openSUSE Updates
Threads by month
- ----- 2024 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
November 2023
- 2 participants
- 210 discussions
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
10 Nov '23
# Security update for clamav
Announcement ID: SUSE-SU-2023:4415-1
Rating: important
References:
* bsc#1216625
Cross-References:
* CVE-2023-40477
CVSS scores:
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for clamav fixes the following issues:
* Updated to version 0.103.11:
* CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12
(bsc#1216625).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4415=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4415=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4415=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4415=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4415=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4415=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4415=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4415=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4415=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4415=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4415=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4415=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4415=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4415=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4415=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-4415=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4415=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4415=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Manager Proxy 4.2 (x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE CaaS Platform 4.0 (x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216625
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0362-1: moderate: Recommended update for perl-Mojo-IOLoop-ReadWriteProcess
by maintenance@opensuse.org 10 Nov '23
by maintenance@opensuse.org 10 Nov '23
10 Nov '23
openSUSE Recommended Update: Recommended update for perl-Mojo-IOLoop-ReadWriteProcess
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0362-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for perl-Mojo-IOLoop-ReadWriteProcess fixes the following
issues:
Updated to 0.34:
see /usr/share/doc/packages/perl-Mojo-IOLoop-ReadWriteProcess/Changes
+ 0.34 2023-09-18T15:47:18Z
- Adapt to deprecation of spurt in upstream Mojolicious
- Make git work in github workflow
- Turn warnings "Sleeping inside locked section" into notes
- Avoid warnings about using undefined value as file handle
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-362=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-362=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
perl-Mojo-IOLoop-ReadWriteProcess-0.340.0-bp155.2.6.1
- openSUSE Backports SLE-15-SP4 (noarch):
perl-Mojo-IOLoop-ReadWriteProcess-0.340.0-bp154.2.9.1
References:
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0361-1: moderate: Security update for tor
by opensuse-security@opensuse.org 10 Nov '23
by opensuse-security@opensuse.org 10 Nov '23
10 Nov '23
openSUSE Security Update: Security update for tor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0361-1
Rating: moderate
References: #1216873
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for tor fixes the following issues:
- tor 0.4.8.8:
* Mitigate an issue when Tor compiled with OpenSSL can crash during
handshake with a remote relay. (TROVE-2023-004, boo#1216873)
* Regenerate fallback directories generated on November 03, 2023.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/03
* directory authority: Look at the network parameter "maxunmeasuredbw"
with the correct spelling
* vanguards addon support: Count the conflux linked cell as valid when
it is successfully processed. This will quiet a spurious warn in the
vanguards addon
- tor 0.4.8.7:
* Fix an issue that prevented us from pre-building more conflux sets
after existing sets had been used
- tor 0.4.8.6:
* onion service: Fix a reliability issue where services were expiring
their introduction points every consensus update. This caused
connectivity issues for clients caching the old descriptor and intro
points
* Log the input and output buffer sizes when we detect a potential
compression bomb
* Disable multiple BUG warnings of a missing relay identity key when
starting an instance of Tor compiled without relay support
* When reporting a pseudo-networkstatus as a bridge authority, or
answering "ns/purpose/*" controller requests, include accurate
published-on dates from our list of router descriptors
* Use less frightening language and lower the log-level of our run-time
ABI compatibility check message in our Zstd compression subsystem
- tor 0.4.8.5:
* bugfixes creating log BUG stacktrace
- tor 0.4.8.4:
* Extend DoS protection to partially opened channels and known relays
* Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks against
hidden services. Disabled by default, enable via "HiddenServicePoW" in
torrc
* Implement conflux traffic splitting
* Directory authorities and relays now interact properly with directory
authorities if they change addresses
- tor 0.4.7.14:
* bugfix affecting vanguards (onion service), and minor fixes
- Enable support for scrypt()
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-361=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-361=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
tor-0.4.8.8-bp155.2.3.1
tor-debuginfo-0.4.8.8-bp155.2.3.1
tor-debugsource-0.4.8.8-bp155.2.3.1
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
tor-0.4.8.8-bp154.2.15.1
References:
https://bugzilla.suse.com/1216873
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0360-1: moderate: Security update for go1.21
by opensuse-security@opensuse.org 09 Nov '23
by opensuse-security@opensuse.org 09 Nov '23
09 Nov '23
openSUSE Security Update: Security update for go1.21
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0360-1
Rating: moderate
References: #1212475 #1212667 #1212669 #1215084 #1215085
#1215086 #1215087 #1215090 #1215985 #1216109
Cross-References: CVE-2023-39318 CVE-2023-39319 CVE-2023-39320
CVE-2023-39321 CVE-2023-39322 CVE-2023-39323
CVE-2023-39325 CVE-2023-44487
CVSS scores:
CVE-2023-39318 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2023-39318 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2023-39319 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2023-39319 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2023-39320 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-39320 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2023-39321 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39321 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39322 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39322 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39323 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-39323 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-39325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39325 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-44487 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-44487 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that solves 8 vulnerabilities and has two fixes
is now available.
Description:
This update introduces go1.21, including fixes for the following issues:
- go1.21.3 (released 2023-10-10) includes a security fix to the net/http
package. Refs boo#1212475 go1.21 release tracking CVE-2023-39325
CVE-2023-44487
* go#63427 go#63417 boo#1216109 security: fix CVE-2023-39325
CVE-2023-44487 net/http: rapid stream resets can cause excessive work
- go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the compiler, the go command, the
linker, the runtime, and the runtime/metrics package. Refs boo#1212475
go1.21 release tracking CVE-2023-39323
* go#63214 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go:
line directives allows arbitrary execution during build
* go#62464 runtime: "traceback did not unwind completely"
* go#62478 runtime/metrics: /gc/scan* metrics return zero
* go#62505 plugin: variable not initialized properly
* go#62506 cmd/compile: internal compiler error: InvertFlags should
never make it to codegen v100 = InvertFlags v123
* go#62509 runtime: scheduler change causes Delve's function call
injection to fail intermittently
* go#62537 runtime: "fatal: morestack on g0" with PGO enabled on arm64
* go#62598 cmd/link: issues with Apple's new linker in Xcode 15 beta
* go#62668 cmd/compile: slow to compile 17,000 line switch statement?
* go#62711 cmd/go: TestScript/gotoolchain_path fails if
golang.org/dl/go1.21.1 is installed in the user's $PATH
- go1.21.1 (released 2023-09-06) includes four security fixes to the
cmd/go, crypto/tls, and html/template packages, as well as bug fixes to
the compiler, the go command, the linker, the runtime, and the context,
crypto/tls, encoding/gob, encoding/xml, go/types, net/http, os, and
path/filepath packages. Refs boo#1212475 go1.21 release tracking
CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321
CVE-2023-39322
* go#62290 go#62266 boo#1215087 security: fix CVE-2023-39321
CVE-2023-39322 crypto/tls: panic when processing partial
post-handshake message in QUICConn.HandleData
* go#62394 go#62198 boo#1215086 security: fix CVE-2023-39320 cmd/go:
go.mod toolchain directive allows arbitrary execution
* go#62396 go#62196 boo#1215084 security: fix CVE-2023-39318
html/template: improper handling of HTML-like comments within script
contexts
* go#62398 go#62197 boo#1215085 security: fix CVE-2023-39319
html/template: improper handling of special tags within script contexts
* go#61743 go/types: interface.Complete panics for interfaces with
duplicate methods
* go#61781 cmd/compile: internal compiler error: 'f': value .autotmp_1
(nil) incorrectly live at entry
* go#61818 cmd/go: panic: runtime error: index out of range [-1] in
collectDepsErrors
* go#61821 runtime/internal/wasitest: TestTCPEcho is racy
* go#61868 path/filepath: Clean on some invalid Windows paths can lose
.. components
* go#61904 net/http: go 1.20.6 host validation breaks setting Host to a
unix socket address
* go#61905 cmd/go: go get/mod tidy panics with internal error: net token
acquired but not released
* go#61909 cmd/compile: internal compiler error: missed typecheck
* go#61910 os: ReadDir fails on file systems without File ID support on
Windows
* go#61927 cmd/distpack: release archives don't include directory members
* go#61930 spec, go/types, types2: restore Go 1.20 unification when
compiling for Go 1.20
* go#61932 go/types, types2: index out of range panic in
Checker.arguments
* go#61958 cmd/compile: write barrier code is sometimes preemptible when
compiled with -N
* go#61959 go/types, types2: panic: infinite recursion in unification
with go1.21.0
* go#61964 os: ReadDir(\\.\pipe\) fails with go1.21 on Windows
* go#61967 crypto/tls: add GODEBUG to control max RSA key size
* go#61987 runtime: simple programs crash on linux/386 with go1.21 when
build with -gcflags='all=-N -l'
* go#62019 runtime: execution halts with goroutines stuck in
runtime.gopark (protocol error E08 during memory read for packet)
* go#62046 runtime/trace: segfault in runtime.fpTracebackPCs during
deferred call after recovering from panic
* go#62051 encoding/xml: incompatible changes in the Go 1.21.0
* go#62057 cmd/compile: internal compiler error: 'F': func F,
startMem[b1] has different values
* go#62071 cmd/api: make non-importable
* go#62140 cmd/link: slice bounds out of range
* go#62143 hash/crc32: panic on arm64 with go1.21.0 when indexing slice
* go#62144 cmd/go: locating GOROOT fails when the go command is run from
the cross-compiled bin subdirectory
* go#62154 encoding/gob: panic decoding into local type, received remote
type
* go#62189 context: misuse of sync.Cond in ExampleAfterFunc_cond
* go#62204 maps: segfault in Clone
* go#62205 cmd/compile: backward incompatible change in Go 1.21 type
inference with channels
* go#62222 cmd/go: 'go test -o' may fail with ETXTBSY when running the
compiled test
* go#62328 net/http: http client regression building with js/wasm and
running on Chrome: net::ERR_H2_OR_QUIC_REQUIRED
* go#62329 runtime: MADV_HUGEPAGE causes stalls when allocating memory
- go1.21 (released 2023-08-08) is a major release of Go. go1.21.x minor
releases will be provided through August 2024.
https://github.com/golang/go/wiki/Go-Release-Cycle go1.21 arrives six
months after go1.20. Most of its changes are in the implementation of
the toolchain, runtime, and libraries. As always, the release maintains
the Go 1 promise of compatibility. We expect almost all Go programs to
continue to compile and run as before. Refs boo#1212475 go1.21 release
tracking
* Go 1.21 introduces a small change to the numbering of releases. In the
past, we used Go 1.N to refer to both the
overall Go language version and release family as well as the first
release in that family. Starting in Go 1.21, the first release is now
Go 1.N.0. Today we are releasing both the Go 1.21 language and its
initial implementation, the Go 1.21.0 release. These notes refer to
"Go 1.21"; tools like go version will report "go1.21.0" (until you
upgrade to Go 1.21.1). See "Go versions" in the "Go Toolchains"
documentation for details about the new version numbering.
* Language change: Go 1.21 adds three new built-ins to the language.
* Language change: The new functions min and max compute the smallest
(or largest, for max) value of a fixed number of given arguments. See
the language spec for details.
* Language change: The new function clear deletes all elements from a
map or zeroes all elements of a slice. See the language spec for
details.
* Package initialization order is now specified more precisely. This may
change the behavior of some programs that rely on a specific
initialization ordering that was not expressed by explicit imports.
The behavior of such programs was not well defined by the spec in past
releases. The new rule provides an unambiguous definition.
* Multiple improvements that increase the power and precision of type
inference have been made.
* A (possibly partially instantiated generic) function may now be called
with arguments that are themselves (possibly partially instantiated)
generic functions.
* Type inference now also considers methods when a value is assigned to
an interface: type arguments for type parameters used in method
signatures may be inferred from the corresponding parameter types of
matching methods.
* Similarly, since a type argument must implement all the methods
of its corresponding constraint, the methods of the type argument and
constraint are matched which may lead to the inference of additional
type arguments.
* If multiple untyped constant arguments of different kinds (such as an
untyped int and an untyped floating-point constant) are passed to
parameters with the same (not otherwise specified) type parameter
type, instead of an error, now type inference determines the type
using the same approach as an operator with untyped constant operands.
This change brings the types inferred from untyped constant arguments
in line with the types
of constant expressions.
* Type inference is now precise when matching corresponding types in
assignments
* The description of type inference in the language spec has been
clarified.
* Go 1.21 includes a preview of a language change we are considering for
a future version of Go: making for loop variables per-iteration
instead of per-loop, to avoid accidental sharing bugs. For details
about how to try that language change, see the LoopvarExperiment wiki
page.
* Go 1.21 now defines that if a goroutine is panicking and recover was
called directly by a deferred function, the return value of recover is
guaranteed not to be nil. To ensure this, calling panic with a nil
interface value (or an untyped nil) causes a run-time panic of type
*runtime.PanicNilError. To support programs written for older versions
of Go, nil panics can be re-enabled by setting GODEBUG=panicnil=1.
This setting is enabled automatically when compiling a program whose
main package is in a module with that declares go 1.20 or earlier.
* Go 1.21 adds improved support for backwards compatibility and forwards
compatibility in the Go toolchain.
* To improve backwards compatibility, Go 1.21 formalizes Go's use
of the GODEBUG environment variable to control the default behavior
for changes that are non-breaking according to the compatibility
policy but nonetheless may cause existing programs to break. (For
example, programs that depend on buggy behavior may break when a bug
is fixed, but bug fixes are not considered breaking changes.) When Go
must make this kind of behavior change, it now chooses between the
old and new behavior based on the go line in the workspace's go.work
file
or else the main module's go.mod file. Upgrading to a new Go toolchain
but leaving the go line set to its original (older) Go version
preserves the behavior of the older toolchain. With this
compatibility support, the latest Go toolchain should always be the
best, most secure, implementation of an older version of Go. See "Go,
Backwards Compatibility, and GODEBUG" for details.
* To improve forwards compatibility, Go 1.21 now reads the go line in a
go.work or go.mod file as a strict minimum requirement: go 1.21.0
means that the workspace or module cannot be used with Go 1.20 or with
Go 1.21rc1. This allows projects that depend on fixes made in later
versions of Go to ensure that they are not used with earlier versions.
It also gives better error reporting for projects that make use of new
Go features: when the problem is that a newer Go version is needed,
that problem is reported clearly, instead of attempting to build the
code and instead printing errors about unresolved imports or syntax
errors.
* To make these new stricter version requirements easier to manage, the
go command can now invoke not just the toolchain bundled in its own
release but also other Go toolchain versions found in the PATH or
downloaded on demand. If a go.mod or go.work go line declares a
minimum requirement on a newer version of Go, the go command will find
and run that version automatically. The new toolchain directive sets a
suggested minimum toolchain to use, which may be newer than the strict
go minimum. See "Go Toolchains" for details.
* go command: The -pgo build flag now defaults to -pgo=auto, and the
restriction of specifying a single main package on the command line is
now removed. If a file named default.pgo is present in the main
package's directory, the go command will use it to enable
profile-guided optimization for building the corresponding program.
* go command: The -C dir flag must now be the first flag on the
command-line when used.
* go command: The new go test option -fullpath prints full path names in
test log messages, rather than just base names.
* go command: The go test -c flag now supports writing test binaries for
multiple packages, each to pkg.test where pkg is the package name. It
is an error if more than one test package being compiled has a given
package name.]
* go command: The go test -o flag now accepts a directory argument, in
which case test binaries are written to that directory instead of the
current directory.
* cgo: In files that import "C", the Go toolchain now correctly reports
errors for attempts to declare Go methods on C types.
* runtime: When printing very deep stacks, the runtime now prints the
first 50 (innermost) frames followed by the bottom 50 (outermost)
frames, rather than just printing the first 100 frames. This makes it
easier to see how deeply recursive stacks started, and is especially
valuable for debugging stack
overflows.
* runtime: On Linux platforms that support transparent huge pages, the
Go runtime now manages which parts of the heap may be backed by huge
pages more explicitly. This leads to better utilization of memory:
small heaps should see less memory used (up to 50% in pathological
cases) while large heaps should see fewer broken huge pages for dense
parts of the heap, improving CPU usage and latency by up to 1%.
* runtime: As a result of runtime-internal garbage collection tuning,
applications may see up to a 40% reduction in application tail latency
and a small decrease in memory use. Some applications may also observe
a small loss in throughput. The memory use decrease should be
proportional to the loss in throughput, such that the previous
release's throughput/memory tradeoff may be recovered (with little
change to latency) by increasing GOGC and/or GOMEMLIMIT slightly.
* runtime: Calls from C to Go on threads created in C require some setup
to prepare for Go execution. On Unix platforms, this setup is now
preserved across multiple calls from the same thread. This
significantly reduces the overhead of subsequent C to Go calls from
~1-3 microseconds per call to ~100-200 nanoseconds per call.
* compiler: Profile-guide optimization (PGO), added as a preview in Go
1.20, is now ready for general use. PGO enables additional
optimizations on code identified as hot by profiles
of production workloads. As mentioned in the Go command section, PGO
is enabled by default for binaries that contain a default.pgo profile
in the main package directory. Performance improvements vary
depending on application behavior, with most programs from a
representative set of Go programs seeing between 2 and 7% improvement
from enabling PGO. See the PGO user guide for detailed documentation.
* compiler: PGO builds can now devirtualize some interface method calls,
adding a concrete call to the most common callee. This enables further
optimization, such as inlining the callee.
* compiler: Go 1.21 improves build speed by up to 6%, largely thanks to
building the compiler itself with PGO.
* assembler: On amd64, frameless nosplit assembly functions are no
longer automatically marked as NOFRAME. Instead, the NOFRAME attribute
must be explicitly specified if desired, which is already the behavior
on other architectures supporting frame pointers. With this, the
runtime now maintains the frame pointers for stack transitions.
* assembler: The verifier that checks for incorrect uses of R15 when
dynamic linking on amd64 has been improved.
* linker: On windows/amd64, the linker (with help from the compiler) now
emits SEH unwinding data by default, which improves the integration of
Go applications with Windows debuggers and other tools.
* linker: In Go 1.21 the linker (with help from the compiler) is now
capable of deleting dead (unreferenced) global map variables, if the
number of entries in the variable initializer is sufficiently large,
and if the initializer expressions are side-effect free.
* core library: The new log/slog package provides structured logging
with levels. Structured logging emits key-value pairs to enable fast,
accurate processing of large amounts of log data. The package supports
integration with popular log analysis tools and services.
* core library: The new testing/slogtest package can help to validate
slog.Handler implementations.
* core library: The new slices package provides many common
operations on slices, using generic functions that work with slices of
any element type.
* core library: The new maps package provides several common
operations on maps, using generic functions that work with maps
of any key or element type.
* core library: The new cmp package defines the type constraint Ordered
and two new generic functions Less and Compare that are useful with
ordered types.
* Minor changes to the library: As always, there are various minor
changes and updates to the library, made with the Go 1 promise of
compatibility in mind. There are also various performance
improvements, not enumerated here.
* archive/tar: The implementation of the io/fs.FileInfo interface
returned by Header.FileInfo now implements a String method that calls
io/fs.FormatFileInfo.
* archive/zip: The implementation of the io/fs.FileInfo interface
returned by FileHeader.FileInfo now implements a String method that
calls io/fs.FormatFileInfo.
* archive/zip: The implementation of the io/fs.DirEntry interface
returned by the io/fs.ReadDirFile.ReadDir method of the io/fs.File
returned by Reader.Open now implements a String method that calls
io/fs.FormatDirEntry.
* bytes: The Buffer type has two new methods: Available and
AvailableBuffer. These may be used along with the Write method to
append directly to the Buffer.
* context: The new WithoutCancel function returns a copy of a context
that is not canceled when the original context is canceled.
* context: The new WithDeadlineCause and WithTimeoutCause functions
provide a way to set a context cancellation cause when a deadline or
timer expires. The cause may be retrieved with the Cause function.
* context: The new AfterFunc function registers a function to run after
a context has been cancelled.
* context: An optimization means that the results of calling Background
and TODO and converting them to a shared type can be considered equal.
In previous releases they were always different. Comparing Context
values for equality has never been well-defined, so this is not
considered to be an incompatible change.
* crypto/ecdsa: PublicKey.Equal and PrivateKey.Equal now execute in
constant time.
* crypto/elliptic: All of the Curve methods have been deprecated, along
with GenerateKey, Marshal, and Unmarshal. For ECDH
operations, the new crypto/ecdh package should be used instead. For
lower-level operations, use third-party modules such as
filippo.io/nistec.
* crypto/rand: The crypto/rand package now uses the getrandom system
call on NetBSD 10.0 and later.
* crypto/rsa: The performance of private RSA operations (decryption and
signing) is now better than Go 1.19 for GOARCH=amd64 and GOARCH=arm64.
It had regressed in Go 1.20.
* crypto/rsa: Due to the addition of private fields to
PrecomputedValues, PrivateKey.Precompute must be called for
optimal performance even if deserializing (for example from JSON) a
previously-precomputed private key.
* crypto/rsa: PublicKey.Equal and PrivateKey.Equal now execute in
constant time.
* crypto/rsa: The GenerateMultiPrimeKey function and the
PrecomputedValues.CRTValues field have been deprecated.
PrecomputedValues.CRTValues will still be populated when
PrivateKey.Precompute is called, but the values will not be used
during decryption operations.
* crypto/sha256: SHA-224 and SHA-256 operations now use native
instructions when available when GOARCH=amd64, providing a performance
improvement on the order of 3-4x.
* crypto/tls: Servers now skip verifying client certificates (including
not running Config.VerifyPeerCertificate) for resumed connections,
besides checking the expiration time. This makes session tickets
larger when client certificates are in use. Clients were already
skipping verification on resumption, but now check the expiration time
even if Config.InsecureSkipVerify is set.
* crypto/tls: Applications can now control the content of session
tickets.
* crypto/tls: The new SessionState type describes a resumable session.
* crypto/tls: The SessionState.Bytes method and ParseSessionState
function serialize and deserialize a SessionState.
* crypto/tls: The Config.WrapSession and Config.UnwrapSession hooks
convert a SessionState to and from a ticket on the server side.
* crypto/tls: The Config.EncryptTicket and Config.DecryptTicket methods
provide a default implementation of WrapSession and UnwrapSession.
* crypto/tls: The ClientSessionState.ResumptionState method and
NewResumptionState function may be used by a ClientSessionCache
implementation to store and resume sessions on the client side.
* crypto/tls: To reduce the potential for session tickets to be used as
a tracking mechanism across connections, the server now issues new
tickets on every resumption (if they are supported and not disabled)
and tickets don't bear an identifier for the key that encrypted them
anymore. If passing a large number of keys to
Conn.SetSessionTicketKeys, this might lead to a noticeable performance
cost.
* crypto/tls: Both clients and servers now implement the Extended Master
Secret extension (RFC 7627). The deprecation of
ConnectionState.TLSUnique has been reverted, and is now set for
resumed connections that support Extended Master Secret.
* crypto/tls: The new QUICConn type provides support for QUIC
implementations, including 0-RTT support. Note that this is not itself
a QUIC implementation, and 0-RTT is still not supported in TLS.
* crypto/tls: The new VersionName function returns the name for a TLS
version number.
* crypto/tls: The TLS alert codes sent from the server for client
authentication failures have been improved. Previously, these failures
always resulted in a "bad certificate" alert. Now, certain failures
will result in more appropriate alert codes, as defined by RFC 5246
and RFC 8446:
* crypto/tls: For TLS 1.3 connections, if the server is configured to
require client authentication using RequireAnyClientCert or
RequireAndVerifyClientCert, and the client does not provide any
certificate, the server will now return the "certificate required"
alert.
* crypto/tls: If the client provides a certificate that is not signed by
the set of trusted certificate authorities configured
on the server, the server will return the "unknown certificate
authority" alert.
* crypto/tls: If the client provides a certificate that is either
expired or not yet valid, the server will return the "expired
certificate" alert.
* crypto/tls: In all other scenarios related to client authentication
failures, the server still returns "bad certificate".
* crypto/x509: RevocationList.RevokedCertificates has been deprecated
and replaced with the new RevokedCertificateEntries field, which is a
slice of RevocationListEntry. RevocationListEntry contains all of the
fields in pkix.RevokedCertificate, as well as the revocation reason
code.
* crypto/x509: Name constraints are now correctly enforced on non-leaf
certificates, and not on the certificates where they are expressed.
* debug/elf: The new File.DynValue method may be used to retrieve the
numeric values listed with a given dynamic tag.
* debug/elf: The constant flags permitted in a DT_FLAGS_1 dynamic tag
are now defined with type DynFlag1. These tags have names starting
with DF_1.
* debug/elf: The package now defines the constant COMPRESS_ZSTD.
* debug/elf: The package now defines the constant R_PPC64_REL24_P9NOTOC.
* debug/pe: Attempts to read from a section containing uninitialized
data using Section.Data or the reader returned by Section.Open now
return an error.
* embed: The io/fs.File returned by FS.Open now has a ReadAt method that
implements io.ReaderAt.
* embed: Calling FS.Open.Stat will return a type that now implements a
String method that calls io/fs.FormatFileInfo.
* errors: The new ErrUnsupported error provides a standardized way to
indicate that a requested operation may not be performed because it is
unsupported. For example, a call to os.Link when using a file system
that does not support hard links.
* flag: The new BoolFunc function and FlagSet.BoolFunc method define a
flag that does not require an argument and calls a function when the
flag is used. This is similar to Func but for a boolean flag.
* flag: A flag definition (via Bool, BoolVar, Int, IntVar, etc.) will
panic if Set has already been called on a flag with the same name.
This change is intended to detect cases where changes in
initialization order cause flag operations to occur in a different
order than expected. In many cases the fix to this problem is to
introduce a explicit package dependence to correctly order the
definition before any Set operations.
* go/ast: The new IsGenerated predicate reports whether a file syntax
tree contains the special comment that conventionally indicates that
the file was generated by a tool.
* go/ast: The new File.GoVersion field records the minimum Go version
required by any //go:build or // +build directives.
* go/build: The package now parses build directives (comments that start
with //go:) in file headers (before the package declaration). These
directives are available in the new Package fields Directives,
TestDirectives, and XTestDirectives.
* go/build/constraint: The new GoVersion function returns the minimum Go
version implied by a build expression.
* go/token: The new File.Lines method returns the file's line-number
table in the same form as accepted by File.SetLines.
* go/types: The new Package.GoVersion method returns the Go language
version used to check the package.
* hash/maphash: The hash/maphash package now has a pure Go
implementation, selectable with the purego build tag.
* html/template: The new error ErrJSTemplate is returned when an action
appears in a JavaScript template literal. Previously an unexported
error was returned.
* io/fs: The new FormatFileInfo function returns a formatted version of
a FileInfo. The new FormatDirEntry function returns a formatted
version of a DirEntry. The implementation of DirEntry returned by
ReadDir now implements a String method that calls FormatDirEntry, and
the same is true for the DirEntry value passed to WalkDirFunc.
* math/big: The new Int.Float64 method returns the nearest
floating-point value to a multi-precision integer, along with an
indication of any rounding that occurred.
* net: On Linux, the net package can now use Multipath TCP when the
kernel supports it. It is not used by default. To use Multipath TCP
when available on a client, call the Dialer.SetMultipathTCP method
before calling the Dialer.Dial or Dialer.DialContext methods. To use
Multipath TCP when available
on a server, call the ListenConfig.SetMultipathTCP method before
calling the ListenConfig.Listen method. Specify the network as "tcp"
or "tcp4" or "tcp6" as usual. If Multipath TCP is not supported by
the kernel or the remote host, the connection will silently fall back
to TCP. To test whether a particular connection is using Multipath
TCP, use the TCPConn.MultipathTCP method.
* net: In a future Go release we may enable Multipath TCP by default on
systems that support it.
* net/http: The new ResponseController.EnableFullDuplex method allows
server handlers to concurrently read from an HTTP/1 request body while
writing the response. Normally, the HTTP/1 server automatically
consumes any remaining request body before starting to write the
response, to avoid deadlocking clients which attempt to write a
complete request before reading the response. The EnableFullDuplex
method disables this behavior.
* net/http: The new ErrSchemeMismatch error is returned by Client and
Transport when the server responds to an HTTPS request with an HTTP
response.
* net/http: The net/http package now supports errors.ErrUnsupported, in
that the expression errors.Is(http.ErrNotSupported,
errors.ErrUnsupported) will return true.
* os: Programs may now pass an empty time.Time value to the Chtimes
function to leave either the access time or the modification time
unchanged.
* os: On Windows the File.Chdir method now changes the current directory
to the file, rather than always returning an error.
* os: On Unix systems, if a non-blocking descriptor is passed to
NewFile, calling the File.Fd method will now return a non-blocking
descriptor. Previously the descriptor was converted to blocking mode.
* os: On Windows calling Truncate on a non-existent file used to create
an empty file. It now returns an error indicating that the file does
not exist.
* os: On Windows calling TempDir now uses GetTempPath2W when available,
instead of GetTempPathW. The new behavior is a security hardening
measure that prevents temporary files created by processes running as
SYSTEM to be accessed by non-SYSTEM processes.
* os: On Windows the os package now supports working with files whose
names, stored as UTF-16, can't be represented as valid UTF-8.
* os: On Windows Lstat now resolves symbolic links for paths ending with
a path separator, consistent with its behavior on POSIX platforms.
* os: The implementation of the io/fs.DirEntry interface returned by the
ReadDir function and the File.ReadDir method now implements a String
method that calls io/fs.FormatDirEntry.
* os: The implementation of the io/fs.FS interface returned by the DirFS
function now implements the io/fs.ReadFileFS and the io/fs.ReadDirFS
interfaces.
* path/filepath: The implementation of the io/fs.DirEntry interface
passed to the function argument of WalkDir now implements a String
method that calls io/fs.FormatDirEntry.
* reflect: In Go 1.21, ValueOf no longer forces its argument to be
allocated on the heap, allowing a Value's content to be allocated on
the stack. Most operations on a Value also allow the underlying value
to be stack allocated.
* reflect: The new Value method Value.Clear clears the contents
of a map or zeros the contents of a slice. This corresponds to the new
clear built-in added to the language.
* reflect: The SliceHeader and StringHeader types are now deprecated. In
new code prefer unsafe.Slice, unsafe.SliceData, unsafe.String, or
unsafe.StringData.
* regexp: Regexp now defines MarshalText and UnmarshalText methods.
These implement encoding.TextMarshaler and encoding.TextUnmarshaler
and will be used by packages such as encoding/json.
* runtime: Textual stack traces produced by Go programs, such as those
produced when crashing, calling runtime.Stack, or collecting a
goroutine profile with debug=2, now include the IDs of the goroutines
that created each goroutine in the stack trace.
* runtime: Crashing Go applications can now opt-in to Windows Error
Reporting (WER) by setting the environment variable GOTRACEBACK=wer or
calling debug.SetTraceback("wer") before the crash. Other than
enabling WER, the runtime will behave as with GOTRACEBACK=crash. On
non-Windows systems, GOTRACEBACK=wer is ignored.
* runtime: GODEBUG=cgocheck=2, a thorough checker of cgo pointer passing
rules, is no longer available as a debug
option. Instead, it is available as an experiment using
GOEXPERIMENT=cgocheck2. In particular this means that this mode has
to be selected at build time instead of startup time.
* runtime: GODEBUG=cgocheck=1 is still available (and is still the
default).
* runtime: A new type Pinner has been added to the runtime package.
Pinners may be used to "pin" Go memory such that it may be used more
freely by non-Go code. For instance, passing Go values that reference
pinned Go memory to C code is now allowed. Previously, passing any
such nested reference was disallowed by the cgo pointer passing rules.
See the docs for more details.
* runtime/metrics: A few previously-internal GC metrics, such as live
heap size, are now available. GOGC and GOMEMLIMIT are also now
available as metrics.
* runtime/trace: Collecting traces on amd64 and arm64 now incurs a
substantially smaller CPU cost: up to a 10x improvement over the
previous release.
* runtime/trace: Traces now contain explicit stop-the-world events for
every reason the Go runtime might stop-the-world, not just garbage
collection.
* sync: The new OnceFunc, OnceValue, and OnceValues functions capture a
common use of Once to lazily initialize a value on first use.
* syscall: On Windows the Fchdir function now changes the current
directory to its argument, rather than always returning an error.
* syscall: On FreeBSD SysProcAttr has a new field Jail that may be used
to put the newly created process in a jailed environment.
* syscall: On Windows the syscall package now supports working with
files whose names, stored as UTF-16, can't be represented as valid
UTF-8. The UTF16ToString and UTF16FromString functions now convert
between UTF-16 data and WTF-8 strings. This is backward compatible as
WTF-8 is a superset of the UTF-8 format that was used in earlier
releases.
* syscall: Several error values match the new errors.ErrUnsupported,
such that errors.Is(err, errors.ErrUnsupported) returns true. ENOSYS
ENOTSUP EOPNOTSUPP EPLAN9 (Plan 9 only) ERROR_CALL_NOT_IMPLEMENTED
(Windows only) ERROR_NOT_SUPPORTED (Windows only) EWINDOWS (Windows
only)
* testing: The new -test.fullpath option will print full path names in
test log messages, rather than just base names.
* testing: The new Testing function reports whether the program is a
test created by go test.
* testing/fstest: Calling Open.Stat will return a type that now
implements a String method that calls io/fs.FormatFileInfo.
* unicode: The unicode package and associated support throughout the
system has been upgraded to Unicode 15.0.0.
* Darwin port: As announced in the Go 1.20 release notes, Go 1.21
requires macOS 10.15 Catalina or later; support for previous versions
has been discontinued.
* Windows port: As announced in the Go 1.20 release notes, Go 1.21
requires at least Windows 10 or Windows Server 2016; support for
previous versions has been discontinued.
* WebAssembly port: The new go:wasmimport directive can now be used in
Go programs to import functions from the WebAssembly host.
* WebAssembly port: The Go scheduler now interacts much more efficiently
with the JavaScript event loop, especially in applications that block
frequently on asynchronous events.
* WebAssembly System Interface port: Go 1.21 adds an experimental port
to the WebAssembly System Interface (WASI), Preview 1 (GOOS=wasip1,
GOARCH=wasm).
* WebAssembly System Interface port: As a result of the addition
of the new GOOS value "wasip1", Go files named *_wasip1.go will now be
ignored by Go tools except when that GOOS value is being used. If you
have existing filenames matching that pattern, you will need to
rename them.
* ppc64/ppc64le port: On Linux, GOPPC64=power10 now generates
PC-relative instructions, prefixed instructions, and other new Power10
instructions. On AIX, GOPPC64=power10 generates Power10 instructions,
but does not generate PC-relative instructions.
* ppc64/ppc64le port: When building position-independent binaries for
GOPPC64=power10 GOOS=linux GOARCH=ppc64le, users can expect reduced
binary sizes in most cases, in some cases 3.5%. Position-independent
binaries are built for ppc64le with the following -buildmode values:
c-archive, c-shared, shared, pie, plugin.
* loong64 port: The linux/loong64 port now supports
-buildmode=c-archive, -buildmode=c-shared and -buildmode=pie.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2023-360=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
go-1.21-41.1
go-doc-1.21-41.1
go1.21-1.21.3-2.1
go1.21-doc-1.21.3-2.1
References:
https://www.suse.com/security/cve/CVE-2023-39318.html
https://www.suse.com/security/cve/CVE-2023-39319.html
https://www.suse.com/security/cve/CVE-2023-39320.html
https://www.suse.com/security/cve/CVE-2023-39321.html
https://www.suse.com/security/cve/CVE-2023-39322.html
https://www.suse.com/security/cve/CVE-2023-39323.html
https://www.suse.com/security/cve/CVE-2023-39325.html
https://www.suse.com/security/cve/CVE-2023-44487.html
https://bugzilla.suse.com/1212475
https://bugzilla.suse.com/1212667
https://bugzilla.suse.com/1212669
https://bugzilla.suse.com/1215084
https://bugzilla.suse.com/1215085
https://bugzilla.suse.com/1215086
https://bugzilla.suse.com/1215087
https://bugzilla.suse.com/1215090
https://bugzilla.suse.com/1215985
https://bugzilla.suse.com/1216109
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4385-1: important: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch
Server
Announcement ID: SUSE-RU-2023:4385-1
Rating: important
References:
* bsc#1204270
* bsc#1211047
* bsc#1211145
* bsc#1211270
* bsc#1211912
* bsc#1212168
* bsc#1212507
* bsc#1213132
* bsc#1213376
* bsc#1213469
* bsc#1213680
* bsc#1213689
* bsc#1214041
* bsc#1214121
* bsc#1214463
* bsc#1214553
* bsc#1214746
* bsc#1215027
* bsc#1215120
* bsc#1215412
* bsc#1215514
* bsc#1216411
* bsc#1216661
* jsc#MSQA-706
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 Module 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 Module 4.3
An update that contains one feature and has 23 fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
### Description:
This update fixes the following issues:
apache2-mod_wsgi:
* Make sure that the keyword wsgi is preserved in the APACHE_MODULES variable
when updating apache2-mod_wsgi (bsc#1216411)
spacecmd:
* Version 4.3.24-1
* Change default scheduler from (none) to (system)
spacewalk-backend:
* Version 4.3.24-1
* Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)
spacewalk-client-tools:
* Version 4.3.16-1
* Update translation strings
spacewalk-web:
* Version 4.3.35-1
* Add missing translation wrappers for Salt formula catalog
* Shows a notification when an update for SUSE Manager is available
How to apply this update:
1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
2. Stop the proxy service: `spacewalk-proxy stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-proxy start`
## Recommended update for SUSE Manager Server 4.3
### Description:
This update fixes the following issues:
billing-data-service:
* Version 4.3.1-1
* Align the package version with the SUSE Manager major version 4.3
cobbler:
* Buildiso: copy grub into ESP using mtools to allow execution in containers
* Add mtools as dependency for Cobbler
susemanager-docs_en:
* Removed technical preview statement about Ansible in Administration Guide
(bsc#1216661)
* Replace the "Quick Start: Public Cloud" with "Public Cloud Guide" in
Specialized Guides
* Provide the right base operating system service pack version to be used for
SUSE Manager Proxy (bsc#1213469)
* Add Debian 12 as supported client in Client Configuration Guide
smdba:
* Version 1.7.12
* re-use configured max_connection value
* keep previous selected value for SSD configuration
spacecmd:
* Version 4.3.24-1
* Change default scheduler from (none) to (system)
spacewalk-backend:
* Version 4.3.24-1
* Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)
spacewalk-client-tools:
* Version 4.3.16-1
* Update translation strings
spacewalk-config:
* Version 4.3.12-1
* Handle spaces in /ks/dist/ file names (bsc#1213680)
spacewalk-java:
* Version 4.3.68-1
* Sync GPG properties on each build in CLM (bsc#1213689)
* Change list endpoints in saltkey namespace to accept GET requests instead of
POST (bsc#1214463)
* Respect user email preferences when sending 'user creation' emails
(bsc#1214553)
* Fix server error when visiting the notifications page
* Fixed the value of the advisory release for Ubuntu erratas
* Restart the bunch from where it was interrupted when rescheduling
* Moved the Ubuntu errata processing in its own separate taskomatic task
(bsc#1211145)
* Stop the taskomatic bunch execution if it was not possible to execute one of
the tasks
* Add detection of Debian 12
* Implement different way to copy data for SystemPackageUpdate report database
table (bsc#1211912)
* Avoid SCC credentials check if `server.susemanager.fromdir` is set
(bsc#1211270)
* Fix bug about listing Ansible inventories (bsc#1213132)
* Remove SUSE Manager proxy 4.2 product channel for PAYG instance
(bsc#1215412)
* Show a notification when an update for SUSE Manager is available
* Optimize memory usage in UbuntuErrataManager
* Handle spaces in /ks/dist/ file names (bsc#1213680)
* Change default scheduler from (none) to (system)
* Set user for package list refresh action if possible
* Fix recurring state execution not using the correct order (bsc#1215027)
* Ignore mandatory channels results that don't match list of channels
(bsc#1204270)
* Token cleanup process removing invalid tokens using sql query (bsc#1213376)
* Fix failed actions rescheduling (bsc#1214121)
* Fix unscheduling actions when the trigger name changed after retry
(bsc#1214121)
* Improve Taskomatic by removing invalid triggers before starting and
enhancing logs
* Revert action executor fix that was intended to prevent blocking of
Taskomatic threads (bsc#1214121)
* Extend success message after adding monitoring property (bsc#1212168)
spacewalk-utils:
* Version 4.3.18-1
* Add Debian 12 repositories
spacewalk-web:
* Version 4.3.35-1
* Add missing translation wrappers for Salt formula catalog
* Shows a notification when an update for SUSE Manager is available
susemanager:
* Version 4.3.32-1
* Add bootstrap repository definition for OES2023.4 (bsc#1215514)
* Add bootstrap repository definitions for Debian 12
* Fix SLES 15 for SAP not being listed in mgr-create-bootstrap-repo
(bsc#1215120)
* Add missing PKGLIST15_TRAD for SLES 15 SAP mgr-create-bootstrap-repo entries
(bsc#1215120)
* Fix possible permission issues with database migration script (bsc#1214746)
susemanager-docs_en:
* Added comment about SCC subscription to Administration Guide (bsc#1211270)
* Added Debian 12 as a technology preview client in Client Configuration Guide
* Fixed over-long table issue in openSCAP chapter in Administration Guide
* Update Hardware Requirements section about disk space for /var/spacewalk in
the Installation and Upgrade Guide
* Documented disabling automatic channel selection for cloned channels in
Content Lifecycle Management chapter of Administration Guide (bsc#1211047)
* Fixed broken links and references in the Image building file in
* Updated autoinstallation chapter in Client Configuration Guide about
buildiso command in the context of Cobbler
* Removed end-of-life openSUSE Leap clients from the support matrix in the
Client Configuration Guide
* Added note about Jinja templating for configuration files management on Salt
Clients in Client Configuration Guide
* Fixed DHCP example for Cobbler autoinstallation and added one per
architecture in Client Configuration Guide (bsc#1214041) Guide (bsc#1213469)
susemanager-schema:
* Version 4.3.21-1
* Add index on server needed cache to improve performance for some queries
(bsc#1211912)
* Moved the Ubuntu errata processing in its own separate taskomatic task
(bsc#1211145)
susemanager-sls:
* Version 4.3.36-1
* Do not install instance-flavor-check tool on openSUSE
susemanager-sync-data:
* Version 4.3.13-1
* Add OES2023.4 (bsc#1215514)
* Add Debian 12 amd64
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: `spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-service start`
## Recommended update for apache2-mod_wsgi
### Description:
This update fixes the following issues:
apache2-mod_wsgi:
* Make sure that the keyword wsgi is preserved in the APACHE_MODULES variable
when updating apache2-mod_wsgi (bsc#1216411)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4385=1
* SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4385=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4385=1 openSUSE-SLE-15.4-2023-4385=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4385=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4385=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4385=1
## Package List:
* SUSE Manager Proxy 4.3 Module 4.3 (x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* SUSE Manager Proxy 4.3 Module 4.3 (noarch)
* spacewalk-backend-4.3.24-150400.3.30.16
* python3-spacewalk-client-setup-4.3.16-150400.3.18.13
* spacewalk-base-minimal-4.3.35-150400.3.33.14
* spacewalk-check-4.3.16-150400.3.18.13
* python3-spacewalk-check-4.3.16-150400.3.18.13
* spacewalk-base-minimal-config-4.3.35-150400.3.33.14
* python3-spacewalk-client-tools-4.3.16-150400.3.18.13
* spacewalk-client-setup-4.3.16-150400.3.18.13
* spacewalk-client-tools-4.3.16-150400.3.18.13
* spacecmd-4.3.24-150400.3.27.10
* SUSE Manager Server 4.3 Module 4.3 (noarch)
* susemanager-schema-utility-4.3.21-150400.3.27.11
* susemanager-docs_en-pdf-4.3-150400.9.47.1
* spacewalk-backend-iss-export-4.3.24-150400.3.30.16
* uyuni-config-modules-4.3.36-150400.3.34.6
* spacewalk-backend-sql-4.3.24-150400.3.30.16
* spacewalk-base-minimal-4.3.35-150400.3.33.14
* spacewalk-java-config-4.3.68-150400.3.66.14
* spacewalk-backend-iss-4.3.24-150400.3.30.16
* spacewalk-backend-sql-postgresql-4.3.24-150400.3.30.16
* cobbler-3.3.3-150400.5.36.10
* spacewalk-java-lib-4.3.68-150400.3.66.14
* spacewalk-utils-4.3.18-150400.3.18.10
* susemanager-docs_en-4.3-150400.9.47.1
* spacewalk-java-postgresql-4.3.68-150400.3.66.14
* spacewalk-backend-server-4.3.24-150400.3.30.16
* spacewalk-backend-config-files-tool-4.3.24-150400.3.30.16
* spacewalk-base-minimal-config-4.3.35-150400.3.33.14
* susemanager-schema-4.3.21-150400.3.27.11
* spacewalk-html-4.3.35-150400.3.33.14
* spacewalk-client-tools-4.3.16-150400.3.18.13
* spacewalk-backend-package-push-server-4.3.24-150400.3.30.16
* spacewalk-backend-applet-4.3.24-150400.3.30.16
* spacewalk-taskomatic-4.3.68-150400.3.66.14
* billing-data-service-4.3.1-150400.10.9.10
* spacewalk-backend-tools-4.3.24-150400.3.30.16
* susemanager-sls-4.3.36-150400.3.34.6
* spacewalk-backend-app-4.3.24-150400.3.30.16
* spacewalk-java-4.3.68-150400.3.66.14
* spacewalk-backend-xmlrpc-4.3.24-150400.3.30.16
* spacewalk-backend-xml-export-libs-4.3.24-150400.3.30.16
* spacecmd-4.3.24-150400.3.27.10
* spacewalk-backend-4.3.24-150400.3.30.16
* spacewalk-utils-extras-4.3.18-150400.3.18.10
* spacewalk-base-4.3.35-150400.3.33.14
* spacewalk-config-4.3.12-150400.3.12.10
* spacewalk-backend-config-files-4.3.24-150400.3.30.16
* susemanager-sync-data-4.3.13-150400.3.14.10
* python3-spacewalk-client-tools-4.3.16-150400.3.18.13
* spacewalk-backend-config-files-common-4.3.24-150400.3.30.16
* SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64)
* susemanager-4.3.32-150400.3.39.6
* susemanager-tools-4.3.32-150400.3.39.6
* smdba-1.7.12-0.150400.4.9.10
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1204270
* https://bugzilla.suse.com/show_bug.cgi?id=1211047
* https://bugzilla.suse.com/show_bug.cgi?id=1211145
* https://bugzilla.suse.com/show_bug.cgi?id=1211270
* https://bugzilla.suse.com/show_bug.cgi?id=1211912
* https://bugzilla.suse.com/show_bug.cgi?id=1212168
* https://bugzilla.suse.com/show_bug.cgi?id=1212507
* https://bugzilla.suse.com/show_bug.cgi?id=1213132
* https://bugzilla.suse.com/show_bug.cgi?id=1213376
* https://bugzilla.suse.com/show_bug.cgi?id=1213469
* https://bugzilla.suse.com/show_bug.cgi?id=1213680
* https://bugzilla.suse.com/show_bug.cgi?id=1213689
* https://bugzilla.suse.com/show_bug.cgi?id=1214041
* https://bugzilla.suse.com/show_bug.cgi?id=1214121
* https://bugzilla.suse.com/show_bug.cgi?id=1214463
* https://bugzilla.suse.com/show_bug.cgi?id=1214553
* https://bugzilla.suse.com/show_bug.cgi?id=1214746
* https://bugzilla.suse.com/show_bug.cgi?id=1215027
* https://bugzilla.suse.com/show_bug.cgi?id=1215120
* https://bugzilla.suse.com/show_bug.cgi?id=1215412
* https://bugzilla.suse.com/show_bug.cgi?id=1215514
* https://bugzilla.suse.com/show_bug.cgi?id=1216411
* https://bugzilla.suse.com/show_bug.cgi?id=1216661
* https://jira.suse.com/browse/MSQA-706
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
09 Nov '23
# Security update for salt
Announcement ID: SUSE-SU-2023:4386-1
Rating: important
References:
* bsc#1213293
* bsc#1213518
* bsc#1214477
* bsc#1215157
* jsc#MSQA-706
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Transactional Server Module 15-SP5
An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
* Fix optimization_order opt to prevent testsuite fails
* Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
* Use salt-call from salt bundle with transactional_update
* Only call native_str on curl_debug message in tornado when needed
* Implement the calling for batch async from the salt CLI
* Fix calculation of SLS context vars when trailing dots on targetted
sls/state (bsc#1213518)
* Rename salt-tests to python3-salt-testsuite
* Allow all primitive grain types for autosign_grains (bsc#1214477)
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4386=1 SUSE-2023-4386=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4386=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4386=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4386=1
* Transactional Server Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-4386=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* salt-proxy-3006.0-150500.4.24.2
* salt-standalone-formulas-configuration-3006.0-150500.4.24.2
* salt-3006.0-150500.4.24.2
* salt-cloud-3006.0-150500.4.24.2
* salt-master-3006.0-150500.4.24.2
* salt-api-3006.0-150500.4.24.2
* salt-minion-3006.0-150500.4.24.2
* salt-syndic-3006.0-150500.4.24.2
* python3-salt-3006.0-150500.4.24.2
* salt-transactional-update-3006.0-150500.4.24.2
* salt-doc-3006.0-150500.4.24.2
* python3-salt-testsuite-3006.0-150500.4.24.2
* salt-ssh-3006.0-150500.4.24.2
* openSUSE Leap 15.5 (noarch)
* salt-bash-completion-3006.0-150500.4.24.2
* salt-fish-completion-3006.0-150500.4.24.2
* salt-zsh-completion-3006.0-150500.4.24.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* salt-3006.0-150500.4.24.2
* salt-minion-3006.0-150500.4.24.2
* python3-salt-3006.0-150500.4.24.2
* salt-transactional-update-3006.0-150500.4.24.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-doc-3006.0-150500.4.24.2
* salt-3006.0-150500.4.24.2
* salt-minion-3006.0-150500.4.24.2
* python3-salt-3006.0-150500.4.24.2
* Basesystem Module 15-SP5 (noarch)
* salt-bash-completion-3006.0-150500.4.24.2
* salt-zsh-completion-3006.0-150500.4.24.2
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-proxy-3006.0-150500.4.24.2
* salt-standalone-formulas-configuration-3006.0-150500.4.24.2
* salt-cloud-3006.0-150500.4.24.2
* salt-master-3006.0-150500.4.24.2
* salt-api-3006.0-150500.4.24.2
* salt-syndic-3006.0-150500.4.24.2
* salt-ssh-3006.0-150500.4.24.2
* Server Applications Module 15-SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.24.2
* Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150500.4.24.2
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213293
* https://bugzilla.suse.com/show_bug.cgi?id=1213518
* https://bugzilla.suse.com/show_bug.cgi?id=1214477
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://jira.suse.com/browse/MSQA-706
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
09 Nov '23
# Security update for salt
Announcement ID: SUSE-SU-2023:4387-1
Rating: important
References:
* bsc#1213293
* bsc#1213518
* bsc#1214477
* bsc#1215157
* jsc#MSQA-706
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* Server Applications Module 15-SP4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* Transactional Server Module 15-SP4
An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
* Fix optimization_order opt to prevent testsuite fails
* Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
* Use salt-call from salt bundle with transactional_update
* Only call native_str on curl_debug message in tornado when needed
* Implement the calling for batch async from the salt CLI
* Fix calculation of SLS context vars when trailing dots on targetted
sls/state (bsc#1213518)
* Rename salt-tests to python3-salt-testsuite
* Allow all primitive grain types for autosign_grains (bsc#1214477)
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4387=1 SUSE-2023-4387=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4387=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4387=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4387=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4387=1
* Transactional Server Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-4387=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* salt-master-3006.0-150400.8.49.2
* salt-proxy-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* salt-standalone-formulas-configuration-3006.0-150400.8.49.2
* salt-minion-3006.0-150400.8.49.2
* salt-syndic-3006.0-150400.8.49.2
* salt-doc-3006.0-150400.8.49.2
* python3-salt-testsuite-3006.0-150400.8.49.2
* salt-api-3006.0-150400.8.49.2
* salt-cloud-3006.0-150400.8.49.2
* salt-ssh-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* openSUSE Leap 15.4 (noarch)
* salt-bash-completion-3006.0-150400.8.49.2
* salt-fish-completion-3006.0-150400.8.49.2
* salt-zsh-completion-3006.0-150400.8.49.2
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-doc-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* Basesystem Module 15-SP4 (noarch)
* salt-bash-completion-3006.0-150400.8.49.2
* salt-zsh-completion-3006.0-150400.8.49.2
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* salt-master-3006.0-150400.8.49.2
* salt-proxy-3006.0-150400.8.49.2
* salt-standalone-formulas-configuration-3006.0-150400.8.49.2
* salt-syndic-3006.0-150400.8.49.2
* salt-api-3006.0-150400.8.49.2
* salt-cloud-3006.0-150400.8.49.2
* salt-ssh-3006.0-150400.8.49.2
* Server Applications Module 15-SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.49.2
* Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150400.8.49.2
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213293
* https://bugzilla.suse.com/show_bug.cgi?id=1213518
* https://bugzilla.suse.com/show_bug.cgi?id=1214477
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://jira.suse.com/browse/MSQA-706
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
09 Nov '23
# Security update for salt
Announcement ID: SUSE-SU-2023:4388-1
Rating: important
References:
* bsc#1213293
* bsc#1213518
* bsc#1214477
* bsc#1215157
* jsc#MSQA-706
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
* Fix optimization_order opt to prevent testsuite fails
* Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
* Use salt-call from salt bundle with transactional_update
* Only call native_str on curl_debug message in tornado when needed
* Implement the calling for batch async from the salt CLI
* Fix calculation of SLS context vars when trailing dots on targetted
sls/state (bsc#1213518)
* Rename salt-tests to python3-salt-testsuite
* Allow all primitive grain types for autosign_grains (bsc#1214477)
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4388=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4388=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4388=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4388=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4388=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4388=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4388=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4388=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4388=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4388=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4388=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4388=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4388=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4388=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python2-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-doc-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python2-simplejson-3.17.2-150300.3.4.1
* python3-salt-3006.0-150300.53.65.2
* python3-salt-testsuite-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap 15.3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Enterprise Storage 7.1 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-minion-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-minion-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-transactional-update-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-minion-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-transactional-update-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213293
* https://bugzilla.suse.com/show_bug.cgi?id=1213518
* https://bugzilla.suse.com/show_bug.cgi?id=1214477
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://jira.suse.com/browse/MSQA-706
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4392-1: moderate: Recommended update for SUSE Manager Client Tools
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Recommended update for SUSE Manager Client Tools
Announcement ID: SUSE-RU-2023:4392-1
Rating: moderate
References:
* jsc#MSQA-706
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Client Tools for SLE 15
* SUSE Package Hub 15 15-SP5
An update that contains one feature can now be installed.
## Description:
This update fixes the following issues:
grafana:
* Update to version 9.5.8:
* Features and enhancements GenericOAuth: Set sub as auth id
* Bug fixes: DataSourceProxy: Fix url validation error handling
* Update to version 9.5.7:
* Alerting: Sort NumberCaptureValues in EvaluationString
* Alerting: Improve performance of matching captures
* Alerting: No longer silence paused alerts during legacy migration
* Alerting: Remove and revert flag alertingBigTransactions
* Alerting: Migrate unknown NoData\Error settings to the default
* Tracing: supply Grafana build version
* Tempo: Escape regex-sensitive characters in span name before building promql
query
* Plugins: Only configure plugin proxy transport once
* Alerting: Fix unique violation when updating rule group with title
chains/cycles
* Prometheus: Version detect bug
* Prometheus: Fix heatmap format with no data
* Database: Change getExistingDashboardByTitleAndFolder to get dashboard by
title, not slug
* Alerting: Convert 'Both' type Prometheus queries to 'Range' in
* SQLStore: Fix Postgres dialect treating "false" migrator default as true
* Alerting: Support newer http_config struct
* InfluxDB: Interpolate retention policies
* StatusHistory: Fix rendering of value-mapped null
* Alerting: Fix provenance guard checks for Alertmanager configuration to not
cause panic when compared nested objects
* AnonymousAuth: Fix concurrent read-write crash
* AzureMonitor: Ensure legacy properties containing template variables are
correctly migrated
* Explore: Remove data source onboarding page
* Dashboard: Re-align Save form
* Azure Monitor: Fix bug that did not show alert rule preview
* Histogram: Respect min/max panel settings for x-axis
* Heatmap: Fix color rendering for value ranges < 1
* Heatmap: Handle unsorted timestamps in calculate mode
* Google Cloud Monitor: Fix mem usage for dropdown
* AzureMonitor: Fix logs query multi-resource and timespan values
* Utils: Reimplement util.GetRandomString to avoid modulo bias
* Alerting: Fix matching labels with spaces in their values
* Dashboard: Fix applying timezone to datetime variables
* Dashboard: Fix panel description event triggering every time panel is
rendered
* Tempo: Fix get label values based on CoreApp type
* Heatmap: Fix log scale editor
* Dashboard: Fix disappearing panel when viewed panel is refreshed
* Prometheus: Fix bug in creating autocomplete queries with labels
* Prometheus: Fix Query Inspector expression range value
* Alerting: Fix migration failing if alert_configuration table is not empty
* InfluxDB: Fix querying retention policies on flux mode
* Update to version 9.5.6:
* Dashboard: Fix library panels in collapsed rows not getting updated
* Auth: Add and document option for enabling email lookup
spacecmd:
* Version 4.3.24-1
* Change default scheduler from (none) to (system)
spacewalk-client-tools:
* Version 4.3.16-1
* Update translation strings
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4392=1
* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4392=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4392=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4392=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.14.0-150000.3.15.2
* openSUSE Leap 15.5 (noarch)
* spacecmd-4.3.24-150000.3.107.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* grafana-9.5.8-150000.1.57.2
* grafana-debuginfo-9.5.8-150000.1.57.2
* SUSE Manager Client Tools for SLE 15 (noarch)
* spacecmd-4.3.24-150000.3.107.1
* python3-spacewalk-client-tools-4.3.16-150000.3.80.2
* python3-spacewalk-client-setup-4.3.16-150000.3.80.2
* python3-spacewalk-check-4.3.16-150000.3.80.2
* spacewalk-client-setup-4.3.16-150000.3.80.2
* spacewalk-client-tools-4.3.16-150000.3.80.2
* spacewalk-check-4.3.16-150000.3.80.2
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.14.0-150000.3.15.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.14.0-150000.3.15.2
* openSUSE Leap 15.4 (noarch)
* spacecmd-4.3.24-150000.3.107.1
## References:
* https://jira.suse.com/browse/MSQA-706
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4393-1: moderate: Recommended update for grafana
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Recommended update for grafana
Announcement ID: SUSE-RU-2023:4393-1
Rating: moderate
References:
* jsc#MSQA-706
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that contains one feature can now be installed.
## Description:
This update for grafana fixes the following issues:
* Update to version 9.5.8 GenericOAuth: Set sub as auth id DataSourceProxy:
Fix url validation error handling Alerting: Sort NumberCaptureValues in
EvaluationString Alerting: Improve performance of matching captures
Alerting: No longer silence paused alerts during legacy migration Alerting:
Remove and revert flag alertingBigTransactions Alerting: Migrate unknown
NoData\Error settings to the default Tracing: supply Grafana build version
Tempo: Escape regex-sensitive characters in span name before building promql
query Plugins: Only configure plugin proxy transport once Alerting: Fix
unique violation when updating rule group with title chains/cycles
Prometheus: Version detect bug Prometheus: Fix heatmap format with no data
Database: Change getExistingDashboardByTitleAndFolder to get dashboard by
title, not slug Alerting: Convert 'Both' type Prometheus queries to 'Range'
in migration SQLStore: Fix Postgres dialect treating "false" migrator
default as true Alerting: Support newer http_config struct InfluxDB:
Interpolate retention policies StatusHistory: Fix rendering of value-mapped
null Alerting: Fix Alertmanager's provenance guard checks configuration to
not cause panic when compared nested objects AnonymousAuth: Fix concurrent
read-write crash AzureMonitor: Ensure legacy properties containing template
variables are correctly migrated Explore: Remove data source onboarding page
Dashboard: Re-align Save form Azure Monitor: Fix bug that did not show alert
rule preview Histogram: Respect min/max panel settings for x-axis Heatmap:
Fix color rendering for value ranges < 1 Heatmap: Handle unsorted timestamps
in calculate mode Google Cloud Monitor: Fix mem usage for dropdown
AzureMonitor: Fix logs query multi-resource and timespan values Utils:
Reimplement util.GetRandomString to avoid modulo bias Alerting: Fix matching
labels with spaces in their values Dashboard: Fix applying timezone to
datetime variables Dashboard: Fix panel description event triggering every
time panel is rendered Tempo: Fix get label values based on CoreApp type
Heatmap: Fix log scale editor Dashboard: Fix disappearing panel when viewed
panel is refreshed Prometheus: Fix bug in creating autocomplete queries with
labels Prometheus: Fix Query Inspector expression range value Alerting: Fix
migration failing if alert_configuration table is not empty InfluxDB: Fix
querying retention policies on flux mode Dashboard: Fix library panels in
collapsed rows not getting updated Auth: Add and document option for
enabling email lookup
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4393=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4393=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4393=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4393=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
## References:
* https://jira.suse.com/browse/MSQA-706
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4412-1: moderate: Maintenance update for SUSE Manager 4.3.9 Release Notes
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Maintenance update for SUSE Manager 4.3.9 Release Notes
Announcement ID: SUSE-SU-2023:4412-1
Rating: moderate
References:
* bsc#1204270
* bsc#1211047
* bsc#1211145
* bsc#1211270
* bsc#1211912
* bsc#1212168
* bsc#1212507
* bsc#1213132
* bsc#1213376
* bsc#1213469
* bsc#1213680
* bsc#1213689
* bsc#1214041
* bsc#1214121
* bsc#1214463
* bsc#1214553
* bsc#1214746
* bsc#1215027
* bsc#1215120
* bsc#1215157
* bsc#1215412
* bsc#1215514
* bsc#1216411
* bsc#1216661
* jsc#MSQA-706
* jsc#SUMA-111
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability, contains two features and has 23
security fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
### Description:
This update fixes the following issues:
release-notes-susemanager-proxy:
* Update to SUSE Manager 4.3.9
* Bugs mentioned bsc#1212507, bsc#1216411
## Security update for SUSE Manager Server 4.3
### Description:
This update fixes the following issues:
* Update to SUSE Manager 4.3.9
* Debian 12 support as client
* New Update Notification (jsc#SUMA-111)
* Monitoring: Grafana upgraded to 9.5.8
* Update 'saltkey' endpoints to accept GET instead of POST
* CVEs fixed: CVE-2023-34049
* Bugs mentioned: bsc#1204270, bsc#1211047, bsc#1211145, bsc#1211270,
bsc#1211912 bsc#1212168, bsc#1212507, bsc#1213132, bsc#1213376, bsc#1213469
bsc#1213680, bsc#1213689, bsc#1214041, bsc#1214121, bsc#1214463 bsc#1214553,
bsc#1214746, bsc#1215027, bsc#1215120, bsc#1215412 bsc#1215514, bsc#1216661,
bsc#1215157
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4412=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4412=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2023-4412=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4412=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-4.3.9-150400.3.90.1
* release-notes-susemanager-proxy-4.3.9-150400.3.69.1
* SUSE Manager Proxy 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.9-150400.3.69.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.9-150400.3.69.1
* SUSE Manager Server 4.3 (noarch)
* release-notes-susemanager-4.3.9-150400.3.90.1
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1204270
* https://bugzilla.suse.com/show_bug.cgi?id=1211047
* https://bugzilla.suse.com/show_bug.cgi?id=1211145
* https://bugzilla.suse.com/show_bug.cgi?id=1211270
* https://bugzilla.suse.com/show_bug.cgi?id=1211912
* https://bugzilla.suse.com/show_bug.cgi?id=1212168
* https://bugzilla.suse.com/show_bug.cgi?id=1212507
* https://bugzilla.suse.com/show_bug.cgi?id=1213132
* https://bugzilla.suse.com/show_bug.cgi?id=1213376
* https://bugzilla.suse.com/show_bug.cgi?id=1213469
* https://bugzilla.suse.com/show_bug.cgi?id=1213680
* https://bugzilla.suse.com/show_bug.cgi?id=1213689
* https://bugzilla.suse.com/show_bug.cgi?id=1214041
* https://bugzilla.suse.com/show_bug.cgi?id=1214121
* https://bugzilla.suse.com/show_bug.cgi?id=1214463
* https://bugzilla.suse.com/show_bug.cgi?id=1214553
* https://bugzilla.suse.com/show_bug.cgi?id=1214746
* https://bugzilla.suse.com/show_bug.cgi?id=1215027
* https://bugzilla.suse.com/show_bug.cgi?id=1215120
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://bugzilla.suse.com/show_bug.cgi?id=1215412
* https://bugzilla.suse.com/show_bug.cgi?id=1215514
* https://bugzilla.suse.com/show_bug.cgi?id=1216411
* https://bugzilla.suse.com/show_bug.cgi?id=1216661
* https://jira.suse.com/browse/MSQA-706
* https://jira.suse.com/browse/SUMA-111
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
08 Nov '23
# Recommended update for crmsh
Announcement ID: SUSE-RU-2023:4383-1
Rating: moderate
References:
* bsc#1203601
* bsc#1208216
* bsc#1213797
* bsc#1215438
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that has four fixes can now be installed.
## Description:
This update for crmsh fixes the following issues:
* Update to version 4.4.2+20231010.03e9316f
* report: Pick up tarball suffix dynamically (bsc#1215438)
* report: Pick 'gzip' as the first compress prog for cross-platform
compatibility(bsc#1215438)
* upgradeutil: reduce ConnectTimeout when checking the availability of ssh
access (bsc#1213797)
* ui_cluster: 'crm cluster stop' failed to stop services (bsc#1203601)
* utils: Change the way to get pacemaker's version (bsc#1208216)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4383=1 openSUSE-SLE-15.4-2023-4383=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4383=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* crmsh-test-4.4.2+20231010.03e9316f-150400.3.28.1
* crmsh-scripts-4.4.2+20231010.03e9316f-150400.3.28.1
* crmsh-4.4.2+20231010.03e9316f-150400.3.28.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch)
* crmsh-scripts-4.4.2+20231010.03e9316f-150400.3.28.1
* crmsh-4.4.2+20231010.03e9316f-150400.3.28.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1203601
* https://bugzilla.suse.com/show_bug.cgi?id=1208216
* https://bugzilla.suse.com/show_bug.cgi?id=1213797
* https://bugzilla.suse.com/show_bug.cgi?id=1215438
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0359-1: moderate: Recommended update for xfce4-notify
by maintenance@opensuse.org 07 Nov '23
by maintenance@opensuse.org 07 Nov '23
07 Nov '23
openSUSE Recommended Update: Recommended update for xfce4-notify
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0359-1
Rating: moderate
References: #1216516
Affected Products:
openSUSE Backports SLE-15-SP5
openSUSE Leap 15.5
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for xfce4-dev-tools, xfce4-notifyd fixes the following issues:
- X11 support which was broken in a previous update for xfce4-notifyd
(boo#1216516)
- xfce4-dev-tools was updated as a build dependency
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:
zypper in -t patch openSUSE-2023-359=1
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-359=1
Package List:
- openSUSE Leap 15.5 (noarch):
libgarcon-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
libxfce4ui-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
thunar-volman-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-notifyd-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-panel-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-power-manager-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-session-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfce4-settings-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfdesktop-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
xfwm4-branding-openSUSE-4.18.0+git0.9a2f754-lp155.2.8.1
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
xfce4-dev-tools-4.18.1-bp155.3.5.1
xfce4-notifyd-0.9.2-bp155.2.6.1
xfce4-notifyd-debuginfo-0.9.2-bp155.2.6.1
xfce4-notifyd-debugsource-0.9.2-bp155.2.6.1
- openSUSE Backports SLE-15-SP5 (noarch):
xfce4-notifyd-branding-upstream-0.9.2-bp155.2.6.1
xfce4-notifyd-lang-0.9.2-bp155.2.6.1
References:
https://bugzilla.suse.com/1216516
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0358-1: moderate: Recommended update for go1.15, go1.16, go1.17
by maintenance@opensuse.org 07 Nov '23
by maintenance@opensuse.org 07 Nov '23
07 Nov '23
openSUSE Recommended Update: Recommended update for go1.15, go1.16, go1.17
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0358-1
Rating: moderate
References:
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update adds go1.15, go1.16 and go1.17 to bootstrap newer go versions.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2023-358=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
go1.15-1.15.15-5.1
go1.15-doc-1.15.15-5.1
go1.16-1.16.15-2.3
go1.16-doc-1.16.15-2.3
go1.17-1.17.13-2.1
go1.17-doc-1.17.13-2.1
References:
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4382-1: important: Recommended update for release-notes-sles
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Recommended update for release-notes-sles
Announcement ID: SUSE-RU-2023:4382-1
Rating: important
References:
* bsc#933411
* jsc#PED-4489
* jsc#PED-4564
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that contains two features and has one fix can now be installed.
## Description:
This update for release-notes-sles fixes the following issues:
* Version 15.5.20231106:
* aarch64: Added recommendation of 64K for NVIDIA Grace
(jsc#PED-4564/jsc#PED-4489)
* aarch64: Mention NVIDIA Grace Hopper and GPU (jsc#PED-4564)
* aarch64: Updated 64K page size kernel flavor to supported (jsc#PED-4489)
* aarch64: Added NVIDIA Grace (jsc#PED-4564)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-2023-4382=1 SUSE-SLE-
INSTALLER-15-SP5-2023-4382=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4382=1 openSUSE-SLE-15.5-2023-4382=1
* SUSE Linux Enterprise High Performance Computing 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1
* SUSE Linux Enterprise Desktop 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-4382=1
## Package List:
* SUSE Linux Enterprise Server 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* openSUSE Leap 15.5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
* SUSE Linux Enterprise Desktop 15 SP5 (noarch)
* release-notes-sles-15.5.20231106-150500.3.9.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=933411
* https://jira.suse.com/browse/PED-4489
* https://jira.suse.com/browse/PED-4564
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4375-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4375-1
Rating: important
References:
* bsc#1208788
* bsc#1211162
* bsc#1211307
* bsc#1212423
* bsc#1212649
* bsc#1213705
* bsc#1213772
* bsc#1214754
* bsc#1214874
* bsc#1215095
* bsc#1215104
* bsc#1215523
* bsc#1215545
* bsc#1215921
* bsc#1215955
* bsc#1215986
* bsc#1216062
* bsc#1216202
* bsc#1216322
* bsc#1216323
* bsc#1216324
* bsc#1216333
* bsc#1216345
* bsc#1216512
* bsc#1216621
* bsc#802154
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39191
* CVE-2023-39193
* CVE-2023-46813
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves nine vulnerabilities and has 17 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed a local privilege escalation with user-space programs
that have access to MMIO regions (bsc#1212649).
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could
allow a malicious user to execute a remote code execution. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-
supplied eBPF programs that may have allowed an attacker with CAP_BPF
privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
* ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
* ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
* ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
* ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* NFS: Fix O_DIRECT locking issues (bsc#1211162).
* NFS: Fix a few more clear_bit() instances that need release semantics
(bsc#1211162).
* NFS: Fix a potential data corruption (bsc#1211162).
* NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
* NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
* NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
* NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
* NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
* NFS: only issue commit in DIO codepath if we have uncommitted data
(bsc#1211162).
* NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
(git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* bonding: Fix extraction of ports from the packet headers (bsc#1214754).
* bonding: Return pointer to data after pull on skb (bsc#1214754).
* bonding: do not assume skb mac_header is set (bsc#1214754).
* bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
* bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
* bpf: Add override check to kprobe multi link attach (git-fixes).
* bpf: Add zero_map_value to zero map value with special fields (git-fixes).
* bpf: Cleanup check_refcount_ok (git-fixes).
* bpf: Fix max stack depth check for async callbacks (git-fixes).
* bpf: Fix offset calculation error in __copy_map_value and zero_map_value
(git-fixes).
* bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
* bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
* bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
* bpf: Gate dynptr API behind CAP_BPF (git-fixes).
* bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
* bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
* bpf: Tighten ptr_to_btf_id checks (git-fixes).
* bpf: fix precision propagation verbose logging (git-fixes).
* bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
* bpf: propagate precision across all frames, not just the last one (git-
fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* btf: Export bpf_dynptr definition (git-fixes).
* btrfs: do not start transaction for scrub if the fs is mounted read-only
(bsc#1214874).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
* ceph: add encryption support to writepage and writepages (jsc#SES-1880).
* ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
* ceph: add helpers for converting names for userland presentation
(jsc#SES-1880).
* ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
* ceph: add new mount option to enable sparse reads (jsc#SES-1880).
* ceph: add object version support for sync read (jsc#SES-1880).
* ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
* ceph: add some fscrypt guardrails (jsc#SES-1880).
* ceph: add support for encrypted snapshot names (jsc#SES-1880).
* ceph: add support to readdir for encrypted names (jsc#SES-1880).
* ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
* ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
* ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
* ceph: create symlinks with encrypted and base64-encoded targets
(jsc#SES-1880).
* ceph: decode alternate_name in lease info (jsc#SES-1880).
* ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
* ceph: drop messages from MDS when unmounting (jsc#SES-1880).
* ceph: encode encrypted name in ceph_mdsc_build_path and dentry release
(jsc#SES-1880).
* ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1216322).
* ceph: fix type promotion bug on 32bit systems (bsc#1216324).
* ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
* ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
* ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
* ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
* ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
* ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
* ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
* ceph: make d_revalidate call fscrypt revalidator for encrypted dentries
(jsc#SES-1880).
* ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
* ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
* ceph: mark directory as non-complete after loading key (jsc#SES-1880).
* ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
* ceph: plumb in decryption during reads (jsc#SES-1880).
* ceph: preallocate inode for ops that may create one (jsc#SES-1880).
* ceph: prevent snapshot creation in encrypted locked directories
(jsc#SES-1880).
* ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
* ceph: send alternate_name in MClientRequest (jsc#SES-1880).
* ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open()
(jsc#SES-1880).
* ceph: size handling in MClientRequest, cap updates and inode traces
(jsc#SES-1880).
* ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper
(jsc#SES-1880).
* ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
* ceph: voluntarily drop Xx caps for requests those touch parent mtime
(jsc#SES-1880).
* ceph: wait for OSD requests' callbacks to finish when unmounting
(jsc#SES-1880).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
* drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
* drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-
fixes).
* drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
* drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
* drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
* drm/atomic-helper: relax unregistered connector check (git-fixes).
* drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-
fixes).
* drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
* drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-
fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* fix x86/mm: print the encryption features in hyperv is disabled
* fprobe: Ensure running fprobe_exit_handler() finished before calling
rethook_free() (git-fixes).
* fscrypt: new helper function - fscrypt_prepare_lookup_partial()
(jsc#SES-1880).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio:Â Replace custom acpi_get_local_address() (git-fixes).
* i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-
fixes).
* iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds
(git-fixes).
* iio: exynos-adc: request second interupt only when touchscreen mode is used
(git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* intel x86 platform vsec kABI workaround (bsc#1216202).
* io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
* io_uring/rw: defer fsnotify calls to task context (git-fixes).
* io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
* io_uring/rw: remove leftover debug statement (git-fixes).
* io_uring: Replace 0-length array with flexible array (git-fixes).
* io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
* io_uring: fix fdinfo sqe offsets calculation (git-fixes).
* io_uring: fix memory leak when removing provided buffers (git-fixes).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
* kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
* libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type
(jsc#SES-1880).
* libceph: add sparse read support to OSD client (jsc#SES-1880).
* libceph: add sparse read support to msgr1 (jsc#SES-1880).
* libceph: add spinlock around osd->o_requests (jsc#SES-1880).
* libceph: allow ceph_osdc_new_request to accept a multi-op read
(jsc#SES-1880).
* libceph: define struct ceph_sparse_extent and add some helpers
(jsc#SES-1880).
* libceph: new sparse_read op, support sparse reads on msgr2 crc codepath
(jsc#SES-1880).
* libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
* libceph: use kernel_connect() (bsc#1216323).
* misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* net: ieee802154: adf7242: Fix some potential buffer overflow in
adf7242_stats_show() (git-fixes).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-
fixes).
* net: use sk_is_tcp() in more places (git-fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
* platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
* platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
* platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
* platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* quota: Fix slow quotaoff (bsc#1216621).
* r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
* r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
* r8152: Release firmware if we have an error in probe (git-fixes).
* r8152: Run the unload routine if we have errors during probe (git-fixes).
* r8152: check budget for r8152_poll() (git-fixes).
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
* scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
* scsi: iscsi: Add length check for nlattr payload (git-fixes).
* scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
* scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
* scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
* scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-
fixes).
* scsi: pm8001: Setup IRQs on resume (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in
qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
* scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
* scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
* selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-
fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-
fixes).
* selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
* selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* treewide: Spelling fix in comment (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: hub: Guard against accesses to uninitialized BOS descriptors (git-
fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* usb: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/mm: Print the encryption features correctly when a paravisor is present
(bsc#1206453).
* x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* x86/sev: Make enc_dec_hypercall() accept a size instead of npages
(bsc#1214635).
* xen-netback: use default TX queue size for vifs (git-fixes).
* xhci: Keep interrupt disabled in initialization until host is running (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4375=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4375=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4375=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4375=1 openSUSE-SLE-15.5-2023-4375=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4375=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4375=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4375=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4375=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-livepatch-5.14.21-150500.55.36.1
* kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-livepatch-devel-5.14.21-150500.55.36.1
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* ocfs2-kmp-default-5.14.21-150500.55.36.1
* dlm-kmp-default-5.14.21-150500.55.36.1
* cluster-md-kmp-default-5.14.21-150500.55.36.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debugsource-5.14.21-150500.55.36.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1
* gfs2-kmp-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-extra-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (noarch)
* kernel-devel-5.14.21-150500.55.36.1
* kernel-source-vanilla-5.14.21-150500.55.36.1
* kernel-docs-html-5.14.21-150500.55.36.1
* kernel-source-5.14.21-150500.55.36.1
* kernel-macros-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-debug-debuginfo-5.14.21-150500.55.36.1
* kernel-debug-devel-5.14.21-150500.55.36.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.36.1
* kernel-debug-debugsource-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-debuginfo-5.14.21-150500.55.36.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.36.1
* kernel-debug-vdso-5.14.21-150500.55.36.1
* kernel-default-vdso-5.14.21-150500.55.36.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.36.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-5.14.21-150500.55.36.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.36.1
* kernel-default-base-rebuild-5.14.21-150500.55.36.1.150500.6.15.3
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.36.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.36.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-qa-5.14.21-150500.55.36.1
* kselftests-kmp-default-5.14.21-150500.55.36.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-devel-5.14.21-150500.55.36.1
* reiserfs-kmp-default-5.14.21-150500.55.36.1
* kernel-obs-build-debugsource-5.14.21-150500.55.36.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.36.1
* kernel-obs-build-5.14.21-150500.55.36.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-livepatch-5.14.21-150500.55.36.1
* kernel-default-extra-5.14.21-150500.55.36.1
* cluster-md-kmp-default-5.14.21-150500.55.36.1
* kernel-default-livepatch-devel-5.14.21-150500.55.36.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.36.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.36.1
* ocfs2-kmp-default-5.14.21-150500.55.36.1
* dlm-kmp-default-5.14.21-150500.55.36.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-syms-5.14.21-150500.55.36.1
* gfs2-kmp-default-5.14.21-150500.55.36.1
* kernel-default-optional-5.14.21-150500.55.36.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.36.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debugsource-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_7-debugsource-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_36-default-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_36-default-debuginfo-1-150500.11.5.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64)
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-debugsource-5.14.21-150500.55.36.1
* ocfs2-kmp-64kb-5.14.21-150500.55.36.1
* reiserfs-kmp-64kb-5.14.21-150500.55.36.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.36.1
* dtb-allwinner-5.14.21-150500.55.36.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.36.1
* dtb-arm-5.14.21-150500.55.36.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1
* dtb-rockchip-5.14.21-150500.55.36.1
* dtb-socionext-5.14.21-150500.55.36.1
* dtb-altera-5.14.21-150500.55.36.1
* kernel-64kb-devel-5.14.21-150500.55.36.1
* dtb-broadcom-5.14.21-150500.55.36.1
* dtb-cavium-5.14.21-150500.55.36.1
* dtb-freescale-5.14.21-150500.55.36.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* dtb-lg-5.14.21-150500.55.36.1
* dtb-amlogic-5.14.21-150500.55.36.1
* kernel-64kb-debuginfo-5.14.21-150500.55.36.1
* dlm-kmp-64kb-5.14.21-150500.55.36.1
* dtb-apple-5.14.21-150500.55.36.1
* dtb-sprd-5.14.21-150500.55.36.1
* dtb-renesas-5.14.21-150500.55.36.1
* dtb-mediatek-5.14.21-150500.55.36.1
* kernel-64kb-extra-5.14.21-150500.55.36.1
* gfs2-kmp-64kb-5.14.21-150500.55.36.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* dtb-qcom-5.14.21-150500.55.36.1
* dtb-apm-5.14.21-150500.55.36.1
* dtb-xilinx-5.14.21-150500.55.36.1
* dtb-nvidia-5.14.21-150500.55.36.1
* kselftests-kmp-64kb-5.14.21-150500.55.36.1
* dtb-exynos-5.14.21-150500.55.36.1
* kernel-64kb-optional-5.14.21-150500.55.36.1
* dtb-amd-5.14.21-150500.55.36.1
* dtb-amazon-5.14.21-150500.55.36.1
* dtb-marvell-5.14.21-150500.55.36.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.36.1
* cluster-md-kmp-64kb-5.14.21-150500.55.36.1
* dtb-hisilicon-5.14.21-150500.55.36.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.36.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-64kb-debugsource-5.14.21-150500.55.36.1
* kernel-64kb-devel-5.14.21-150500.55.36.1
* kernel-64kb-debuginfo-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-devel-5.14.21-150500.55.36.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (noarch)
* kernel-macros-5.14.21-150500.55.36.1
* kernel-devel-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.36.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.36.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.36.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.36.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.36.1
* kernel-obs-build-5.14.21-150500.55.36.1
* kernel-syms-5.14.21-150500.55.36.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.36.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.36.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.36.1
* kernel-default-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.36.1
* reiserfs-kmp-default-5.14.21-150500.55.36.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39191.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1211162
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1214754
* https://bugzilla.suse.com/show_bug.cgi?id=1214874
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215104
* https://bugzilla.suse.com/show_bug.cgi?id=1215523
* https://bugzilla.suse.com/show_bug.cgi?id=1215545
* https://bugzilla.suse.com/show_bug.cgi?id=1215921
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1215986
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216202
* https://bugzilla.suse.com/show_bug.cgi?id=1216322
* https://bugzilla.suse.com/show_bug.cgi?id=1216323
* https://bugzilla.suse.com/show_bug.cgi?id=1216324
* https://bugzilla.suse.com/show_bug.cgi?id=1216333
* https://bugzilla.suse.com/show_bug.cgi?id=1216345
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
* https://bugzilla.suse.com/show_bug.cgi?id=802154
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4378-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4378-1
Rating: important
References:
* bsc#1208788
* bsc#1210778
* bsc#1211307
* bsc#1212423
* bsc#1212649
* bsc#1213705
* bsc#1213772
* bsc#1214842
* bsc#1215095
* bsc#1215104
* bsc#1215518
* bsc#1215955
* bsc#1215956
* bsc#1215957
* bsc#1215986
* bsc#1216062
* bsc#1216345
* bsc#1216510
* bsc#1216511
* bsc#1216512
* bsc#1216621
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39193
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* Legacy Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves seven vulnerabilities and has 14 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* r8152: check budget for r8152_poll() (git-fixes).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4378=1 SUSE-2023-4378=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4378=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4378=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4378=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4378=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4378=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4378=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4378=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4378=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-4378=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4378=1
## Package List:
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-5.14.21-150400.24.97.1
* kernel-source-5.14.21-150400.24.97.1
* kernel-source-vanilla-5.14.21-150400.24.97.1
* kernel-macros-5.14.21-150400.24.97.1
* kernel-docs-html-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debuginfo-5.14.21-150400.24.97.1
* kernel-debug-devel-5.14.21-150400.24.97.1
* kernel-debug-debugsource-5.14.21-150400.24.97.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.97.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.97.1
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* kernel-default-base-rebuild-5.14.21-150400.24.97.1.150400.24.44.2
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-kvmsmall-devel-5.14.21-150400.24.97.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.97.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* dlm-kmp-default-5.14.21-150400.24.97.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.97.1
* gfs2-kmp-default-5.14.21-150400.24.97.1
* kernel-default-extra-5.14.21-150400.24.97.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.97.1
* kernel-obs-qa-5.14.21-150400.24.97.1
* cluster-md-kmp-default-5.14.21-150400.24.97.1
* kernel-default-devel-5.14.21-150400.24.97.1
* kernel-obs-build-debugsource-5.14.21-150400.24.97.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-livepatch-devel-5.14.21-150400.24.97.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.97.1
* ocfs2-kmp-default-5.14.21-150400.24.97.1
* kernel-syms-5.14.21-150400.24.97.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1
* reiserfs-kmp-default-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* kernel-default-optional-5.14.21-150400.24.97.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-livepatch-5.14.21-150400.24.97.1
* kselftests-kmp-default-5.14.21-150400.24.97.1
* kernel-obs-build-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64)
* kernel-64kb-extra-5.14.21-150400.24.97.1
* dtb-xilinx-5.14.21-150400.24.97.1
* dtb-socionext-5.14.21-150400.24.97.1
* ocfs2-kmp-64kb-5.14.21-150400.24.97.1
* dtb-sprd-5.14.21-150400.24.97.1
* dlm-kmp-64kb-5.14.21-150400.24.97.1
* dtb-allwinner-5.14.21-150400.24.97.1
* reiserfs-kmp-64kb-5.14.21-150400.24.97.1
* dtb-amd-5.14.21-150400.24.97.1
* dtb-exynos-5.14.21-150400.24.97.1
* dtb-mediatek-5.14.21-150400.24.97.1
* dtb-arm-5.14.21-150400.24.97.1
* dtb-altera-5.14.21-150400.24.97.1
* dtb-lg-5.14.21-150400.24.97.1
* dtb-renesas-5.14.21-150400.24.97.1
* dtb-freescale-5.14.21-150400.24.97.1
* kernel-64kb-debuginfo-5.14.21-150400.24.97.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* dtb-qcom-5.14.21-150400.24.97.1
* dtb-marvell-5.14.21-150400.24.97.1
* dtb-cavium-5.14.21-150400.24.97.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* gfs2-kmp-64kb-5.14.21-150400.24.97.1
* kernel-64kb-optional-5.14.21-150400.24.97.1
* cluster-md-kmp-64kb-5.14.21-150400.24.97.1
* dtb-apm-5.14.21-150400.24.97.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.97.1
* dtb-rockchip-5.14.21-150400.24.97.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* dtb-hisilicon-5.14.21-150400.24.97.1
* dtb-amlogic-5.14.21-150400.24.97.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* dtb-amazon-5.14.21-150400.24.97.1
* kselftests-kmp-64kb-5.14.21-150400.24.97.1
* dtb-apple-5.14.21-150400.24.97.1
* dtb-nvidia-5.14.21-150400.24.97.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-devel-5.14.21-150400.24.97.1
* dtb-broadcom-5.14.21-150400.24.97.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.97.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-debugsource-5.14.21-150400.24.97.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* kernel-default-debugsource-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-64kb-debugsource-5.14.21-150400.24.97.1
* kernel-64kb-devel-5.14.21-150400.24.97.1
* kernel-64kb-debuginfo-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (noarch)
* kernel-macros-5.14.21-150400.24.97.1
* kernel-devel-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.97.1
* Basesystem Module 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.97.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.97.1
* Development Tools Module 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.97.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150400.24.97.1
* kernel-syms-5.14.21-150400.24.97.1
* kernel-obs-build-5.14.21-150400.24.97.1
* Development Tools Module 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.97.1
* Legacy Module 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* kernel-default-livepatch-devel-5.14.21-150400.24.97.1
* kernel-default-livepatch-5.14.21-150400.24.97.1
* kernel-livepatch-5_14_21-150400_24_97-default-debuginfo-1-150400.9.3.2
* kernel-livepatch-SLE15-SP4_Update_20-debugsource-1-150400.9.3.2
* kernel-livepatch-5_14_21-150400_24_97-default-1-150400.9.3.2
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
* gfs2-kmp-default-5.14.21-150400.24.97.1
* ocfs2-kmp-default-5.14.21-150400.24.97.1
* cluster-md-kmp-default-5.14.21-150400.24.97.1
* dlm-kmp-default-5.14.21-150400.24.97.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.97.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.97.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* kernel-default-extra-5.14.21-150400.24.97.1
* kernel-default-debuginfo-5.14.21-150400.24.97.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.97.1
* kernel-default-debugsource-5.14.21-150400.24.97.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1214842
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215104
* https://bugzilla.suse.com/show_bug.cgi?id=1215518
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1215956
* https://bugzilla.suse.com/show_bug.cgi?id=1215957
* https://bugzilla.suse.com/show_bug.cgi?id=1215986
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216345
* https://bugzilla.suse.com/show_bug.cgi?id=1216510
* https://bugzilla.suse.com/show_bug.cgi?id=1216511
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
06 Nov '23
# Security update for squid
Announcement ID: SUSE-SU-2023:4380-1
Rating: important
References:
* bsc#1216495
* bsc#1216498
* bsc#1216500
* bsc#1216803
Cross-References:
* CVE-2023-46724
* CVE-2023-46846
* CVE-2023-46847
* CVE-2023-46848
CVSS scores:
* CVE-2023-46724 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-46724 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-46846 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-46846 ( NVD ): 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
* CVE-2023-46847 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46847 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
* CVE-2023-46848 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46848 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Server Applications Module 15-SP4
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves four vulnerabilities can now be installed.
## Description:
This update for squid fixes the following issues:
* CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP
(bsc#1216500).
* CVE-2023-46847: Denial of Service in HTTP Digest Authentication
(bsc#1216495).
* CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803).
* CVE-2023-46848: Denial of Service in FTP (bsc#1216498).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4380=1 openSUSE-SLE-15.4-2023-4380=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4380=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4380=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4380=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* squid-5.7-150400.3.12.1
* squid-debugsource-5.7-150400.3.12.1
* squid-debuginfo-5.7-150400.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2023-46724.html
* https://www.suse.com/security/cve/CVE-2023-46846.html
* https://www.suse.com/security/cve/CVE-2023-46847.html
* https://www.suse.com/security/cve/CVE-2023-46848.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216495
* https://bugzilla.suse.com/show_bug.cgi?id=1216498
* https://bugzilla.suse.com/show_bug.cgi?id=1216500
* https://bugzilla.suse.com/show_bug.cgi?id=1216803
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0357-1: moderate: Recommended update for tayga
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
openSUSE Recommended Update: Recommended update for tayga
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0357-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for tayga fixes the following issues:
- Add tayga_destroy_tun to delete the tunnel interface when the service is
stopped
- Drop PrivateDevices and ProtectClock hardening options to repair startup
failure while accessing /dev/net/tun
- Add conditional to tayga_setup_tun to facilitate operation on systems
without iptables
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-357=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
tayga-0.9.2-bp155.4.3.1
References:
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
06 Nov '23
# Security update for tiff
Announcement ID: SUSE-SU-2023:4370-1
Rating: moderate
References:
* bsc#1212535
* bsc#1212881
* bsc#1212883
* bsc#1212888
* bsc#1213273
* bsc#1213274
* bsc#1213589
* bsc#1213590
* bsc#1214574
Cross-References:
* CVE-2020-18768
* CVE-2023-25433
* CVE-2023-26966
* CVE-2023-2908
* CVE-2023-3316
* CVE-2023-3576
* CVE-2023-3618
* CVE-2023-38288
* CVE-2023-38289
CVSS scores:
* CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
* CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-2908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3316 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3576 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-3576 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3618 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-3618 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-38288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-38289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves nine vulnerabilities can now be installed.
## Description:
This update for tiff fixes the following issues:
* CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589).
* CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
* CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
* CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
* CVE-2023-26966: Fixed an out of bounds read when transforming a little-
endian file to a big-endian output (bsc#1212881)
* CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files
(bsc#1213274).
* CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
* CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an
inaccessible path (bsc#1212535).
* CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4370=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4370=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4370=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4370=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4370=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4370=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4370=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4370=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4370=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4370=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4370=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4370=1
## Package List:
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* openSUSE Leap 15.4 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* libtiff-devel-32bit-4.0.9-150000.45.32.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* openSUSE Leap 15.5 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* libtiff-devel-32bit-4.0.9-150000.45.32.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* Basesystem Module 15-SP4 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.0.9-150000.45.32.1
* libtiff5-debuginfo-4.0.9-150000.45.32.1
* libtiff-devel-4.0.9-150000.45.32.1
* tiff-debuginfo-4.0.9-150000.45.32.1
* libtiff5-4.0.9-150000.45.32.1
* Basesystem Module 15-SP5 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.32.1
* libtiff5-32bit-4.0.9-150000.45.32.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.32.1
* tiff-debugsource-4.0.9-150000.45.32.1
* tiff-4.0.9-150000.45.32.1
## References:
* https://www.suse.com/security/cve/CVE-2020-18768.html
* https://www.suse.com/security/cve/CVE-2023-25433.html
* https://www.suse.com/security/cve/CVE-2023-26966.html
* https://www.suse.com/security/cve/CVE-2023-2908.html
* https://www.suse.com/security/cve/CVE-2023-3316.html
* https://www.suse.com/security/cve/CVE-2023-3576.html
* https://www.suse.com/security/cve/CVE-2023-3618.html
* https://www.suse.com/security/cve/CVE-2023-38288.html
* https://www.suse.com/security/cve/CVE-2023-38289.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212535
* https://bugzilla.suse.com/show_bug.cgi?id=1212881
* https://bugzilla.suse.com/show_bug.cgi?id=1212883
* https://bugzilla.suse.com/show_bug.cgi?id=1212888
* https://bugzilla.suse.com/show_bug.cgi?id=1213273
* https://bugzilla.suse.com/show_bug.cgi?id=1213274
* https://bugzilla.suse.com/show_bug.cgi?id=1213589
* https://bugzilla.suse.com/show_bug.cgi?id=1213590
* https://bugzilla.suse.com/show_bug.cgi?id=1214574
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4372-1: important: Security update for util-linux
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for util-linux
Announcement ID: SUSE-SU-2023:4372-1
Rating: important
References:
* bsc#1213865
Cross-References:
* CVE-2018-7738
CVSS scores:
* CVE-2018-7738 ( SUSE ): 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2018-7738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
An update that solves one vulnerability can now be installed.
## Description:
This update for util-linux fixes the following issues:
* CVE-2018-7738: Fixed shell code injection in umount bash-completions
(bsc#1213865).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4372=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4372=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* python-libmount-debugsource-2.31.1-150000.9.24.1
* python-libmount-debuginfo-2.31.1-150000.9.24.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-libmount-debugsource-2.31.1-150000.9.24.1
* python-libmount-debuginfo-2.31.1-150000.9.24.1
## References:
* https://www.suse.com/security/cve/CVE-2018-7738.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213865
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
06 Nov '23
# Security update for nodejs12
Announcement ID: SUSE-SU-2023:4373-1
Rating: important
References:
* bsc#1216190
* bsc#1216272
Cross-References:
* CVE-2023-38552
* CVE-2023-44487
CVSS scores:
* CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Server 4.2
An update that solves two vulnerabilities can now be installed.
## Description:
This update for nodejs12 fixes the following issues:
* CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190)
* CVE-2023-38552: Fixed an integrity checks according to policies that could
be circumvented. (bsc#1216272)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4373=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4373=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4373=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4373=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4373=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4373=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4373=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4373=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4373=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4373=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* corepack14-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* openSUSE Leap 15.4 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Manager Server 4.2 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* nodejs14-14.21.3-150200.15.52.2
* nodejs14-devel-14.21.3-150200.15.52.2
* nodejs14-debugsource-14.21.3-150200.15.52.2
* npm14-14.21.3-150200.15.52.2
* nodejs14-debuginfo-14.21.3-150200.15.52.2
* SUSE Enterprise Storage 7.1 (noarch)
* nodejs14-docs-14.21.3-150200.15.52.2
## References:
* https://www.suse.com/security/cve/CVE-2023-38552.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216190
* https://bugzilla.suse.com/show_bug.cgi?id=1216272
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
06 Nov '23
# Security update for nodejs12
Announcement ID: SUSE-SU-2023:4374-1
Rating: important
References:
* bsc#1216190
* bsc#1216272
Cross-References:
* CVE-2023-38552
* CVE-2023-44487
CVSS scores:
* CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Server 4.2
An update that solves two vulnerabilities can now be installed.
## Description:
This update for nodejs12 fixes the following issues:
* CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190)
* CVE-2023-38552: Fixed an integrity checks according to policies that could
be circumvented. (bsc#1216272)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4374=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4374=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* openSUSE Leap 15.4 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Manager Server 4.2 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* nodejs12-12.22.12-150200.4.53.2
* npm12-12.22.12-150200.4.53.2
* nodejs12-devel-12.22.12-150200.4.53.2
* nodejs12-debuginfo-12.22.12-150200.4.53.2
* nodejs12-debugsource-12.22.12-150200.4.53.2
* SUSE Enterprise Storage 7.1 (noarch)
* nodejs12-docs-12.22.12-150200.4.53.2
## References:
* https://www.suse.com/security/cve/CVE-2023-38552.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216190
* https://bugzilla.suse.com/show_bug.cgi?id=1216272
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4072-2: important: Security update for the Linux Kernel
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4072-2
Rating: important
References:
* bsc#1202845
* bsc#1213808
* bsc#1214928
* bsc#1214940
* bsc#1214941
* bsc#1214942
* bsc#1214943
* bsc#1214944
* bsc#1214950
* bsc#1214951
* bsc#1214954
* bsc#1214957
* bsc#1214986
* bsc#1214988
* bsc#1214992
* bsc#1214993
* bsc#1215322
* bsc#1215877
* bsc#1215894
* bsc#1215895
* bsc#1215896
* bsc#1215911
* bsc#1215915
* bsc#1215916
Cross-References:
* CVE-2023-1192
* CVE-2023-1206
* CVE-2023-1859
* CVE-2023-2177
* CVE-2023-39192
* CVE-2023-39193
* CVE-2023-39194
* CVE-2023-4155
* CVE-2023-42753
* CVE-2023-42754
* CVE-2023-4389
* CVE-2023-4563
* CVE-2023-4622
* CVE-2023-4623
* CVE-2023-4881
* CVE-2023-4921
* CVE-2023-5345
CVSS scores:
* CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2177 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2023-42753 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4563 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
An update that solves 17 vulnerabilities and has seven security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component.
This vulnerability could allow a local attacker to crash the system or lead
to a kernel information leak problem. (bsc#1214727)
* CVE-2023-39194: Fixed a flaw in the processing of state filters which could
allow a local attackers to disclose sensitive information. (bsc#1215861)
* CVE-2023-39193: Fixed a flaw in the processing of state filters which could
allow a local attackers to disclose sensitive information. (bsc#1215860)
* CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow
a local attackers to disclose sensitive information. (bsc#1215858)
* CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which
could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
* CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client
component which could be exploited to achieve local privilege escalation.
(bsc#1215899)
* CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization
(SEV). An attacker can trigger a stack overflow and cause a denial of
service or potentially guest-to-host escape in kernel configurations without
stack guard pages. (bsc#1214022)
* CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that
could be exploited in order to leak internal kernel information or crash the
system (bsc#1214351).
* CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter
subsystem. This issue may have allowed a local user to crash the system or
potentially escalate their privileges (bsc#1215150).
* CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
table. A user located in the local network or with a high bandwidth
connection can increase the CPU usage of the server that accepts IPV6
connections up to 95% (bsc#1212703).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalatio
(bsc#1215275).
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215117).
* CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
which could be exploited to achieve local privilege escalation
(bsc#1215115).
* CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
could be exploited to crash the system (bsc#1210169).
* CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221).
* CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network
protocol which could allow a user to crash the system (bsc#1210643).
* CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
(bsc#1208995).
The following non-security bugs were fixed:
* ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-
fixes).
* ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-
fixes).
* ARM: pxa: remove use of symbol_get() (git-fixes).
* arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-
fixes).
* arm64: module-plts: inline linux/moduleloader.h (git-fixes)
* arm64: module: Use module_init_layout_section() to spot init sections (git-
fixes)
* arm64: sdei: abort running SDEI handlers during crash (git-fixes)
* arm64: tegra: Update AHUB clock parent and rate (git-fixes)
* arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-
fixes)
* ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
* ASoC: meson: spdifin: start hw on dai probe (git-fixes).
* ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
* ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
* ata: libata: disallow dev-initiated LPM transitions to unsupported states
(git-fixes).
* ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
* ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
* ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
* backlight: gpio_backlight: Drop output GPIO direction check for initial
power state (git-fixes).
* blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
* blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
(bsc#1214992).
* block/mq-deadline: use correct way to throttling write requests
(bsc#1214993).
* Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race
condition (git-fixes).
* bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
* bpf: Clear the probe_addr for uprobe (git-fixes).
* btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
* drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
* drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
* drm/amd/display: prevent potential division by zero errors (git-fixes).
* drm/display: Do not assume dual mode adaptors support i2c sub-addressing
(bsc#1213808).
* drm/i915: mark requests for GuC virtual engines to avoid use-after-free
(git-fixes).
* drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
* drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
* drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
(git-fixes).
* ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
* ext4: correct inline offset when handling xattrs in inode body
(bsc#1214950).
* ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
(bsc#1214954).
* ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
* ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
* ext4: get block from bh in ext4_free_blocks for fast commit replay
(bsc#1214942).
* ext4: reflect error codes from ext4_multi_mount_protect() to its callers
(bsc#1214941).
* ext4: Remove ext4 locking of moved directory (bsc#1214957).
* ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
* fs: do not update freeing inode i_io_list (bsc#1214813).
* fs: Establish locking order for unrelated directories (bsc#1214958).
* fs: Lock moved directories (bsc#1214959).
* fs: lockd: avoid possible wrong NULL parameter (git-fixes).
* fs: no need to check source (bsc#1215752).
* fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
(bsc#1214813).
* fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
* gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
* gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
* gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
* gve: Changes to add new TX queues (bsc#1214479).
* gve: Control path for DQO-QPL (bsc#1214479).
* gve: fix frag_list chaining (bsc#1214479).
* gve: Fix gve interrupt names (bsc#1214479).
* gve: RX path for DQO-QPL (bsc#1214479).
* gve: trivial spell fix Recive to Receive (bsc#1214479).
* gve: Tx path for DQO-QPL (bsc#1214479).
* gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
* gve: use vmalloc_array and vcalloc (bsc#1214479).
* gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
* hwrng: virtio - add an internal buffer (git-fixes).
* hwrng: virtio - always add a pending request (git-fixes).
* hwrng: virtio - do not wait on cleanup (git-fixes).
* hwrng: virtio - do not waste entropy (git-fixes).
* hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
* i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
* i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
* idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
* Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
* iommu/virtio: Detach domain on endpoint release (git-fixes).
* jbd2: check 'jh->b_transaction' before removing it from checkpoint
(bsc#1214953).
* jbd2: correct the end of the journal recovery scan range (bsc#1214955).
* jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
* jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
* jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint
(bsc#1214948).
* jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
* jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
* jbd2: remove t_checkpoint_io_list (bsc#1214946).
* jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
* kabi/severities: ignore mlx4 internal symbols
* kconfig: fix possible buffer overflow (git-fixes).
* kernel-binary: Move build-time definitions together Move source list and
build architecture to buildrequires to aid in future reorganization of the
spec template.
* kernel-binary: python3 is needed for build At least
scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar
scripts may exist.
* kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
* KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes
bsc#1215915).
* KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes
bsc#1215896).
* KVM: s390: pv: fix external interruption loop not always detected (git-fixes
bsc#1215916).
* KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
(git-fixes bsc#1215894).
* KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
* KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
(git-fixes bsc#1215911).
* KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-
fixes).
* KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
* KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
* KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
* loop: Fix use-after-free issues (bsc#1214991).
* loop: loop_set_status_from_info() check before assignment (bsc#1214990).
* mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
* mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
* mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
* mlx4: Delete custom device management logic (bsc#1187236).
* mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
* mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
* mlx4: Move the bond work to the core driver (bsc#1187236).
* mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
* mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
* mlx4: Replace the mlx4_interface.event callback with a notifier
(bsc#1187236).
* mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
(bsc#1187236).
* module: Expose module_init_layout_section() (git-fixes)
* net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
* net: mana: Add page pool for RX buffers (bsc#1214040).
* net: mana: Configure hwc timeout from hardware (bsc#1214037).
* net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
* net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
* net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
* NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-
fixes).
* NFS/blocklayout: Use the passed in gfp flags (git-fixes).
* NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes).
* NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
* NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
* NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
* NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
* NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
* NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
* NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
* NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
* NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
* ntb: Clean up tx tail index on link down (git-fixes).
* ntb: Drop packets when qp link is down (git-fixes).
* ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
* nvme-auth: use chap->s2 to indicate bidirectional authentication
(bsc#1214543).
* nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
* nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
* nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
* nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
* PCI: Free released resource after coalescing (git-fixes).
* platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
* platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-
fixes).
* platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
* platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
(git-fixes).
* platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-
fixes).
* platform/x86: intel_scu_ipc: Check status upon timeout in
ipc_wait_for_interrupt() (git-fixes).
* platform/x86: intel_scu_ipc: Do not override scu in
intel_scu_ipc_dev_simple_command() (git-fixes).
* platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
* powerpc/fadump: make is_kdump_kernel() return false when fadump is active
(bsc#1212639 ltc#202582).
* powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
(bsc#1065729).
* powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
* powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
* printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
* pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
* quota: add new helper dquot_active() (bsc#1214998).
* quota: factor out dquot_write_dquot() (bsc#1214995).
* quota: fix dqput() to follow the guarantees dquot_srcu should provide
(bsc#1214963).
* quota: fix warning in dqgrab() (bsc#1214962).
* quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
* quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
* s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
* s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes
bsc#1215148).
* scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
(git-fixes).
* scsi: 53c700: Check that command slot is not NULL (git-fixes).
* scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
* scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
* scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
* scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
* scsi: lpfc: Early return after marking final NLP_DROPPED flag in
dev_loss_tmo (git-fixes).
* scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-
fixes).
* scsi: lpfc: Modify when a node should be put in device recovery mode during
RSCN (git-fixes).
* scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports
(git-fixes).
* scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
* scsi: qedf: Add synchronization between I/O completions and abort
(bsc#1210658).
* scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
* scsi: qedf: Fix NULL dereference in error handling (git-fixes).
* scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
* scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
* scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
* scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
* scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
* scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-
fixes).
* scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
* scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
* scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
* scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
* scsi: qla2xxx: Remove unused declarations (bsc#1214928).
* scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs()
(bsc#1214928).
* scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
* scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
(git-fixes).
* scsi: scsi_debug: Remove dead code (git-fixes).
* scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
* scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
* scsi: storvsc: Handle additional SRB status values (git-fixes).
* scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
* selftests: tracing: Fix to unmount tracefs for recovering environment (git-
fixes).
* SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
* tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
* tracing: Fix race issue between cpu buffer write and swap (git-fixes).
* tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
* tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
* uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
* udf: Fix extension of the last extent in the file (bsc#1214964).
* udf: Fix file corruption when appending just after end of preallocated
extent (bsc#1214965).
* udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
* udf: Fix uninitialized array access for some pathnames (bsc#1214967).
* uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
* usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
* usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
* usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
* usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
* usb: typec: tcpci: clear the fault status bit (git-fixes).
* usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
* vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
* vhost-scsi: unbreak any layout for response (git-fixes).
* vhost: allow batching hint without size (git-fixes).
* vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
* vhost: handle error while adding split ranges to iotlb (git-fixes).
* virtio_net: add checking sq is full inside xdp xmit (git-fixes).
* virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
* virtio_net: reorder some funcs (git-fixes).
* virtio_net: separate the logic of checking whether sq is full (git-fixes).
* virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
* virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
* virtio-net: fix race between set queues and probe (git-fixes).
* virtio-net: set queues after driver_ok (git-fixes).
* virtio-rng: make device ready before making request (git-fixes).
* virtio: acknowledge all features before access (git-fixes).
* vmcore: remove dependency with is_kdump_kernel() for exporting vmcore
(bsc#1212639 ltc#202582).
* watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
* word-at-a-time: use the same return type for has_zero regardless of
endianness (bsc#1065729).
* x86/alternative: Fix race in try_get_desc() (git-fixes).
* x86/boot/e820: Fix typo in e820.c comment (git-fixes).
* x86/bugs: Reset speculation control settings on init (git-fixes).
* x86/cpu: Add Lunar Lake M (git-fixes).
* x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
* x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-
fixes).
* x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-
fixes).
* x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
* x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
* x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-
fixes).
* x86/mce: Retrieve poison range from hardware (git-fixes).
* x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
* x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
* x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
* x86/purgatory: remove PGO flags (git-fixes).
* x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-
fixes).
* x86/reboot: Disable virtualization in an emergency if SVM is supported (git-
fixes).
* x86/resctl: fix scheduler confusion with 'current' (git-fixes).
* x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
* x86/resctrl: Fix to restore to original value when re-enabling hardware
prefetch register (git-fixes).
* x86/rtc: Remove __init for runtime functions (git-fixes).
* x86/sgx: Reduce delay and interference of enclave release (git-fixes).
* x86/srso: Do not probe microcode in a guest (git-fixes).
* x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
* x86/srso: Fix srso_show_state() side effect (git-fixes).
* x86/srso: Set CPUID feature bits independently of bug or mitigation status
(git-fixes).
* x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
* xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
* xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4072=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-5.14.21-150400.24.92.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.92.1
* gfs2-kmp-default-5.14.21-150400.24.92.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.92.1
* kernel-syms-5.14.21-150400.24.92.1
* kselftests-kmp-default-5.14.21-150400.24.92.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1
* kernel-default-optional-5.14.21-150400.24.92.1
* kernel-default-extra-5.14.21-150400.24.92.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.92.1
* ocfs2-kmp-default-5.14.21-150400.24.92.1
* kernel-default-devel-5.14.21-150400.24.92.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.92.1
* kernel-obs-qa-5.14.21-150400.24.92.1
* kernel-default-debugsource-5.14.21-150400.24.92.1
* dlm-kmp-default-5.14.21-150400.24.92.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.92.1
* kernel-obs-build-debugsource-5.14.21-150400.24.92.1
* kernel-default-livepatch-5.14.21-150400.24.92.1
* kernel-obs-build-5.14.21-150400.24.92.1
* kernel-default-debuginfo-5.14.21-150400.24.92.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.92.1
* reiserfs-kmp-default-5.14.21-150400.24.92.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.92.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.92.1
* kernel-default-livepatch-devel-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-devel-5.14.21-150400.24.92.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.92.1
* kernel-debug-debugsource-5.14.21-150400.24.92.1
* kernel-debug-debuginfo-5.14.21-150400.24.92.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.92.1
* kernel-default-base-rebuild-5.14.21-150400.24.92.1.150400.24.42.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.92.1
* kernel-kvmsmall-devel-5.14.21-150400.24.92.1
* kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.92.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (noarch)
* kernel-docs-html-5.14.21-150400.24.92.1
* kernel-source-5.14.21-150400.24.92.1
* kernel-source-vanilla-5.14.21-150400.24.92.1
* kernel-macros-5.14.21-150400.24.92.1
* kernel-devel-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.92.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (aarch64)
* dtb-allwinner-5.14.21-150400.24.92.1
* dtb-altera-5.14.21-150400.24.92.1
* dtb-marvell-5.14.21-150400.24.92.1
* dtb-apple-5.14.21-150400.24.92.1
* kernel-64kb-devel-5.14.21-150400.24.92.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.92.1
* cluster-md-kmp-64kb-5.14.21-150400.24.92.1
* kernel-64kb-extra-5.14.21-150400.24.92.1
* kselftests-kmp-64kb-5.14.21-150400.24.92.1
* dtb-hisilicon-5.14.21-150400.24.92.1
* kernel-64kb-debugsource-5.14.21-150400.24.92.1
* dtb-freescale-5.14.21-150400.24.92.1
* dtb-apm-5.14.21-150400.24.92.1
* dtb-amd-5.14.21-150400.24.92.1
* dtb-arm-5.14.21-150400.24.92.1
* dtb-qcom-5.14.21-150400.24.92.1
* dtb-rockchip-5.14.21-150400.24.92.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.92.1
* dtb-nvidia-5.14.21-150400.24.92.1
* kernel-64kb-debuginfo-5.14.21-150400.24.92.1
* kernel-64kb-optional-5.14.21-150400.24.92.1
* dtb-amlogic-5.14.21-150400.24.92.1
* dtb-broadcom-5.14.21-150400.24.92.1
* dtb-exynos-5.14.21-150400.24.92.1
* ocfs2-kmp-64kb-5.14.21-150400.24.92.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.92.1
* reiserfs-kmp-64kb-5.14.21-150400.24.92.1
* dlm-kmp-64kb-5.14.21-150400.24.92.1
* dtb-lg-5.14.21-150400.24.92.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1
* dtb-renesas-5.14.21-150400.24.92.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.92.1
* dtb-amazon-5.14.21-150400.24.92.1
* dtb-socionext-5.14.21-150400.24.92.1
* dtb-cavium-5.14.21-150400.24.92.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.92.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.92.1
* dtb-xilinx-5.14.21-150400.24.92.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.92.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.92.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.92.1
* dtb-mediatek-5.14.21-150400.24.92.1
* dtb-sprd-5.14.21-150400.24.92.1
* gfs2-kmp-64kb-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.92.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.92.1
## References:
* https://www.suse.com/security/cve/CVE-2023-1192.html
* https://www.suse.com/security/cve/CVE-2023-1206.html
* https://www.suse.com/security/cve/CVE-2023-1859.html
* https://www.suse.com/security/cve/CVE-2023-2177.html
* https://www.suse.com/security/cve/CVE-2023-39192.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-39194.html
* https://www.suse.com/security/cve/CVE-2023-4155.html
* https://www.suse.com/security/cve/CVE-2023-42753.html
* https://www.suse.com/security/cve/CVE-2023-42754.html
* https://www.suse.com/security/cve/CVE-2023-4389.html
* https://www.suse.com/security/cve/CVE-2023-4563.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-4623.html
* https://www.suse.com/security/cve/CVE-2023-4881.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://www.suse.com/security/cve/CVE-2023-5345.html
* https://bugzilla.suse.com/show_bug.cgi?id=1202845
* https://bugzilla.suse.com/show_bug.cgi?id=1213808
* https://bugzilla.suse.com/show_bug.cgi?id=1214928
* https://bugzilla.suse.com/show_bug.cgi?id=1214940
* https://bugzilla.suse.com/show_bug.cgi?id=1214941
* https://bugzilla.suse.com/show_bug.cgi?id=1214942
* https://bugzilla.suse.com/show_bug.cgi?id=1214943
* https://bugzilla.suse.com/show_bug.cgi?id=1214944
* https://bugzilla.suse.com/show_bug.cgi?id=1214950
* https://bugzilla.suse.com/show_bug.cgi?id=1214951
* https://bugzilla.suse.com/show_bug.cgi?id=1214954
* https://bugzilla.suse.com/show_bug.cgi?id=1214957
* https://bugzilla.suse.com/show_bug.cgi?id=1214986
* https://bugzilla.suse.com/show_bug.cgi?id=1214988
* https://bugzilla.suse.com/show_bug.cgi?id=1214992
* https://bugzilla.suse.com/show_bug.cgi?id=1214993
* https://bugzilla.suse.com/show_bug.cgi?id=1215322
* https://bugzilla.suse.com/show_bug.cgi?id=1215877
* https://bugzilla.suse.com/show_bug.cgi?id=1215894
* https://bugzilla.suse.com/show_bug.cgi?id=1215895
* https://bugzilla.suse.com/show_bug.cgi?id=1215896
* https://bugzilla.suse.com/show_bug.cgi?id=1215911
* https://bugzilla.suse.com/show_bug.cgi?id=1215915
* https://bugzilla.suse.com/show_bug.cgi?id=1215916
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4367-1: important: Security update for apache-ivy
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
# Security update for apache-ivy
Announcement ID: SUSE-SU-2023:4367-1
Rating: important
References:
* bsc#1214422
Cross-References:
* CVE-2022-46751
CVSS scores:
* CVE-2022-46751 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-46751 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for apache-ivy fixes the following issues:
* Upgrade to version 2.5.2 (bsc#1214422)
* CVE-2022-46751: Fixed an XML External Entity Injections that could be
exploited to exfiltrate data, access resources only the machine running Ivy
has access to or disturb the execution of Ivy in different ways.
(bsc#1214422)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4367=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4367=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4367=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4367=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4367=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4367=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4367=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4367=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4367=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4367=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4367=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4367=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* apache-ivy-javadoc-2.5.2-150200.3.9.1
* openSUSE Leap 15.5 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* apache-ivy-javadoc-2.5.2-150200.3.9.1
* Development Tools Module 15-SP4 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* Development Tools Module 15-SP5 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
* SUSE Enterprise Storage 7.1 (noarch)
* apache-ivy-2.5.2-150200.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2022-46751.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214422
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0356-1: moderate: Recommended update for seamonkey
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
openSUSE Recommended Update: Recommended update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0356-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for seamonkey fixes the following issues:
- Fixed building with rust >= 1.48
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-356=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 x86_64):
seamonkey-2.53.17.1-bp155.2.9.1
seamonkey-dom-inspector-2.53.17.1-bp155.2.9.1
seamonkey-irc-2.53.17.1-bp155.2.9.1
References:
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0355-1: moderate: Recommended update for seamonkey
by maintenance@opensuse.org 06 Nov '23
by maintenance@opensuse.org 06 Nov '23
06 Nov '23
openSUSE Recommended Update: Recommended update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0355-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for seamonkey fixes the following issues:
- Fixed building with rust >= 1.48
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-355=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 x86_64):
seamonkey-2.53.17.1-bp154.2.17.1
seamonkey-dom-inspector-2.53.17.1-bp154.2.17.1
seamonkey-irc-2.53.17.1-bp154.2.17.1
References:
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0351-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0351-1
Rating: important
References: #1216363 #1216364 #1216365
Cross-References: CVE-2023-22098 CVE-2023-22099 CVE-2023-22100
CVSS scores:
CVE-2023-22098 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22098 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22099 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2023-22099 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22100 (NVD) : 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
CVE-2023-22100 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for virtualbox fixes the following issues:
- Version bump to VirtualBox 7.0.12 (released October 17 2023 by Oracle)
Fixes the following:
- CVE-2023-22098 (boo#1216363)
- CVE-2023-22099 (boo#1216364)
- CVE-2023-22100 (boo#1216365)
This is a maintenance release. The following items were fixed and/or added:
- VMM: Fixed using a debugger inside the guest under certain circumstances
(bugs #21413 and #21546)
- VMM: Fixed detection of VT-x being used by other hypervisors (bug #21867)
- VMM: Introduced additional improvements in Split Lock Detection feature
of recent Intel CPUs on Linux hosts (bug #20180)
- GUI: Fixed issue when the nested hardware virtualization setting was not
displayed in the VM details panel (bug #21707)
- GUI: Introduced NLS update for Croatian, Indonesian, Italian, Japanese,
Korean, Dutch and Turkish languages as well as added general
look-and-feel improvements
- Devices: Fixed black screen in Windows guests with multiple guest
screens when 3D is disabled (7.0.10 regression)
- Devices: Fixed PCI device identifiers for the VirtIO network interface
(bug #21516)
- Devices: Fixed VLAN support for the VirtIO network interface (bug #21778)
- Devices: Fixed loading saved states when a TPM is configured (7.0.10
regression, bug #21773)
- Networking: Fixed memory leaks in the VBoxIntNetSwitch process on macOS
(bug #21752)
- Networking: Fixed TCP connections with IP addresses ending on .2 when
the NAT network attachment is used (bug #21513)
- VRDP: Added general improvements
- VBoxManage: Added improvements for "list usbfilters" command
- Unattended: Added kick start file support for Oracle Linux 8 and Oracle
Linux 9.
- Main: Added more Linux OS subtypes
- Host Services: Fixed Guest Properties service crash under rare
circumstance
- Linux Host and Guest: Fixed few "field-spanning write" kernel warnings
(bugs #21410 and #21862)
- Linux Guest Additions: Added more fixes for RHEL 8.9 and 9.3 kernel
- Linux Guest Additions: Added more fixes for kernel 6.4
- Linux Guest Additions: Added initial support for OpenSUSE 15.5 kernel
- Linux Guest Additions: Added initial support for kernels 6.5 and 6.6
- Linux Guest Additions: Added version reporting for "rcvboxadd
status-kernel" and "rcvboxadd status-user" commands
- BIOS: Restored support for ISA SCSI HBAs in the BIOS (bug #21736)
- Convert to systemd-sysusers
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2023-351=1
Package List:
- openSUSE Leap 15.4 (x86_64):
python3-virtualbox-7.0.12-lp154.2.43.1
python3-virtualbox-debuginfo-7.0.12-lp154.2.43.1
virtualbox-7.0.12-lp154.2.43.1
virtualbox-debuginfo-7.0.12-lp154.2.43.1
virtualbox-debugsource-7.0.12-lp154.2.43.1
virtualbox-devel-7.0.12-lp154.2.43.1
virtualbox-guest-tools-7.0.12-lp154.2.43.1
virtualbox-guest-tools-debuginfo-7.0.12-lp154.2.43.1
virtualbox-kmp-debugsource-7.0.12-lp154.2.43.1
virtualbox-kmp-default-7.0.12_k5.14.21_150400.24.92-lp154.2.43.1
virtualbox-kmp-default-debuginfo-7.0.12_k5.14.21_150400.24.92-lp154.2.43.1
virtualbox-qt-7.0.12-lp154.2.43.1
virtualbox-qt-debuginfo-7.0.12-lp154.2.43.1
virtualbox-vnc-7.0.12-lp154.2.43.1
virtualbox-websrv-7.0.12-lp154.2.43.1
virtualbox-websrv-debuginfo-7.0.12-lp154.2.43.1
- openSUSE Leap 15.4 (noarch):
virtualbox-guest-desktop-icons-7.0.12-lp154.2.43.1
virtualbox-guest-source-7.0.12-lp154.2.43.1
virtualbox-host-source-7.0.12-lp154.2.43.1
References:
https://www.suse.com/security/cve/CVE-2023-22098.html
https://www.suse.com/security/cve/CVE-2023-22099.html
https://www.suse.com/security/cve/CVE-2023-22100.html
https://bugzilla.suse.com/1216363
https://bugzilla.suse.com/1216364
https://bugzilla.suse.com/1216365
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0352-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0352-1
Rating: important
References: #1215463 #1216363 #1216364 #1216365
Cross-References: CVE-2023-22098 CVE-2023-22099 CVE-2023-22100
CVSS scores:
CVE-2023-22098 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22098 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22099 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2023-22099 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-22100 (NVD) : 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
CVE-2023-22100 (SUSE): 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.5
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for virtualbox fixes the following issues:
- Version bump to VirtualBox 7.0.12 (released October 17 2023 by Oracle)
Fixes the following:
- CVE-2023-22098 (boo#1216363)
- CVE-2023-22099 (boo#1216364)
- CVE-2023-22100 (boo#1216365)
This is a maintenance release. The following items were fixed and/or added:
- VMM: Fixed using a debugger inside the guest under certain circumstances
(bugs #21413 and #21546)
- VMM: Fixed detection of VT-x being used by other hypervisors (bug #21867)
- VMM: Introduced additional improvements in Split Lock Detection feature
of recent Intel CPUs on Linux hosts (bug #20180)
- GUI: Fixed issue when the nested hardware virtualization setting was not
displayed in the VM details panel (bug #21707)
- GUI: Introduced NLS update for Croatian, Indonesian, Italian, Japanese,
Korean, Dutch and Turkish languages as well as added general
look-and-feel improvements
- Devices: Fixed black screen in Windows guests with multiple guest
screens when 3D is disabled (7.0.10 regression)
- Devices: Fixed PCI device identifiers for the VirtIO network interface
(bug #21516)
- Devices: Fixed VLAN support for the VirtIO network interface (bug #21778)
- Devices: Fixed loading saved states when a TPM is configured (7.0.10
regression, bug #21773)
- Networking: Fixed memory leaks in the VBoxIntNetSwitch process on macOS
(bug #21752)
- Networking: Fixed TCP connections with IP addresses ending on .2 when
the NAT network attachment is used (bug #21513)
- VRDP: Added general improvements
- VBoxManage: Added improvements for "list usbfilters" command
- Unattended: Added kick start file support for Oracle Linux 8 and Oracle
Linux 9.
- Main: Added more Linux OS subtypes
- Host Services: Fixed Guest Properties service crash under rare
circumstance
- Linux Host and Guest: Fixed few "field-spanning write" kernel warnings
(bugs #21410 and #21862)
- Linux Guest Additions: Added more fixes for RHEL 8.9 and 9.3 kernel
- Linux Guest Additions: Added more fixes for kernel 6.4
- Linux Guest Additions: Added initial support for OpenSUSE 15.5 kernel
- Linux Guest Additions: Added initial support for kernels 6.5 and 6.6
- Linux Guest Additions: Added version reporting for "rcvboxadd
status-kernel" and "rcvboxadd status-user" commands
- BIOS: Restored support for ISA SCSI HBAs in the BIOS (bug #21736)
- Convert to systemd-sysusers
- Fix problems with 6.5 kernels and shared folders. (boo#1215463).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:
zypper in -t patch openSUSE-2023-352=1
Package List:
- openSUSE Leap 15.5 (noarch):
virtualbox-guest-desktop-icons-7.0.12-lp155.2.13.1
virtualbox-guest-source-7.0.12-lp155.2.13.1
virtualbox-host-source-7.0.12-lp155.2.13.1
- openSUSE Leap 15.5 (x86_64):
python3-virtualbox-7.0.12-lp155.2.13.1
python3-virtualbox-debuginfo-7.0.12-lp155.2.13.1
virtualbox-7.0.12-lp155.2.13.1
virtualbox-debuginfo-7.0.12-lp155.2.13.1
virtualbox-debugsource-7.0.12-lp155.2.13.1
virtualbox-devel-7.0.12-lp155.2.13.1
virtualbox-guest-tools-7.0.12-lp155.2.13.1
virtualbox-guest-tools-debuginfo-7.0.12-lp155.2.13.1
virtualbox-kmp-debugsource-7.0.12-lp155.2.13.1
virtualbox-kmp-default-7.0.12_k5.14.21_150500.55.31-lp155.2.13.1
virtualbox-kmp-default-debuginfo-7.0.12_k5.14.21_150500.55.31-lp155.2.13.1
virtualbox-qt-7.0.12-lp155.2.13.1
virtualbox-qt-debuginfo-7.0.12-lp155.2.13.1
virtualbox-vnc-7.0.12-lp155.2.13.1
virtualbox-websrv-7.0.12-lp155.2.13.1
virtualbox-websrv-debuginfo-7.0.12-lp155.2.13.1
References:
https://www.suse.com/security/cve/CVE-2023-22098.html
https://www.suse.com/security/cve/CVE-2023-22099.html
https://www.suse.com/security/cve/CVE-2023-22100.html
https://bugzilla.suse.com/1215463
https://bugzilla.suse.com/1216363
https://bugzilla.suse.com/1216364
https://bugzilla.suse.com/1216365
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0354-1: important: Security update for opera
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0354-1
Rating: important
References:
Cross-References: CVE-2023-5472
CVSS scores:
CVE-2023-5472 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.5:NonFree
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opera fixes the following issues:
- Update to 104.0.4944.36
* CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118
* DNA-112757 [Tab close button] Close button is cutted when a lot tabs
are opened
- The update to chromium 118.0.5993.118 fixes following issues:
CVE-2023-5472
- Update to 104.0.4944.33
* CHR-9487 Update Chromium on desktop-stable-118-4944 to 118.0.5993.96
* DNA-111963 Show duplicate indicator when hovering tab in tab tooltip
- Changes in 104.0.4944.28
* DNA-112454 [Start Page] No context menu in Search bar using right
button of mouse
* DNA-112053 Context menu is too large on Mac
* DNA-111989 Favicons are displayed too close to titles in history menu
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:NonFree:
zypper in -t patch openSUSE-2023-354=1
Package List:
- openSUSE Leap 15.5:NonFree (x86_64):
opera-104.0.4944.36-lp155.3.18.1
References:
https://www.suse.com/security/cve/CVE-2023-5472.html
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0353-1: important: Security update for opera
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0353-1
Rating: important
References:
Cross-References: CVE-2023-5472
CVSS scores:
CVE-2023-5472 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.4:NonFree
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opera fixes the following issues:
- Update to 104.0.4944.36
* CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118
* DNA-112757 [Tab close button] Close button is cutted when a lot tabs
are opened
- The update to chromium 118.0.5993.118 fixes following issues:
CVE-2023-5472
- Update to 104.0.4944.33
* CHR-9487 Update Chromium on desktop-stable-118-4944 to 118.0.5993.96
* DNA-111963 Show duplicate indicator when hovering tab in tab tooltip
- Changes in 104.0.4944.28
* DNA-112454 [Start Page] No context menu in Search bar using right
button of mouse
* DNA-112053 Context menu is too large on Mac
* DNA-111989 Favicons are displayed too close to titles in history menu
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:NonFree:
zypper in -t patch openSUSE-2023-353=1
Package List:
- openSUSE Leap 15.4:NonFree (x86_64):
opera-104.0.4944.36-lp154.2.59.1
References:
https://www.suse.com/security/cve/CVE-2023-5472.html
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0350-1: moderate: Security update for rubygem-activesupport-5.2
by opensuse-security@opensuse.org 04 Nov '23
by opensuse-security@opensuse.org 04 Nov '23
04 Nov '23
openSUSE Security Update: Security update for rubygem-activesupport-5.2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0350-1
Rating: moderate
References: #1214807
Cross-References: CVE-2023-38037
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-activesupport-5.2 fixes the following issue:
- CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files
(bsc#1214807)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-350=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5.2-5.2.3-bp155.3.5.1
ruby2.5-rubygem-activesupport-doc-5.2-5.2.3-bp155.3.5.1
References:
https://www.suse.com/security/cve/CVE-2023-38037.html
https://bugzilla.suse.com/1214807
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4365-1: moderate: Recommended update for kubernetes1.25
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Recommended update for kubernetes1.25
Announcement ID: SUSE-RU-2023:4365-1
Rating: moderate
References:
* bsc#1214406
* jsc#PED-5839
Affected Products:
* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains one feature and has one fix can now be installed.
## Description:
This update for kubernetes1.25 fixes the following issues:
This update ships the kubernetes1.25-client package. (jsc#PED-5839)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4365=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4365=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4365=1 openSUSE-SLE-15.4-2023-4365=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4365=1
## Package List:
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-kubelet-common-1.25.14-150400.9.3.2
* kubernetes1.25-apiserver-1.25.14-150400.9.3.2
* kubernetes1.25-kubelet-1.25.14-150400.9.3.2
* kubernetes1.25-controller-manager-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
* kubernetes1.25-scheduler-1.25.14-150400.9.3.2
* kubernetes1.25-kubeadm-1.25.14-150400.9.3.2
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-proxy-1.25.14-150400.9.3.2
* openSUSE Leap 15.4 (noarch)
* kubernetes1.25-client-bash-completion-1.25.14-150400.9.3.2
* kubernetes1.25-client-fish-completion-1.25.14-150400.9.3.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-1.25.14-150400.9.3.2
* kubernetes1.25-client-common-1.25.14-150400.9.3.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1214406
* https://jira.suse.com/browse/PED-5839
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4366-1: moderate: Recommended update for kubernetes1.26
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Recommended update for kubernetes1.26
Announcement ID: SUSE-RU-2023:4366-1
Rating: moderate
References:
* bsc#1213829
* bsc#1214406
* jsc#PED-5839
Affected Products:
* Containers Module 15-SP4
* Containers Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains one feature and has two fixes can now be installed.
## Description:
This update for kubernetes1.26 fixes the following issues:
This update ships the kubernetes1.26-client package. (jsc#PED-5839)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4366=1 openSUSE-SLE-15.4-2023-4366=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4366=1
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4366=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4366=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-kubelet-common-1.26.9-150400.9.3.2
* kubernetes1.26-proxy-1.26.9-150400.9.3.2
* kubernetes1.26-controller-manager-1.26.9-150400.9.3.2
* kubernetes1.26-kubelet-1.26.9-150400.9.3.2
* kubernetes1.26-scheduler-1.26.9-150400.9.3.2
* kubernetes1.26-apiserver-1.26.9-150400.9.3.2
* kubernetes1.26-kubeadm-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
* kubernetes1.26-client-1.26.9-150400.9.3.2
* openSUSE Leap 15.4 (noarch)
* kubernetes1.26-client-bash-completion-1.26.9-150400.9.3.2
* kubernetes1.26-client-fish-completion-1.26.9-150400.9.3.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
* Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.9-150400.9.3.2
* kubernetes1.26-client-common-1.26.9-150400.9.3.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1213829
* https://bugzilla.suse.com/show_bug.cgi?id=1214406
* https://jira.suse.com/browse/PED-5839
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0349-1: Security update for rubygem-railties-5.2
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
openSUSE Recommended Update: Security update for rubygem-railties-5.2
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0349-1
Rating: low
References: #1214807
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-railties-5.2 fixes the following issue:
- CVE-2023-38037: Fixed File Disclosure of Locally Encrypted [bsc#1214807]
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-349=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
ruby2.5-rubygem-railties-5.2-5.2.3-bp155.3.3.1
ruby2.5-rubygem-railties-doc-5.2-5.2.3-bp155.3.3.1
References:
https://www.suse.com/security/cve/CVE-2023-38037.html
https://bugzilla.suse.com/1214807
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0348-1: moderate: Recommended update for yast2-theme
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
openSUSE Recommended Update: Recommended update for yast2-theme
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0348-1
Rating: moderate
References:
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update of yast2-theme provides a rebuild of yast2 theme, no other
changes.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2023-348=1
Package List:
- openSUSE Leap 15.4 (noarch):
yast2-theme-4.4.4-lp154.2.10.1
yast2-theme-breeze-4.4.4-lp154.2.10.1
yast2-theme-oxygen-4.4.4-lp154.2.10.1
References:
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4360-1: important: Security update for gstreamer-plugins-bad
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2023:4360-1
Rating: important
References:
* bsc#1215793
Cross-References:
* CVE-2023-40474
CVSS scores:
* CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Desktop Applications Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues:
* CVE-2023-40474: Fixed a remote code execution issue due to improper parsing
of H265 encoded video files (bsc#1215793).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4360=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4360=1
* Desktop Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4360=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4360=1
## Package List:
* openSUSE Leap 15.4 (x86_64)
* libgstplayer-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstplay-1_0-0-32bit-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-32bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstplay-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-32bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstva-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-32bit-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstva-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-32bit-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-32bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-32bit-1.20.1-150400.3.6.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1
* libgstplay-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstVulkanWayland-1_0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-1.20.1-150400.3.6.1
* libgsttranscoder-1_0-0-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstVulkanXCB-1_0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1
* gstreamer-transcoder-devel-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-transcoder-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-1.20.1-150400.3.6.1
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstTranscoder-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstVulkan-1_0-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1
* gstreamer-transcoder-debuginfo-1.20.1-150400.3.6.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* gstreamer-plugins-bad-64bit-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-64bit-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-64bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstva-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-64bit-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstva-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-64bit-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-150400.3.6.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgstplay-1_0-0-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplay-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstplayer-1_0-0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* libgstphotography-1_0-0-1.20.1-150400.3.6.1
* Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgstadaptivedemux-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-1.20.1-150400.3.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-1.20.1-150400.3.6.1
* libgstmpegts-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-1.20.1-150400.3.6.1
* libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.6.1
* typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.6.1
* libgstcodecs-1_0-0-1.20.1-150400.3.6.1
* libgstva-1_0-0-debuginfo-1.20.1-150400.3.6.1
* typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.6.1
* libgstwayland-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgsturidownloader-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-devel-1.20.1-150400.3.6.1
* libgstbadaudio-1_0-0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
* libgstisoff-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstsctp-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstwebrtc-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstinsertbin-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.20.1-150400.3.6.1
* libgstvulkan-1_0-0-1.20.1-150400.3.6.1
* typelib-1_0-GstPlay-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.6.1
* Desktop Applications Module 15-SP4 (noarch)
* gstreamer-plugins-bad-lang-1.20.1-150400.3.6.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-1.20.1-150400.3.6.1
* libgsttranscoder-1_0-0-debuginfo-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debugsource-1.20.1-150400.3.6.1
* gstreamer-plugins-bad-debuginfo-1.20.1-150400.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40474.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215793
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4361-1: important: Security update for gstreamer-plugins-bad
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2023:4361-1
Rating: important
References:
* bsc#1215793
Cross-References:
* CVE-2023-40474
CVSS scores:
* CVE-2023-40474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issues:
* CVE-2023-40474: Fixed a remote code execution issue due to improper parsing
of H265 encoded video files (bsc#1215793).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4361=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4361=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4361=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4361=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4361=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4361=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-plugins-bad-doc-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* openSUSE Leap 15.3 (x86_64)
* libgstplayer-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-32bit-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-32bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-32bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-32bit-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-32bit-1.16.3-150300.9.9.1
* openSUSE Leap 15.3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-64bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-64bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-64bit-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-64bit-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-64bit-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-64bit-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* gstreamer-plugins-bad-debugsource-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-devel-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-debuginfo-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstInsertBin-1_0-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgsturidownloader-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstwebrtc-1_0-0-1.16.3-150300.9.9.1
* libgstisoff-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstWebRTC-1_0-1.16.3-150300.9.9.1
* libgstwayland-1_0-0-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-debuginfo-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-1.16.3-150300.9.9.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstsctp-1_0-0-debuginfo-1.16.3-150300.9.9.1
* typelib-1_0-GstPlayer-1_0-1.16.3-150300.9.9.1
* libgstplayer-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstadaptivedemux-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstcodecparsers-1_0-0-1.16.3-150300.9.9.1
* libgstbasecamerabinsrc-1_0-0-1.16.3-150300.9.9.1
* libgstbadaudio-1_0-0-debuginfo-1.16.3-150300.9.9.1
* libgstinsertbin-1_0-0-1.16.3-150300.9.9.1
* libgstphotography-1_0-0-1.16.3-150300.9.9.1
* typelib-1_0-GstMpegts-1_0-1.16.3-150300.9.9.1
* libgstmpegts-1_0-0-debuginfo-1.16.3-150300.9.9.1
* SUSE Enterprise Storage 7.1 (noarch)
* gstreamer-plugins-bad-lang-1.16.3-150300.9.9.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40474.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215793
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
03 Nov '23
# Security update for poppler
Announcement ID: SUSE-SU-2023:4363-1
Rating: moderate
References:
* bsc#1213888
* bsc#1214726
Cross-References:
* CVE-2022-37052
* CVE-2023-34872
CVSS scores:
* CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-34872 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-34872 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for poppler fixes the following issues:
* CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted
file (bsc#1214726).
* CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc
(bsc#1213888).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4363=1 openSUSE-SLE-15.4-2023-4363=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4363=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4363=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4363=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler-devel-22.01.0-150400.3.16.1
* libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt6-3-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt6-devel-22.01.0-150400.3.16.1
* poppler-tools-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1
* poppler-qt6-debugsource-22.01.0-150400.3.16.1
* poppler-tools-22.01.0-150400.3.16.1
* libpoppler-cpp0-22.01.0-150400.3.16.1
* poppler-qt5-debugsource-22.01.0-150400.3.16.1
* libpoppler117-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt6-3-22.01.0-150400.3.16.1
* libpoppler-glib8-22.01.0-150400.3.16.1
* libpoppler-qt5-1-22.01.0-150400.3.16.1
* libpoppler-glib-devel-22.01.0-150400.3.16.1
* libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1
* libpoppler117-22.01.0-150400.3.16.1
* typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1
* libpoppler-qt5-devel-22.01.0-150400.3.16.1
* openSUSE Leap 15.4 (x86_64)
* libpoppler-qt5-1-32bit-22.01.0-150400.3.16.1
* libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-32bit-22.01.0-150400.3.16.1
* libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-glib8-32bit-22.01.0-150400.3.16.1
* libpoppler117-32bit-22.01.0-150400.3.16.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpoppler-glib8-64bit-22.01.0-150400.3.16.1
* libpoppler117-64bit-22.01.0-150400.3.16.1
* libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt5-1-64bit-22.01.0-150400.3.16.1
* libpoppler-cpp0-64bit-22.01.0-150400.3.16.1
* libpoppler117-64bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.16.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler-devel-22.01.0-150400.3.16.1
* libpoppler-glib8-debuginfo-22.01.0-150400.3.16.1
* poppler-tools-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1
* poppler-tools-22.01.0-150400.3.16.1
* libpoppler-cpp0-22.01.0-150400.3.16.1
* libpoppler117-debuginfo-22.01.0-150400.3.16.1
* libpoppler-glib8-22.01.0-150400.3.16.1
* libpoppler-glib-devel-22.01.0-150400.3.16.1
* libpoppler117-22.01.0-150400.3.16.1
* typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler-devel-22.01.0-150400.3.16.1
* libpoppler-cpp0-debuginfo-22.01.0-150400.3.16.1
* libpoppler-cpp0-22.01.0-150400.3.16.1
* poppler-qt5-debugsource-22.01.0-150400.3.16.1
* libpoppler-qt5-1-22.01.0-150400.3.16.1
* libpoppler-qt5-1-debuginfo-22.01.0-150400.3.16.1
* libpoppler-qt5-devel-22.01.0-150400.3.16.1
* SUSE Package Hub 15 15-SP4 (x86_64)
* libpoppler-glib8-32bit-22.01.0-150400.3.16.1
* libpoppler117-32bit-debuginfo-22.01.0-150400.3.16.1
* libpoppler117-32bit-22.01.0-150400.3.16.1
* libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.16.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* poppler-debugsource-22.01.0-150400.3.16.1
* libpoppler117-22.01.0-150400.3.16.1
* libpoppler117-debuginfo-22.01.0-150400.3.16.1
## References:
* https://www.suse.com/security/cve/CVE-2022-37052.html
* https://www.suse.com/security/cve/CVE-2023-34872.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213888
* https://bugzilla.suse.com/show_bug.cgi?id=1214726
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4357-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
by maintenance@opensuse.org 03 Nov '23
by maintenance@opensuse.org 03 Nov '23
03 Nov '23
# Security update for kubevirt, virt-api-container, virt-controller-container,
virt-handler-container, virt-launcher-container, virt-libguestfs-tools-
container, virt-operator-container
Announcement ID: SUSE-SU-2023:4357-1
Rating: important
References:
Affected Products:
* Containers Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that can now be installed.
## Description:
This update for kubevirt, virt-api-container, virt-controller-container, virt-
handler-container, virt-launcher-container, virt-libguestfs-tools-container,
virt-operator-container fixes the following issues:
kubevirt is rebuilt against the current GO security release.
* Set cache mode on hotplugged disks
* Delete VMI prior to NFS server pod in tests
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4357=1 openSUSE-SLE-15.4-2023-4357=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4357=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4357=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4357=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4357=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4357=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4357=1
* Containers Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-4357=1
## Package List:
* openSUSE Leap 15.4 (x86_64)
* kubevirt-virt-handler-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-tests-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-api-0.54.0-150400.3.23.1
* kubevirt-virt-controller-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-launcher-0.54.0-150400.3.23.1
* kubevirt-container-disk-0.54.0-150400.3.23.1
* kubevirt-virt-api-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-tests-0.54.0-150400.3.23.1
* kubevirt-virt-controller-0.54.0-150400.3.23.1
* kubevirt-virt-operator-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.23.1
* obs-service-kubevirt_containers_meta-0.54.0-150400.3.23.1
* kubevirt-virt-handler-debuginfo-0.54.0-150400.3.23.1
* kubevirt-virt-operator-0.54.0-150400.3.23.1
* kubevirt-container-disk-debuginfo-0.54.0-150400.3.23.1
* openSUSE Leap Micro 5.3 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* openSUSE Leap Micro 5.4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
* Containers Module 15-SP4 (x86_64)
* kubevirt-virtctl-0.54.0-150400.3.23.1
* kubevirt-manifests-0.54.0-150400.3.23.1
* kubevirt-virtctl-debuginfo-0.54.0-150400.3.23.1
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4351-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4351-1
Rating: important
References:
* bsc#1211307
* bsc#1212423
* bsc#1213772
* bsc#1215955
* bsc#1216062
* bsc#1216512
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-45862
* CVE-2023-46813
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4
An update that solves eight vulnerabilities can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed a local privilege escalation with user-space programs
that have access to MMIO regions (bsc#1212649).
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* Fix metadata references
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes).
* Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
* USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* USB: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio:Â Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* quota: Fix slow quotaoff (bsc#1216621).
* r8152: check budget for r8152_poll() (git-fixes).
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4351=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4351=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4351=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4351=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4351=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4351=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4351=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-4351=1
* SUSE Real Time Module 15-SP4
zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-4351=1
## Package List:
* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* openSUSE Leap 15.4 (x86_64)
* kernel-rt_debug-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-5.14.21-150400.15.59.1
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* dlm-kmp-rt-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt-devel-5.14.21-150400.15.59.1
* kernel-syms-rt-5.14.21-150400.15.59.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.59.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.59.1
* kernel-source-rt-5.14.21-150400.15.59.1
* openSUSE Leap 15.4 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150400.15.59.1
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_59-rt-debuginfo-1-150400.1.3.1
* kernel-livepatch-SLE15-SP4-RT_Update_15-debugsource-1-150400.1.3.1
* kernel-livepatch-5_14_21-150400_15_59-rt-1-150400.1.3.1
* SUSE Real Time Module 15-SP4 (x86_64)
* kernel-rt_debug-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-devel-5.14.21-150400.15.59.1
* kernel-rt-debugsource-5.14.21-150400.15.59.1
* dlm-kmp-rt-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-5.14.21-150400.15.59.1
* kernel-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt-devel-5.14.21-150400.15.59.1
* kernel-syms-rt-5.14.21-150400.15.59.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.59.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.59.1
* gfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-5.14.21-150400.15.59.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.59.1
* SUSE Real Time Module 15-SP4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.59.1
* kernel-source-rt-5.14.21-150400.15.59.1
* SUSE Real Time Module 15-SP4 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150400.15.59.1
* kernel-rt-5.14.21-150400.15.59.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0346-1: moderate: Recommended update for python-yamllint
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
openSUSE Recommended Update: Recommended update for python-yamllint
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0346-1
Rating: moderate
References: #1151703 #1216677
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for python-yamllint fixes the following issues:
- Add python-setuptools requirement needed for entrypoints (boo#1151703,
boo#1216677)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-346=1
Package List:
- openSUSE Backports SLE-15-SP4 (noarch):
python3-yamllint-1.22.1-bp154.2.3.1
References:
https://bugzilla.suse.com/1151703
https://bugzilla.suse.com/1216677
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
openSUSE-RU-2023:0347-1: moderate: Recommended update for python-yamllint
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
openSUSE Recommended Update: Recommended update for python-yamllint
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0347-1
Rating: moderate
References: #1151703 #1216677
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for python-yamllint fixes the following issues:
- Add python-setuptools requirement needed for entrypoints (boo#1151703,
boo#1216677)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-347=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
python3-yamllint-1.22.1-bp155.3.3.1
References:
https://bugzilla.suse.com/1151703
https://bugzilla.suse.com/1216677
1
0
![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE-SU-2023:0345-1: important: Security update for roundcubemail
by opensuse-security@opensuse.org 02 Nov '23
by opensuse-security@opensuse.org 02 Nov '23
02 Nov '23
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0345-1
Rating: important
References: #1216429
Cross-References: CVE-2023-5631
CVSS scores:
CVE-2023-5631 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2023-5631 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for roundcubemail fixes the following issues:
Update to version 1.6.4 (boo#1216429):
* CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG
in HTML messages
* Fix PHP8 warnings
* Fix default 'mime.types' path on Windows
* Managesieve: Fix javascript error when relational or spamtest extension
is not enabled
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-345=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
roundcubemail-1.6.4-bp155.2.6.1
References:
https://www.suse.com/security/cve/CVE-2023-5631.html
https://bugzilla.suse.com/1216429
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4342-1: moderate: Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-
driver-G06-signed
Announcement ID: SUSE-RU-2023:4342-1
Rating: moderate
References:
* bsc#1211892
* jsc#PED-4964
* jsc#PED-7112
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains two features and has one fix can now be installed.
## Description:
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
* Update to version 535.113.01
* post install scripts:
* add/remove nosimplefb=1 kernel option in order to fix Linux console also on
sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support
* Add a devel package so other modules can be built against this one.
[jira#PED-4964]
* disabled build of nvidia-peermem module; it's no longer needed and never
worked anyway (it was only a stub) [boo#1211892]
* preamble: added conflict to nvidia-gfxG05-kmp to prevent users from
accidently installing conflicting proprietary kernelspace drivers from CUDA
repository
Changes in kernel-firmware-nvidia-gspx-G06:
* update firmware to version 535.113.01
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4342=1 openSUSE-SLE-15.4-2023-4342=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4342=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4342=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4342=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4342=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4342=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4342=1
## Package List:
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* openSUSE Leap 15.4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-azure-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-azure-devel-535.113.01-150400.9.24.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* openSUSE Leap 15.4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-64kb-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-64kb-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* Basesystem Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1
* Basesystem Module 15-SP4 (aarch64)
* nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-64kb-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-64kb-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* Basesystem Module 15-SP4 (aarch64 x86_64)
* nvidia-open-driver-G06-signed-kmp-default-debuginfo-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* nvidia-open-driver-G06-signed-debugsource-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1
* Public Cloud Module 15-SP4 (x86_64)
* nvidia-open-driver-G06-signed-kmp-azure-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-kmp-azure-debuginfo-535.113.01_k5.14.21_150400.14.69-150400.9.24.1
* nvidia-open-driver-G06-signed-azure-devel-535.113.01-150400.9.24.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1211892
* https://jira.suse.com/browse/PED-4964
* https://jira.suse.com/browse/PED-7112
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-RU-2023:4344-1: moderate: Recommended update for nodejs20
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Recommended update for nodejs20
Announcement ID: SUSE-RU-2023:4344-1
Rating: moderate
References:
* jsc#PED-4819
* jsc#PED-7088
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Web and Scripting Module 15-SP5
An update that contains two features can now be installed.
## Description:
This update for nodejs20 fixes the following issues:
This update provides nodejs 20 in version 20.8.1.
For overview of changes and details since 19.x and earlier see:
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20…
* Permission Model
Node.js now has an experimental feature called the Permission Model. It allows
developers to restrict access to specific resources during program execution,
such as file system operations, child process spawning, and worker thread
creation. The API exists behind a flag \--experimental-permission which when
enabled will restrict access to all available permissions. By using this
feature, developers can prevent their applications from accessing or modifying
sensitive data or running potentially harmful code. More information about the
Permission Model can be found in the Node.js documentation.
The Permission Model was a contribution by Rafael Gonzaga in #44004.
* Custom ESM loader hooks run on dedicated thread
ESM hooks supplied via loaders (--experimental-loader=foo.mjs) now run in a
dedicated thread, isolated from the main thread. This provides a separate scope
for loaders and ensures no cross-contamination between loaders and application
code.
* Synchronous import.meta.resolve()
In alignment with browser behavior, this function now returns synchronously.
Despite this, user loader resolve hooks can still be defined as async functions
(or as sync functions, if the author prefers). Even when there are async resolve
hooks loaded, import.meta.resolve will still return synchronously for
application code.
Contributed by Anna Henningsen, Antoine du Hamel, Geoffrey Booth, Guy Bedford,
Jacob Smith, and Michaël Zasso in #44710
* V8 11.3
The V8 engine is updated to version 11.3, which is part of Chromium 113. This
version includes three new features to the JavaScript API:
String.prototype.isWellFormed and toWellFormed Methods that change Array and
TypedArray by copy Resizable ArrayBuffer and growable SharedArrayBuffer RegExp v
flag with set notation + properties of strings WebAssembly Tail Call
The V8 update was a contribution by Michaël Zasso in #47251.
* Stable Test Runner
The recent update to Node.js, version 20, includes an important change to the
test_runner module. The module has been marked as stable after a recent update.
Previously, the test_runner module was experimental, but this change marks it as
a stable module that is ready for production use.
Contributed by Colin Ihrig in #46983
* Ada 2.0
Node.js v20 comes with the latest version of the URL parser, Ada. This update
brings significant performance improvements to URL parsing, including
enhancements to the url.domainToASCII and url.domainToUnicode functions in
node:url.
Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts
of the application can benefit from the improved performance. Additionally, Ada
2.0 features a significant performance boost over its predecessor, Ada 1.0.4,
while also eliminating the need for the ICU requirement for URL hostname
parsing.
Contributed by Yagiz Nizipli and Daniel Lemire in #47339
* Preparing single executable apps now requires injecting a Blob
Building a single executable app now requires injecting a blob prepared by
Node.js from a JSON config instead of injecting the raw JS file. This opens up
the possibility of embedding multiple co-existing resources into the SEA (Single
Executable Apps).
Contributed by Joyee Cheung in #47125
* Web Crypto API
Web Crypto API functions' arguments are now coerced and validated as per their
WebIDL definitions like in other Web Crypto API implementations. This further
improves interoperability with other implementations of Web Crypto API.
This change was made by Filip Skokan in #46067.
* WASI version must now be specified
When new WASI() is called, the version option is now required and has no default
value. Any code that relied on the default for the version will need to be
updated to request a specific version.
This change was made by Michael Dawson in #47391.
* Deprecations and Removals
* (SEMVER-MAJOR) url: runtime-deprecate url.parse() with invalid ports (Rich
Trott) #45526
url.parse() accepts URLs with ports that are not numbers. This behavior might
result in host name spoofing with unexpected input. These URLs will throw an
error in future versions of Node.js, as the WHATWG URL API does already.
Starting with Node.js 20, these URLS cause url.parse() to emit a warning.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4344=1 openSUSE-SLE-15.5-2023-4344=1
* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4344=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* nodejs20-20.8.1-150500.11.3.1
* nodejs20-debugsource-20.8.1-150500.11.3.1
* nodejs20-devel-20.8.1-150500.11.3.1
* npm20-20.8.1-150500.11.3.1
* nodejs20-debuginfo-20.8.1-150500.11.3.1
* corepack20-20.8.1-150500.11.3.1
* openSUSE Leap 15.5 (noarch)
* nodejs20-docs-20.8.1-150500.11.3.1
* Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* nodejs20-20.8.1-150500.11.3.1
* nodejs20-debugsource-20.8.1-150500.11.3.1
* nodejs20-devel-20.8.1-150500.11.3.1
* npm20-20.8.1-150500.11.3.1
* nodejs20-debuginfo-20.8.1-150500.11.3.1
* Web and Scripting Module 15-SP5 (noarch)
* nodejs20-docs-20.8.1-150500.11.3.1
## References:
* https://jira.suse.com/browse/PED-4819
* https://jira.suse.com/browse/PED-7088
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4345-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4345-1
Rating: important
References:
* bsc#1208788
* bsc#1210778
* bsc#1211307
* bsc#1212423
* bsc#1212649
* bsc#1213705
* bsc#1214842
* bsc#1215095
* bsc#1215104
* bsc#1215518
* bsc#1215745
* bsc#1215768
* bsc#1215860
* bsc#1215955
* bsc#1215986
* bsc#1216046
* bsc#1216051
* bsc#1216062
* bsc#1216345
* bsc#1216510
* bsc#1216511
* bsc#1216512
* bsc#1216621
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39193
* CVE-2023-45862
* CVE-2023-46813
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves nine vulnerabilities and has 14 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed an incorrect access checking in the VC handler and
instruction emulation of the SEV-ES emulation of MMIO accesses that could
lead to arbitrary write access to kernel memory. (bsc#1212649)
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* quota: Fix slow quotaoff (bsc#1216621).
* r8152: check budget for r8152_poll() (git-fixes).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4345=1 openSUSE-SLE-15.4-2023-4345=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4345=1
## Package List:
* openSUSE Leap 15.4 (aarch64 x86_64)
* gfs2-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-extra-5.14.21-150400.14.72.1
* kernel-azure-extra-debuginfo-5.14.21-150400.14.72.1
* kselftests-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-debuginfo-5.14.21-150400.14.72.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-devel-5.14.21-150400.14.72.1
* reiserfs-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-optional-debuginfo-5.14.21-150400.14.72.1
* dlm-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-livepatch-devel-5.14.21-150400.14.72.1
* ocfs2-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-optional-5.14.21-150400.14.72.1
* dlm-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-debugsource-5.14.21-150400.14.72.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* kselftests-kmp-azure-debuginfo-5.14.21-150400.14.72.1
* cluster-md-kmp-azure-5.14.21-150400.14.72.1
* kernel-syms-azure-5.14.21-150400.14.72.1
* gfs2-kmp-azure-5.14.21-150400.14.72.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.72.1
* openSUSE Leap 15.4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.72.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.72.1
* kernel-source-azure-5.14.21-150400.14.72.1
* Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
* kernel-azure-5.14.21-150400.14.72.1
* Public Cloud Module 15-SP4 (aarch64 x86_64)
* kernel-syms-azure-5.14.21-150400.14.72.1
* kernel-azure-devel-5.14.21-150400.14.72.1
* kernel-azure-debugsource-5.14.21-150400.14.72.1
* kernel-azure-debuginfo-5.14.21-150400.14.72.1
* kernel-azure-devel-debuginfo-5.14.21-150400.14.72.1
* Public Cloud Module 15-SP4 (noarch)
* kernel-devel-azure-5.14.21-150400.14.72.1
* kernel-source-azure-5.14.21-150400.14.72.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1212423
* https://bugzilla.suse.com/show_bug.cgi?id=1212649
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1214842
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215104
* https://bugzilla.suse.com/show_bug.cgi?id=1215518
* https://bugzilla.suse.com/show_bug.cgi?id=1215745
* https://bugzilla.suse.com/show_bug.cgi?id=1215768
* https://bugzilla.suse.com/show_bug.cgi?id=1215860
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1215986
* https://bugzilla.suse.com/show_bug.cgi?id=1216046
* https://bugzilla.suse.com/show_bug.cgi?id=1216051
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216345
* https://bugzilla.suse.com/show_bug.cgi?id=1216510
* https://bugzilla.suse.com/show_bug.cgi?id=1216511
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
* https://bugzilla.suse.com/show_bug.cgi?id=1216621
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4348-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4348-1
Rating: important
References:
* bsc#1210778
* bsc#1210853
* bsc#1212051
* bsc#1214842
* bsc#1215095
* bsc#1215467
* bsc#1215518
* bsc#1215745
* bsc#1215858
* bsc#1215860
* bsc#1215861
* bsc#1216046
* bsc#1216051
* bsc#1216134
Cross-References:
* CVE-2023-2163
* CVE-2023-31085
* CVE-2023-3111
* CVE-2023-34324
* CVE-2023-3777
* CVE-2023-39189
* CVE-2023-39192
* CVE-2023-39193
* CVE-2023-39194
* CVE-2023-42754
* CVE-2023-45862
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3777 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves 11 vulnerabilities and has three security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate
in fs/btrfs/relocation.c (bsc#1212051).
* CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem
(bsc#1215861).
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
* CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that
could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4348=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4348=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4348=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-4348=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4348=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4348=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4348=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4348=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4348=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-4348=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4348=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4348=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4348=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4348=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4348=1
## Package List:
* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-source-vanilla-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-docs-html-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-debug-5.3.18-150300.59.141.2
* kernel-kvmsmall-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-debug-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-debug-devel-5.3.18-150300.59.141.2
* kernel-debug-debuginfo-5.3.18-150300.59.141.2
* kernel-debug-livepatch-devel-5.3.18-150300.59.141.2
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.141.2
* kernel-kvmsmall-devel-5.3.18-150300.59.141.2
* kernel-debug-debugsource-5.3.18-150300.59.141.2
* kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.141.2
* kernel-kvmsmall-debugsource-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-5.3.18-150300.59.141.2
* kselftests-kmp-default-5.3.18-150300.59.141.2
* kernel-default-extra-debuginfo-5.3.18-150300.59.141.2
* dlm-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-extra-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-livepatch-5.3.18-150300.59.141.2
* kernel-obs-qa-5.3.18-150300.59.141.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-optional-debuginfo-5.3.18-150300.59.141.2
* gfs2-kmp-default-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* kernel-default-base-rebuild-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-optional-5.3.18-150300.59.141.2
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-livepatch-devel-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* dlm-kmp-default-5.3.18-150300.59.141.2
* ocfs2-kmp-default-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP3_Update_38-debugsource-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_141-default-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_141-default-debuginfo-1-150300.7.3.2
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_141-preempt-1-150300.7.3.2
* kernel-livepatch-5_3_18-150300_59_141-preempt-debuginfo-1-150300.7.3.2
* openSUSE Leap 15.3 (aarch64 x86_64)
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-preempt-5.3.18-150300.59.141.2
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kselftests-kmp-preempt-5.3.18-150300.59.141.2
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-optional-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-livepatch-devel-5.3.18-150300.59.141.2
* dlm-kmp-preempt-5.3.18-150300.59.141.2
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-extra-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* gfs2-kmp-preempt-5.3.18-150300.59.141.2
* reiserfs-kmp-preempt-5.3.18-150300.59.141.2
* cluster-md-kmp-preempt-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.141.1
* openSUSE Leap 15.3 (aarch64)
* reiserfs-kmp-64kb-5.3.18-150300.59.141.2
* kselftests-kmp-64kb-5.3.18-150300.59.141.2
* gfs2-kmp-64kb-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.141.2
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-livepatch-devel-5.3.18-150300.59.141.2
* kernel-64kb-optional-5.3.18-150300.59.141.2
* dtb-al-5.3.18-150300.59.141.1
* dtb-exynos-5.3.18-150300.59.141.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* dtb-xilinx-5.3.18-150300.59.141.1
* ocfs2-kmp-64kb-5.3.18-150300.59.141.2
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.141.2
* dtb-cavium-5.3.18-150300.59.141.1
* dtb-apm-5.3.18-150300.59.141.1
* dtb-arm-5.3.18-150300.59.141.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* dtb-altera-5.3.18-150300.59.141.1
* dtb-rockchip-5.3.18-150300.59.141.1
* kernel-64kb-devel-5.3.18-150300.59.141.2
* dtb-broadcom-5.3.18-150300.59.141.1
* dtb-zte-5.3.18-150300.59.141.1
* dtb-amd-5.3.18-150300.59.141.1
* dlm-kmp-64kb-5.3.18-150300.59.141.2
* cluster-md-kmp-64kb-5.3.18-150300.59.141.2
* dtb-renesas-5.3.18-150300.59.141.1
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* dtb-marvell-5.3.18-150300.59.141.1
* dtb-amlogic-5.3.18-150300.59.141.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* dtb-freescale-5.3.18-150300.59.141.1
* dtb-hisilicon-5.3.18-150300.59.141.1
* dtb-socionext-5.3.18-150300.59.141.1
* dtb-sprd-5.3.18-150300.59.141.1
* dtb-qcom-5.3.18-150300.59.141.1
* dtb-allwinner-5.3.18-150300.59.141.1
* kernel-64kb-extra-5.3.18-150300.59.141.2
* dtb-nvidia-5.3.18-150300.59.141.1
* dtb-mediatek-5.3.18-150300.59.141.1
* dtb-lg-5.3.18-150300.59.141.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.141.2
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.3.18-150300.59.141.1
* openSUSE Leap 15.4 (aarch64)
* dtb-al-5.3.18-150300.59.141.1
* dtb-zte-5.3.18-150300.59.141.1
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-livepatch-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-livepatch-5_3_18-150300_59_141-default-1-150300.7.3.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.141.2
* gfs2-kmp-default-5.3.18-150300.59.141.2
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* cluster-md-kmp-default-5.3.18-150300.59.141.2
* dlm-kmp-default-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* ocfs2-kmp-default-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* dlm-kmp-default-debuginfo-5.3.18-150300.59.141.2
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* SUSE Manager Proxy 4.2 (nosrc x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Manager Proxy 4.2 (x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Proxy 4.2 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* SUSE Manager Retail Branch Server 4.2 (nosrc x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Retail Branch Server 4.2 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* SUSE Manager Server 4.2 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (s390x)
* kernel-zfcpdump-debugsource-5.3.18-150300.59.141.2
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Manager Server 4.2 (x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-devel-5.3.18-150300.59.141.2
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debuginfo-5.3.18-150300.59.141.2
* kernel-64kb-debugsource-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-default-5.3.18-150300.59.141.2
* kernel-preempt-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-default-devel-5.3.18-150300.59.141.2
* kernel-obs-build-5.3.18-150300.59.141.2
* kernel-preempt-debuginfo-5.3.18-150300.59.141.2
* reiserfs-kmp-default-5.3.18-150300.59.141.2
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-preempt-devel-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* kernel-preempt-debugsource-5.3.18-150300.59.141.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.141.2
* kernel-obs-build-debugsource-5.3.18-150300.59.141.2
* kernel-syms-5.3.18-150300.59.141.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-devel-debuginfo-5.3.18-150300.59.141.2
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-devel-5.3.18-150300.59.141.1
* kernel-macros-5.3.18-150300.59.141.1
* kernel-source-5.3.18-150300.59.141.1
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.141.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.141.2.150300.18.82.2
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.3.18-150300.59.141.2
* kernel-default-debugsource-5.3.18-150300.59.141.2
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-3111.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39192.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-39194.html
* https://www.suse.com/security/cve/CVE-2023-42754.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1212051
* https://bugzilla.suse.com/show_bug.cgi?id=1214842
* https://bugzilla.suse.com/show_bug.cgi?id=1215095
* https://bugzilla.suse.com/show_bug.cgi?id=1215467
* https://bugzilla.suse.com/show_bug.cgi?id=1215518
* https://bugzilla.suse.com/show_bug.cgi?id=1215745
* https://bugzilla.suse.com/show_bug.cgi?id=1215858
* https://bugzilla.suse.com/show_bug.cgi?id=1215860
* https://bugzilla.suse.com/show_bug.cgi?id=1215861
* https://bugzilla.suse.com/show_bug.cgi?id=1216046
* https://bugzilla.suse.com/show_bug.cgi?id=1216051
* https://bugzilla.suse.com/show_bug.cgi?id=1216134
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4343-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4343-1
Rating: important
References:
* bsc#1211162
* bsc#1211307
* bsc#1213772
* bsc#1214754
* bsc#1214874
* bsc#1215545
* bsc#1215921
* bsc#1215955
* bsc#1216062
* bsc#1216202
* bsc#1216322
* bsc#1216324
* bsc#1216333
* bsc#1216512
Cross-References:
* CVE-2023-2163
* CVE-2023-2860
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-39189
* CVE-2023-39191
* CVE-2023-39193
* CVE-2023-45862
* CVE-2023-5178
CVSS scores:
* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
* CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-5178 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-5178 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5
An update that solves nine vulnerabilities and has five security fixes can now
be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
unsafe code paths being incorrectly marked as safe, resulting in arbitrary
read/write in kernel memory, lateral privilege escalation, and container
escape. (bsc#1215518)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-
supplied eBPF programs that may have allowed an attacker with CAP_BPF
privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
* CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing
of seg6 attributes. This flaw allowed a privileged local user to disclose
sensitive information. (bsc#1211592)
The following non-security bugs were fixed:
* 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
* ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
* ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
* ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
* ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
* ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
* ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
* ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
* ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
* ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
M70q (git-fixes).
* ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
* ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
* ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
* ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
* ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-
fixes).
* ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
* ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
* ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
* ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
* ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
* ASoC: pxa: fix a memory leak in probe() (git-fixes).
* Bluetooth: Avoid redundant authentication (git-fixes).
* Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
* Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
* Bluetooth: Reject connection with the device which has same BD_ADDR (git-
fixes).
* Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
* Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
* Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
* Bluetooth: hci_event: Fix coding style (git-fixes).
* Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
* Bluetooth: hci_event: Ignore NULL link key (git-fixes).
* Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
(git-fixes).
* Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
* Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
* Documentation: qat: change kernel version (PED-6401).
* Documentation: qat: rewrite description (PED-6401).
* Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-
fixes).
* Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-
fixes).
* Fix metadata references
* HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-
fixes).
* HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
* HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-
fixes).
* HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
* HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
* HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-
fixes).
* IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
* Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
gpio_int_idx == 0 case (git-fixes).
* Input: powermate - fix use-after-free in powermate_config_complete (git-
fixes).
* Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
* Input: xpad - add PXN V900 support (git-fixes).
* KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-
fixes).
* KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
* KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes
bsc#1216512).
* KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
(git-fixes).
* KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
* KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
(bsc#1213772).
* KVM: x86: Propagate the AMD Automatic IBRS feature to the guest
(bsc#1213772).
* KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
* KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
* KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
* NFS: Fix O_DIRECT locking issues (bsc#1211162).
* NFS: Fix a few more clear_bit() instances that need release semantics
(bsc#1211162).
* NFS: Fix a potential data corruption (bsc#1211162).
* NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
* NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
* NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
* NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
* NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
* NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
* RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
* RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
* RDMA/core: Require admin capabilities to set system parameters (git-fixes)
* RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
* RDMA/mlx5: Fix NULL string error (git-fixes)
* RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
(git-fixes)
* RDMA/siw: Fix connection failure handling (git-fixes)
* RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
* RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
* Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes).
* Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
* USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
* USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
* USB: serial: option: add entry for Sierra EM9191 with new firmware (git-
fixes).
* arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
* ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
* ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
* ata: libata-core: Fix port and device removal (git-fixes).
* ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
* ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
(git-fixes).
* blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before
init (bsc#1216062).
* blk-cgroup: support to track if policy is online (bsc#1216062).
* bonding: Fix extraction of ports from the packet headers (bsc#1214754).
* bonding: Return pointer to data after pull on skb (bsc#1214754).
* bonding: do not assume skb mac_header is set (bsc#1214754).
* bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
* bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
* bpf: Add override check to kprobe multi link attach (git-fixes).
* bpf: Add zero_map_value to zero map value with special fields (git-fixes).
* bpf: Cleanup check_refcount_ok (git-fixes).
* bpf: Fix max stack depth check for async callbacks (git-fixes).
* bpf: Fix offset calculation error in __copy_map_value and zero_map_value
(git-fixes).
* bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
* bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
* bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
* bpf: Gate dynptr API behind CAP_BPF (git-fixes).
* bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
* bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
* bpf: Tighten ptr_to_btf_id checks (git-fixes).
* bpf: fix precision propagation verbose logging (git-fixes).
* bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
* bpf: propagate precision across all frames, not just the last one (git-
fixes).
* bpf: propagate precision in ALU/ALU64 operations (git-fixes).
* btf: Export bpf_dynptr definition (git-fixes).
* btrfs: do not start transaction for scrub if the fs is mounted read-only
(bsc#1214874).
* bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
* bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-
fixes).
* ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
* ceph: add encryption support to writepage and writepages (jsc#SES-1880).
* ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
* ceph: add helpers for converting names for userland presentation
(jsc#SES-1880).
* ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
* ceph: add new mount option to enable sparse reads (jsc#SES-1880).
* ceph: add object version support for sync read (jsc#SES-1880).
* ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
* ceph: add some fscrypt guardrails (jsc#SES-1880).
* ceph: add support for encrypted snapshot names (jsc#SES-1880).
* ceph: add support to readdir for encrypted names (jsc#SES-1880).
* ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
* ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
* ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
* ceph: create symlinks with encrypted and base64-encoded targets
(jsc#SES-1880).
* ceph: decode alternate_name in lease info (jsc#SES-1880).
* ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
* ceph: drop messages from MDS when unmounting (jsc#SES-1880).
* ceph: encode encrypted name in ceph_mdsc_build_path and dentry release
(jsc#SES-1880).
* ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1216322).
* ceph: fix type promotion bug on 32bit systems (bsc#1216324).
* ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
* ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
* ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
* ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
* ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
* ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
* ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
* ceph: make d_revalidate call fscrypt revalidator for encrypted dentries
(jsc#SES-1880).
* ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
* ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
* ceph: mark directory as non-complete after loading key (jsc#SES-1880).
* ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
* ceph: plumb in decryption during reads (jsc#SES-1880).
* ceph: preallocate inode for ops that may create one (jsc#SES-1880).
* ceph: prevent snapshot creation in encrypted locked directories
(jsc#SES-1880).
* ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
* ceph: send alternate_name in MClientRequest (jsc#SES-1880).
* ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open()
(jsc#SES-1880).
* ceph: size handling in MClientRequest, cap updates and inode traces
(jsc#SES-1880).
* ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper
(jsc#SES-1880).
* ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
* ceph: voluntarily drop Xx caps for requests those touch parent mtime
(jsc#SES-1880).
* ceph: wait for OSD requests' callbacks to finish when unmounting
(jsc#SES-1880).
* cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
(bsc#1215955).
* cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
* clk: tegra: fix error return case for recalc_rate (git-fixes).
* counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-
fixes).
* crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
* crypto: qat - Remove unused function declarations (PED-6401).
* crypto: qat - add fw_counters debugfs file (PED-6401).
* crypto: qat - add heartbeat counters check (PED-6401).
* crypto: qat - add heartbeat feature (PED-6401).
* crypto: qat - add internal timer for qat 4xxx (PED-6401).
* crypto: qat - add measure clock frequency (PED-6401).
* crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
* crypto: qat - add qat_zlib_deflate (PED-6401).
* crypto: qat - add support for 402xx devices (PED-6401).
* crypto: qat - change value of default idle filter (PED-6401).
* crypto: qat - delay sysfs initialization (PED-6401).
* crypto: qat - do not export adf_init_admin_pm() (PED-6401).
* crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
* crypto: qat - drop obsolete heartbeat interface (PED-6401).
* crypto: qat - drop redundant adf_enable_aer() (PED-6401).
* crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
* crypto: qat - extend buffer list logic interface (PED-6401).
* crypto: qat - extend configuration for 4xxx (PED-6401).
* crypto: qat - fix apply custom thread-service mapping for dc service
(PED-6401).
* crypto: qat - fix concurrency issue when device state changes (PED-6401).
* crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
* crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
* crypto: qat - make fw images name constant (PED-6401).
* crypto: qat - make state machine functions static (PED-6401).
* crypto: qat - move dbgfs init to separate file (PED-6401).
* crypto: qat - move returns to default case (PED-6401).
* crypto: qat - refactor device restart logic (PED-6401).
* crypto: qat - refactor fw config logic for 4xxx (PED-6401).
* crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
* crypto: qat - replace state machine calls (PED-6401).
* crypto: qat - replace the if statement with min() (PED-6401).
* crypto: qat - set deprecated capabilities as reserved (PED-6401).
* crypto: qat - unmap buffer before free for DH (PED-6401).
* crypto: qat - unmap buffers before free for RSA (PED-6401).
* crypto: qat - update slice mask for 4xxx devices (PED-6401).
* crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
* dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-
fixes).
* dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
* dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
* drm/amd/display: Do not check registers, if using AUX BL control (git-
fixes).
* drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
* drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
* drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
* drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-
fixes).
* drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
* drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
* drm/amdgpu: add missing NULL check (git-fixes).
* drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
* drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
* drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
* drm/atomic-helper: relax unregistered connector check (git-fixes).
* drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-
fixes).
* drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
* drm/i915: Retry gtt fault when out of fence registers (git-fixes).
* drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
* drm/msm/dp: do not reinitialize phy unless retry during link training (git-
fixes).
* drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-
fixes).
* drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
* drm/msm/dsi: skip the wait for video mode done if not applicable (git-
fixes).
* drm/vmwgfx: fix typo of sizeof argument (git-fixes).
* drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
* firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND
(git-fixes).
* firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
(git-fixes).
* fprobe: Ensure running fprobe_exit_handler() finished before calling
rethook_free() (git-fixes).
* fscrypt: new helper function - fscrypt_prepare_lookup_partial()
(jsc#SES-1880).
* gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-
fixes).
* gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
* gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
* gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
* gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
* gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
* gve: Do not fully free QPL pages on prefill errors (git-fixes).
* i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
* i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-
fixes).
* i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-
fixes).
* i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
* i2c: mux: gpio:Â Replace custom acpi_get_local_address() (git-fixes).
* i2c: npcm7xx: Fix callback completion ordering (git-fixes).
* ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
* iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
* iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
* iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
* intel x86 platform vsec kABI workaround (bsc#1216202).
* io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
* io_uring/rw: defer fsnotify calls to task context (git-fixes).
* io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
* io_uring/rw: remove leftover debug statement (git-fixes).
* io_uring: Replace 0-length array with flexible array (git-fixes).
* io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
* io_uring: fix fdinfo sqe offsets calculation (git-fixes).
* io_uring: fix memory leak when removing provided buffers (git-fixes).
* iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback
(bsc#1212423).
* iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
(bsc#1212423).
* iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
* kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
* kabi: blkcg_policy_data fix KABI (bsc#1216062).
* kabi: workaround for enum nft_trans_phase (bsc#1215104).
* kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
* leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
* libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
* libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type
(jsc#SES-1880).
* libceph: add sparse read support to OSD client (jsc#SES-1880).
* libceph: add sparse read support to msgr1 (jsc#SES-1880).
* libceph: add spinlock around osd->o_requests (jsc#SES-1880).
* libceph: allow ceph_osdc_new_request to accept a multi-op read
(jsc#SES-1880).
* libceph: define struct ceph_sparse_extent and add some helpers
(jsc#SES-1880).
* libceph: new sparse_read op, support sparse reads on msgr2 crc codepath
(jsc#SES-1880).
* libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
* libceph: use kernel_connect() (bsc#1216323).
* mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788
bsc#1213705).
* mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
* mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
* mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
* mtd: physmap-core: Restore map_rom fallback (git-fixes).
* mtd: rawnand: arasan: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: marvell: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: pl353: Ensure program page operations are successful (git-
fixes).
* mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
* mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
* net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-
fixes).
* net: mana: Fix TX CQE error handling (bsc#1215986).
* net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
* net: nfc: llcp: Add lock when modifying device list (git-fixes).
* net: rfkill: gpio: prevent value glitch during probe (git-fixes).
* net: sched: add barrier to fix packet stuck problem for lockless qdisc
(bsc#1216345).
* net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(bsc#1216345).
* net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-
fixes).
* net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-
fixes).
* net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
* net: use sk_is_tcp() in more places (git-fixes).
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound
set/chain (git-fixes).
* netfilter: nf_tables: unbind non-anonymous set if rule construction fails
(git-fixes).
* nfc: nci: assert requested protocol is valid (git-fixes).
* nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-
fixes).
* nfs: only issue commit in DIO codepath if we have uncommitted data
(bsc#1211162).
* nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
(git-fixes).
* nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
(bsc#1214842).
* phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
* phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
* phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
* pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
* pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
* platform/surface: platform_profile: Propagate error if profile registration
fails (git-fixes).
* platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
* platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
* platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
* platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
* platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
* platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
(git-fixes).
* platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-
fixes).
* platform/x86: think-lmi: Fix reference leak (git-fixes).
* platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
* power: supply: ucs1002: fix error code in ucs1002_get_property() (git-
fixes).
* r8152: check budget for r8152_poll() (git-fixes).
* regmap: fix NULL deref on lookup (git-fixes).
* regmap: rbtree: Fix wrong register marked as in-cache when creating new node
(git-fixes).
* remove unnecessary WARN_ON_ONCE() (bsc#1214823).
* ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
* ring-buffer: Do not attempt to read past "commit" (git-fixes).
* ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
* ring-buffer: Update "shortest_full" in polling (git-fixes).
* s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
* s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
* s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788
bsc#1215957).
* sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
* sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
(git fixes (sched)).
* sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes
(sched)).
* sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
* scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
* scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
* scsi: iscsi: Add length check for nlattr payload (git-fixes).
* scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
* scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
* scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
* scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-
fixes).
* scsi: pm8001: Setup IRQs on resume (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read()
directly (git-fixes).
* scsi: qedf: Do not touch __user pointer in
qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
* scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
* scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
* selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-
fixes).
* selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-
fixes).
* selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
* selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
* serial: 8250_port: Check IRQ data before use (git-fixes).
* soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-
fixes).
* spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
* spi: stm32: add a delay before SPI disable (git-fixes).
* spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
(git-fixes).
* spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
* thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-
fixes).
* thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
* thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
Ridge (git-fixes).
* tracing: Have current_trace inc the trace array ref count (git-fixes).
* tracing: Have event inject files inc the trace array ref count (git-fixes).
* tracing: Have option files inc the trace array ref count (git-fixes).
* tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
* tracing: Increase trace array ref count on enable and filter files (git-
fixes).
* tracing: Make trace_marker{,_raw} stream-like (git-fixes).
* usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
* usb: dwc3: Soft reset phy on probe for host (git-fixes).
* usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-
fixes).
* usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
* usb: hub: Guard against accesses to uninitialized BOS descriptors (git-
fixes).
* usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
* usb: musb: Modify the "HWVers" register address (git-fixes).
* usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-
fixes).
* usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-
fixes).
* usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
* vmbus_testing: fix wrong python syntax for integer value comparison (git-
fixes).
* vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
* watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
* watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running
(git-fixes).
* wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
* wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
* wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
* wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
* wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
* wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-
fixes).
* wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
* wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-
fixes).
* wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
* wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
* x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
* x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
* x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
* x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf
(bsc#1213772).
* x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
* x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
* x86/mm: Print the encryption features correctly when a paravisor is present
(bsc#1206453).
* x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
* x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
* x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
* x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
* xen-netback: use default TX queue size for vifs (git-fixes).
* xhci: Keep interrupt disabled in initialization until host is running (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4343=1
* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4343=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4343=1 openSUSE-SLE-15.5-2023-4343=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4343=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_13_24-rt-1-150500.11.3.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-1-150500.11.3.1
* SUSE Real Time Module 15-SP5 (x86_64)
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-5.14.21-150500.13.24.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.24.1
* ocfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.24.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-vdso-5.14.21-150500.13.24.1
* gfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-syms-rt-5.14.21-150500.13.24.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-devel-5.14.21-150500.13.24.1
* dlm-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-debugsource-5.14.21-150500.13.24.1
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-source-rt-5.14.21-150500.13.24.1
* kernel-devel-rt-5.14.21-150500.13.24.1
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.24.1
* kernel-rt-5.14.21-150500.13.24.1
* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.24.1
* kernel-devel-rt-5.14.21-150500.13.24.1
* openSUSE Leap 15.5 (x86_64)
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-livepatch-5_14_21-150500_13_24-rt-1-150500.11.3.1
* kselftests-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-5.14.21-150500.13.24.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.24.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* reiserfs-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.24.1
* ocfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-livepatch-5.14.21-150500.13.24.1
* kernel-livepatch-5_14_21-150500_13_24-rt-debuginfo-1-150500.11.3.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.24.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.24.1
* cluster-md-kmp-rt-5.14.21-150500.13.24.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* gfs2-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt-optional-5.14.21-150500.13.24.1
* kernel-syms-rt-5.14.21-150500.13.24.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-extra-5.14.21-150500.13.24.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.24.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.24.1
* kernel-rt-devel-5.14.21-150500.13.24.1
* dlm-kmp-rt-5.14.21-150500.13.24.1
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.24.1
* kernel-rt_debug-devel-5.14.21-150500.13.24.1
* kernel-rt-vdso-5.14.21-150500.13.24.1
* kernel-rt-debugsource-5.14.21-150500.13.24.1
* kernel-livepatch-SLE15-SP5-RT_Update_7-debugsource-1-150500.11.3.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.24.1
* kernel-rt-5.14.21-150500.13.24.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.24.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debugsource-5.14.21-150500.13.24.1
* kernel-rt-debuginfo-5.14.21-150500.13.24.1
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-2860.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39191.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1211162
* https://bugzilla.suse.com/show_bug.cgi?id=1211307
* https://bugzilla.suse.com/show_bug.cgi?id=1213772
* https://bugzilla.suse.com/show_bug.cgi?id=1214754
* https://bugzilla.suse.com/show_bug.cgi?id=1214874
* https://bugzilla.suse.com/show_bug.cgi?id=1215545
* https://bugzilla.suse.com/show_bug.cgi?id=1215921
* https://bugzilla.suse.com/show_bug.cgi?id=1215955
* https://bugzilla.suse.com/show_bug.cgi?id=1216062
* https://bugzilla.suse.com/show_bug.cgi?id=1216202
* https://bugzilla.suse.com/show_bug.cgi?id=1216322
* https://bugzilla.suse.com/show_bug.cgi?id=1216324
* https://bugzilla.suse.com/show_bug.cgi?id=1216333
* https://bugzilla.suse.com/show_bug.cgi?id=1216512
1
0
![](https://seccdn.libravatar.org/avatar/f819efe95eaea2a7db07c53222c03bb4.jpg?s=120&d=mm&r=g)
SUSE-SU-2023:4347-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 02 Nov '23
by maintenance@opensuse.org 02 Nov '23
02 Nov '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:4347-1
Rating: important
References:
* bsc#1208995
* bsc#1210169
* bsc#1210778
* bsc#1212703
* bsc#1214233
* bsc#1214380
* bsc#1214386
* bsc#1215115
* bsc#1215117
* bsc#1215221
* bsc#1215275
* bsc#1215299
* bsc#1215467
* bsc#1215745
* bsc#1215858
* bsc#1215860
* bsc#1215861
* bsc#1216046
* bsc#1216051
Cross-References:
* CVE-2020-36766
* CVE-2023-1192
* CVE-2023-1206
* CVE-2023-1859
* CVE-2023-31085
* CVE-2023-34324
* CVE-2023-39189
* CVE-2023-39192
* CVE-2023-39193
* CVE-2023-39194
* CVE-2023-40283
* CVE-2023-42754
* CVE-2023-45862
* CVE-2023-4622
* CVE-2023-4623
* CVE-2023-4881
* CVE-2023-4921
CVSS scores:
* CVE-2020-36766 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2020-36766 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1859 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-1859 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39189 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-39189 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
* CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39193 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
* CVE-2023-40283 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-40283 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45862 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-45862 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Linux Enterprise High Availability Extension 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Live Patching 15-SP1
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Manager Proxy 4.0
* SUSE Manager Retail Branch Server 4.0
* SUSE Manager Server 4.0
An update that solves 17 vulnerabilities and has two security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling.
(bsc#1215745).
* CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a
local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,
leading to a crash or information disclosure. (bsc#1216046)
* CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem
(bsc#1215861).
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
* CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that
could lead to denial of service (bsc#1215467).
* CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup
table which could be exploited by network adjacent attackers, increasing CPU
usage by 95% (bsc#1212703).
* CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network
scheduler which could be exploited to achieve local privilege escalation
(bsc#1215275).
* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain
sockets component which could be exploited to achieve local privilege
escalation (bsc#1215117).
* CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler
which could be exploited to achieve local privilege escalation
(bsc#1215115).
* CVE-2020-36766: Fixed a potential information leak in in the CEC driver
(bsc#1215299).
* CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which
could be exploited to crash the system (bsc#1210169).
* CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221).
* CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
* CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread()
(bsc#1208995).
The following non-security bugs were fixed:
* check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC
(bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
* mkspec: Allow unsupported KMPs (bsc#1214386)
* old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from
them is no longer suported.
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4347=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4347=1
* SUSE Linux Enterprise Live Patching 15-SP1
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-4347=1
* SUSE Linux Enterprise High Availability Extension 15 SP1
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-4347=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4347=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4347=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4347=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (nosrc)
* kernel-debug-4.12.14-150100.197.160.1
* kernel-zfcpdump-4.12.14-150100.197.160.1
* kernel-kvmsmall-4.12.14-150100.197.160.1
* kernel-default-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-base-4.12.14-150100.197.160.1
* kernel-debug-base-debuginfo-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-vanilla-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-base-4.12.14-150100.197.160.1
* kernel-vanilla-devel-4.12.14-150100.197.160.1
* kernel-vanilla-livepatch-devel-4.12.14-150100.197.160.1
* kernel-vanilla-base-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-debugsource-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (x86_64)
* kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.160.1
* kernel-kvmsmall-base-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-vanilla-4.12.14-150100.197.160.1
* openSUSE Leap 15.4 (s390x)
* kernel-default-man-4.12.14-150100.197.160.1
* kernel-zfcpdump-man-4.12.14-150100.197.160.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-vanilla-4.12.14-150100.197.160.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-vanilla-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-devel-4.12.14-150100.197.160.1
* kernel-vanilla-livepatch-devel-4.12.14-150100.197.160.1
* kernel-vanilla-base-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-vanilla-base-4.12.14-150100.197.160.1
* kernel-vanilla-debugsource-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Live Patching 15-SP1 (nosrc)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64)
* kernel-livepatch-4_12_14-150100_197_160-default-1-150100.3.3.1
* kernel-default-livepatch-devel-4.12.14-150100.197.160.1
* kernel-default-livepatch-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-4.12.14-150100.197.160.1
* dlm-kmp-default-debuginfo-4.12.14-150100.197.160.1
* cluster-md-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* cluster-md-kmp-default-4.12.14-150100.197.160.1
* gfs2-kmp-default-4.12.14-150100.197.160.1
* ocfs2-kmp-default-4.12.14-150100.197.160.1
* gfs2-kmp-default-debuginfo-4.12.14-150100.197.160.1
* dlm-kmp-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
nosrc x86_64)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch
nosrc)
* kernel-docs-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64 nosrc)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* reiserfs-kmp-default-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x)
* kernel-zfcpdump-debuginfo-4.12.14-150100.197.160.1
* kernel-default-man-4.12.14-150100.197.160.1
* kernel-zfcpdump-debugsource-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc)
* kernel-zfcpdump-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le
x86_64)
* kernel-default-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* reiserfs-kmp-default-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (nosrc x86_64)
* kernel-default-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (x86_64)
* kernel-default-devel-debuginfo-4.12.14-150100.197.160.1
* kernel-obs-build-debugsource-4.12.14-150100.197.160.1
* kernel-syms-4.12.14-150100.197.160.1
* kernel-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-debugsource-4.12.14-150100.197.160.1
* reiserfs-kmp-default-debuginfo-4.12.14-150100.197.160.1
* kernel-default-base-4.12.14-150100.197.160.1
* reiserfs-kmp-default-4.12.14-150100.197.160.1
* kernel-obs-build-4.12.14-150100.197.160.1
* kernel-default-base-debuginfo-4.12.14-150100.197.160.1
* kernel-default-devel-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (noarch)
* kernel-devel-4.12.14-150100.197.160.1
* kernel-macros-4.12.14-150100.197.160.1
* kernel-source-4.12.14-150100.197.160.1
* SUSE CaaS Platform 4.0 (noarch nosrc)
* kernel-docs-4.12.14-150100.197.160.1
## References:
* https://www.suse.com/security/cve/CVE-2020-36766.html
* https://www.suse.com/security/cve/CVE-2023-1192.html
* https://www.suse.com/security/cve/CVE-2023-1206.html
* https://www.suse.com/security/cve/CVE-2023-1859.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39192.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-39194.html
* https://www.suse.com/security/cve/CVE-2023-40283.html
* https://www.suse.com/security/cve/CVE-2023-42754.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-4622.html
* https://www.suse.com/security/cve/CVE-2023-4623.html
* https://www.suse.com/security/cve/CVE-2023-4881.html
* https://www.suse.com/security/cve/CVE-2023-4921.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208995
* https://bugzilla.suse.com/show_bug.cgi?id=1210169
* https://bugzilla.suse.com/show_bug.cgi?id=1210778
* https://bugzilla.suse.com/show_bug.cgi?id=1212703
* https://bugzilla.suse.com/show_bug.cgi?id=1214233
* https://bugzilla.suse.com/show_bug.cgi?id=1214380
* https://bugzilla.suse.com/show_bug.cgi?id=1214386
* https://bugzilla.suse.com/show_bug.cgi?id=1215115
* https://bugzilla.suse.com/show_bug.cgi?id=1215117
* https://bugzilla.suse.com/show_bug.cgi?id=1215221
* https://bugzilla.suse.com/show_bug.cgi?id=1215275
* https://bugzilla.suse.com/show_bug.cgi?id=1215299
* https://bugzilla.suse.com/show_bug.cgi?id=1215467
* https://bugzilla.suse.com/show_bug.cgi?id=1215745
* https://bugzilla.suse.com/show_bug.cgi?id=1215858
* https://bugzilla.suse.com/show_bug.cgi?id=1215860
* https://bugzilla.suse.com/show_bug.cgi?id=1215861
* https://bugzilla.suse.com/show_bug.cgi?id=1216046
* https://bugzilla.suse.com/show_bug.cgi?id=1216051
1
0