of ports from the packet headers (bsc#1214754).
* bonding: Return pointer to data after pull on skb (bsc#1214754).
* bonding: do not assume skb mac_header is set (bsc#1214754).
* bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
* bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
* bpf: Add override check to kprobe multi link attach (git-fixes).
* bpf: Add zero_map_value to zero map value with special fields (git-fixes).
* bpf: Cleanup check_refcount_ok (git-fixes).
* bpf: Fix max stack depth check for async callbacks (git-fixes).
* bpf: Fix offset calculation error in __copy_map_value and zero_map_value
(git-fixes).
* bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
* bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
* bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
* bpf: Gate dynptr API behind CAP_BPF (git-fixes).
* bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
* bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
* bpf: Tighten ptr_to_btf_id checks (git-fixes).
* bpf: fix precision propagation verbose logging (git-fixes).
* bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
* bpf: propagate precision across all frames, not just the last one (git-
fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* btf: Export bpf_dynptr definition (git-fixes).
* btrfs: do not start transaction for scrub if the fs is mounted read-only
(bsc#1214874).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
* ceph: add encryption support to writepage and writepages (jsc#SES-1880).
* ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
* ceph: add helpers for converting names for userland presentation
(jsc#SES-1880).
* ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
* ceph: add new mount option to enable sparse reads (jsc#SES-1880).
* ceph: add object version support for sync read (jsc#SES-1880).
* ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
* ceph: add some fscrypt guardrails (jsc#SES-1880).
* ceph: add support for encrypted snapshot names (jsc#SES-1880).
* ceph: add support to readdir for encrypted names (jsc#SES-1880).
* ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
* ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
* ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
* ceph: create symlinks with encrypted and base64-encoded targets
(jsc#SES-1880).
* ceph: decode alternate_name in lease info (jsc#SES-1880).
* ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
* ceph: drop messages from MDS when unmounting (jsc#SES-1880).
* ceph: encode encrypted name in ceph_mdsc_build_path and dentry release
(jsc#SES-1880).
* ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1216322).
* ceph: fix type promotion bug on 32bit systems (bsc#1216324).
* ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
* ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
* ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
* ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
* ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
* ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
* ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
* ceph: make d_revalidate call fscrypt revalidator for encrypted dentries
(jsc#SES-1880).
* ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
* ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
* ceph: mark directory as non-complete after loading key (jsc#SES-1880).
* ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
* ceph: plumb in decryption during reads (jsc#SES-1880).
* ceph: preallocate inode for ops that may create one (jsc#SES-1880).
* ceph: prevent snapshot creation in encrypted locked directories
(jsc#SES-1880).
* ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
* ceph: send alternate_name in MClientRequest (jsc#SES-1880).
* ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open()
(jsc#SES-1880).
* ceph: size handling in MClientRequest, cap updates and inode traces
(jsc#SES-1880).
* ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper
(jsc#SES-1880).
* ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
* ceph: voluntarily drop Xx caps for requests those touch parent mtime
(jsc#SES-1880).
* ceph: wait for OSD requests' callbacks to finish when unmounting
(jsc#SES-1880).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
* drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
* drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-
fixes).
* drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
* drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
* drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
* drm/atomic-helper: relax unregistered connector check (git-fixes).
* drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-
fixes).
* drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* fprobe: Ensure running fprobe_exit_handler() finished before calling
rethook_free() (git-fixes).
* fscrypt: new helper function - fscrypt_prepare_lookup_partial()
(jsc#SES-1880).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio:Â Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* intel x86 platform vsec kABI workaround (bsc#1216202).
* io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
* io_uring/rw: defer fsnotify calls to task context (git-fixes).
* io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
* io_uring/rw: remove leftover debug statement (git-fixes).
* io_uring: Replace 0-length array with flexible array (git-fixes).
* io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
* io_uring: fix fdinfo sqe offsets calculation (git-fixes).
* io_uring: fix memory leak when removing provided buffers (git-fixes).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
* kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
* libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type
(jsc#SES-1880).
* libceph: add sparse read support to OSD client (jsc#SES-1880).
* libceph: add sparse read support to msgr1 (jsc#SES-1880).
* libceph: add spinlock around osd->o_requests (jsc#SES-1880).
* libceph: allow ceph_osdc_new_request to accept a multi-op read
(jsc#SES-1880).
* libceph: define struct ceph_sparse_extent and add some helpers
(jsc#SES-1880).
* libceph: new sparse_read op, support sparse reads on msgr2 crc codepath
(jsc#SES-1880).
* libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
* libceph: use kernel_connect() (bsc#1216323).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net: use sk_is_tcp() in more places (git-fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nfs: only issue commit in DIO codepath if we have uncommitted data
(bsc#1211162).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
* platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
* platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
* platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
* platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* r8152: check budget for r8152_poll() (git-fixes).
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* remove unnecessary WARN_ON_ONCE() (bsc#1214823).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
* scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
* scsi: iscsi: Add length check for nlattr payload (git-fixes).
* scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
* scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
* scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
* scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-
fixes).
* scsi: pm8001: Setup IRQs on resume (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in
qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
* scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
* scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
* selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-
fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-
fixes).
* selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
* selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: hub: Guard against accesses to uninitialized BOS descriptors (git-
fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/mm: Print the encryption features correctly when a paravisor is present
(bsc#1206453).
* x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
* xhci: Keep interrupt disabled in initialization until host is running (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4343=1
* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4343=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4343=1 openSUSE-SLE-15.5-2023-4343=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4343=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_13_24-rt-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-1-150500.11.3.1
* SUSE Real Time Module 15-SP5 (x86_64)
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-5.14.21-150500.13.24.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.24.1
* ocfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.24.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-vdso-5.14.21-150500.13.24.1
* gfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-syms-rt-5.14.21-150500.13.24.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-devel-5.14.21-150500.13.24.1
* dlm-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-debugsource-5.14.21-150500.13.24.1
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-source-rt-5.14.21-150500.13.24.1
* kernel-devel-rt-5.14.21-150500.13.24.1
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.24.1
* kernel-rt-5.14.21-150500.13.24.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.24.1
* kernel-devel-rt-5.14.21-150500.13.24.1
* openSUSE Leap 15.5 (x86_64)
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-livepatch-5_14_21-150500_13_24-rt-1-150500.11.3.1
* kselftests-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.24.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* reiserfs-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.24.1
* ocfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-livepatch-5.14.21-150500.13.24.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-1-150500.11.3.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.24.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-5.14.21-150500.13.24.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* gfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-optional-5.14.21-150500.13.24.1
* kernel-syms-rt-5.14.21-150500.13.24.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-extra-5.14.21-150500.13.24.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.24.1
* kernel-rt-devel-5.14.21-150500.13.24.1
* dlm-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-5.14.21-150500.13.24.1
* kernel-rt-vdso-5.14.21-150500.13.24.1
* kernel-rt-debugsource-5.14.21-150500.13.24.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.24.1
* kernel-rt-5.14.21-150500.13.24.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.24.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debugsource-5.14.21-150500.13.24.1
* kernel-rt-debuginfo-5.14.21-150500.13.24.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-2860.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39191.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211162
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1214754
* https://bugzilla.suse.com/show_bug.cgi?id=1214874
* https://bugzilla.suse.com/show_bug.cgi?id=1215545
* https://bugzilla.suse.com/show_bug.cgi?id=1215921
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216202
* https://bugzilla.suse.com/show_bug.cgi?id=1216322
* https://bugzilla.suse.com/show_bug.cgi?id=1216324
* https://bugzilla.suse.com/show_bug.cgi?id=1216333
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
1
0
SUSE-SU-2023:4347-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4347-1
Rating: important
References:
* bsc#1208995
* bsc#1210169
* bsc#1210778
* bsc#1212703
* bsc#1214233
* bsc#1214380
* bsc#1214386
* bsc#1215115
* bsc#1215117
* bsc#1215221
* bsc#1215275
* bsc#1215299
* bsc#1215467
* bsc#1215745
* bsc#1215858
* bsc#1215860
* bsc#1215861
* bsc#1216046
* bsc#1216051
Cross-References:
* CVE-2020-36766
* CVE-2023-1192
* CVE-2023-1206
* CVE-2023-1859
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-39189
* CVE-2023-39192
* CVE-2023-39193
* CVE-2023-39194
* CVE-2023-40283
* CVE-2023-42754
* CVE-2023-45862
* CVE-2023-4622
* CVE-2023-4623
* CVE-2023-4881
* CVE-2023-4921
CVSS scores:
* CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Linux Enterprise High Availability Extension 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Live Patching 15-SP1
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Manager Proxy 4.0
* SUSE Manager Retail Branch Server 4.0
* SUSE Manager Server 4.0
An update that solves 17 vulnerabilities and has two security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem
(bsc#1215861).
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
* CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that
could lead to denial of service (bsc#1215467).
* CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
table which could be exploited by network adjacent attackers, increasing CPU
usage by 95% (bsc#1212703).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalation
(bsc#1215275).
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215117).
* CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
which could be exploited to achieve local privilege escalation
(bsc#1215115).
* CVE-2020-36766: Fixed a potential information leak in in the CEC driver
(bsc#1215299).
* CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
could be exploited to crash the system (bsc#1210169).
* CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221).
* CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
* CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
(bsc#1208995).
The following non-security bugs were fixed:
* check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC
(bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
* mkspec: Allow unsupported KMPs (bsc#1214386)
* old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from
them is no longer suported.
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4347=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4347=1
* SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4347=1
* SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4347=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4347=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4347=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4347=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (nosrc)
* kernel-debug-4.12.14-150100.197.160.1
* kernel-zfcpdump-4.12.14-150100.197.160.1
* kernel-kvmsmall-4.12.14-150100.197.160.1
* kernel-default-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-base-4.12.14-150100.197.160.1
* kernel-debug-base-debuginfo-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-vanilla-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-base-4.12.14-150100.197.160.1
* kernel-vanilla-devel-4.12.14-150100.197.160.1
* kernel-vanilla-livepatch-devel-4.12.14-150100.197.160.1
* kernel-vanilla-base-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-debugsource-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (x86_64)
* kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.160.1
* kernel-kvmsmall-base-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-vanilla-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (s390x)
* kernel-default-man-4.12.14-150100.197.160.1
* kernel-zfcpdump-man-4.12.14-150100.197.160.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-vanilla-4.12.14-150100.197.160.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-vanilla-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-devel-4.12.14-150100.197.160.1
* kernel-vanilla-livepatch-devel-4.12.14-150100.197.160.1
* kernel-vanilla-base-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-base-4.12.14-150100.197.160.1
* kernel-vanilla-debugsource-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
* kernel-livepatch-4_12_14-150100_197_160-default-1-150100.3.3.1
* kernel-default-livepatch-devel-4.12.14-150100.197.160.1
* kernel-default-livepatch-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-4.12.14-150100.197.160.1
* dlm-kmp-default-debuginfo-4.12.14-150100.197.160.1
* cluster-md-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* cluster-md-kmp-default-4.12.14-150100.197.160.1
* gfs2-kmp-default-4.12.14-150100.197.160.1
* ocfs2-kmp-default-4.12.14-150100.197.160.1
* gfs2-kmp-default-debuginfo-4.12.14-150100.197.160.1
* dlm-kmp-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
nosrc x86_64)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch
nosrc)
* kernel-docs-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* reiserfs-kmp-default-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
* kernel-zfcpdump-debuginfo-4.12.14-150100.197.160.1
* kernel-default-man-4.12.14-150100.197.160.1
* kernel-zfcpdump-debugsource-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
* kernel-zfcpdump-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le
x86_64)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* reiserfs-kmp-default-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (nosrc x86_64)
* kernel-default-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* reiserfs-kmp-default-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.160.1
## References:
* https://www.suse.com/security/cve/CVE-2020-36766.html
* https://www.suse.com/security/cve/CVE-2023-1192.html
* https://www.suse.com/security/cve/CVE-2023-1206.html
* https://www.suse.com/security/cve/CVE-2023-1859.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39192.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-39194.html
* https://www.suse.com/security/cve/CVE-2023-40283.html
* https://www.suse.com/security/cve/CVE-2023-42754.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-4623.html
* https://www.suse.com/security/cve/CVE-2023-4881.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208995
* https://bugzilla.suse.com/show_bug.cgi?id=1210169
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1212703
* https://bugzilla.suse.com/show_bug.cgi?id=1214233
* https://bugzilla.suse.com/show_bug.cgi?id=1214380
* https://bugzilla.suse.com/show_bug.cgi?id=1214386
* https://bugzilla.suse.com/show_bug.cgi?id=1215115
* https://bugzilla.suse.com/show_bug.cgi?id=1215117
* https://bugzilla.suse.com/show_bug.cgi?id=1215221
* https://bugzilla.suse.com/show_bug.cgi?id=1215275
* https://bugzilla.suse.com/show_bug.cgi?id=1215299
* https://bugzilla.suse.com/show_bug.cgi?id=1215467
* https://bugzilla.suse.com/show_bug.cgi?id=1215745
* https://bugzilla.suse.com/show_bug.cgi?id=1215858
* https://bugzilla.suse.com/show_bug.cgi?id=1215860
* https://bugzilla.suse.com/show_bug.cgi?id=1215861
* https://bugzilla.suse.com/show_bug.cgi?id=1216046
* https://bugzilla.suse.com/show_bug.cgi?id=1216051
1
0