openSUSE Updates
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
August 2023
- 2 participants
- 274 discussions
SUSE-SU-2023:3318-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 15 Aug '23
by maintenance@opensuse.org 15 Aug '23
15 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3318-1
Rating: important
References:
* #1150305
* #1193629
* #1194869
* #1206418
* #1207129
* #1207894
* #1208788
* #1210565
* #1210584
* #1210627
* #1210780
* #1210853
* #1211131
* #1211243
* #1211738
* #1211811
* #1211867
* #1212301
* #1212502
* #1212604
* #1212846
* #1212901
* #1212905
* #1213010
* #1213011
* #1213012
* #1213013
* #1213014
* #1213015
* #1213016
* #1213017
* #1213018
* #1213019
* #1213020
* #1213021
* #1213024
* #1213025
* #1213032
* #1213034
* #1213035
* #1213036
* #1213037
* #1213038
* #1213039
* #1213040
* #1213041
* #1213059
* #1213061
* #1213087
* #1213088
* #1213089
* #1213090
* #1213092
* #1213093
* #1213094
* #1213095
* #1213096
* #1213098
* #1213099
* #1213100
* #1213102
* #1213103
* #1213104
* #1213105
* #1213106
* #1213107
* #1213108
* #1213109
* #1213110
* #1213111
* #1213112
* #1213113
* #1213114
* #1213134
* #1213167
* #1213245
* #1213247
* #1213252
* #1213258
* #1213259
* #1213263
* #1213264
* #1213272
* #1213286
* #1213287
* #1213304
* #1213523
* #1213524
* #1213543
* #1213585
* #1213586
* #1213588
* #1213620
* #1213653
* #1213705
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-20593
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-2985
* CVE-2023-31083
* CVE-2023-3117
* CVE-2023-31248
* CVE-2023-3268
* CVE-2023-3390
* CVE-2023-35001
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-3812
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Real Time Module 15-SP4
An update that solves 20 vulnerabilities and has 89 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an
attacker to potentially access sensitive information (bsc#1213286).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in
fs/hfsplus/super.c that could allow a local user to cause a denial of
service (bsc#1211867).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter
subsystem when processing named and anonymous sets in batch requests that
could allow a local user with CAP_NET_ADMIN capability to crash or
potentially escalate their privileges on the system (bsc#1213245).
* CVE-2023-31248: Fixed an use-after-free vulnerability in
nft_chain_lookup_byid that could allow a local attacker to escalate their
privilege (bsc#1213061).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter
subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker
with user access to cause a privilege escalation issue (bsc#1212846).
* CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder
that could allow a local attacker to escalate their privilege (bsc#1213059).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP
device driver functionality that could allow a local user to crash or
potentially escalate their privileges on the system (bsc#1213543).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* add module_firmware() for firmware_tg357766 (git-fixes).
* afs: adjust ack interpretation to try and cope with nat (git-fixes).
* afs: fix access after dec in put functions (git-fixes).
* afs: fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: fix dynamic root getattr (git-fixes).
* afs: fix fileserver probe rtt handling (git-fixes).
* afs: fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: fix lost servers_outstanding count (git-fixes).
* afs: fix server->active leak in afs_put_server (git-fixes).
* afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: fix updating of i_size with dv jump from server (git-fixes).
* afs: fix vlserver probe rtt handling (git-fixes).
* afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
* afs: use refcount_t rather than atomic_t (git-fixes).
* afs: use the operation issue time instead of the reply time for callbacks
(git-fixes).
* alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
* alsa: fireface: make read-only const array for model names static (git-
fixes).
* alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
* alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
* alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
* alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
* alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
* alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
* alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
* alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
* alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
* alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
* alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
* alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
* alsa: hda/realtek: support asus g713pv laptop (git-fixes).
* alsa: hda/realtek: whitespace fix (git-fixes).
* alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
* alsa: hda: fix a possible null-pointer dereference due to data race in
snd_hdac_regmap_sync() (git-fixes).
* alsa: oxfw: make read-only const array models static (git-fixes).
* alsa: pcm: fix potential data race at pcm memory allocation helpers (git-
fixes).
* alsa: usb-audio: add quirk for microsoft modern wireless headset
(bsc#1207129).
* alsa: usb-audio: update for native dsd support quirks (git-fixes).
* apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
* arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
* arm64: dts: microchip: sparx5: do not use psci on reference boards (git-
fixes)
* arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
* arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
* asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
* asoc: codecs: es8316: fix dmic config (git-fixes).
* asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
* asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
* asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* asoc: da7219: check for failure reading aad irq events (git-fixes).
* asoc: da7219: flush pending aad irq when suspending (git-fixes).
* asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
* asoc: fsl_spdif: silence output on stop (git-fixes).
* asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: tegra: fix adx byte map (git-fixes).
* asoc: tegra: fix amx byte map (git-fixes).
* asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: fix division by zero error on zero wsum (bsc#1213653).
* block: fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* can: bcm: fix uaf in bcm_proc_show() (git-fixes).
* can: gs_usb: gs_can_close(): add missing set of can state to
can_state_stopped (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* cifs: add a warning when the in-flight count goes negative (bsc#1193629).
* cifs: address unused variable warning (bsc#1193629).
* cifs: do all necessary checks for credits within or before locking
(bsc#1193629).
* cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
* cifs: fix max_credits implementation (bsc#1193629).
* cifs: fix session state check in reconnect to avoid use-after-free issue
(bsc#1193629).
* cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
* cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
* cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
* cifs: fix status checks in cifs_tree_connect (bsc#1193629).
* cifs: log session id when a matching ses is not found (bsc#1193629).
* cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
* cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
* cifs: print all credit counters in debugdata (bsc#1193629).
* cifs: print client_guid in debugdata (bsc#1193629).
* cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
* cifs: print nosharesock value while dumping mount options (bsc#1193629).
* clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-
fixes).
* clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
* coda: avoid partial allocation of sig_inputargs (git-fixes).
* codel: fix kernel-doc notation warnings (git-fixes).
* crypto: kpp - add helper to set reqsize (git-fixes).
* crypto: qat - use helper to set reqsize (git-fixes).
* delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix
bsc#1213705.
* devlink: fix kernel-doc notation warnings (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* docs: networking: update codeaurora references for rmnet (git-fixes).
* documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-
fixes).
* documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
* documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* documentation: timers: hrtimers: make hybrid union historical (git-fixes).
* drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
* drm/amd/display: disable mpc split by default on special asic (git-fixes).
* drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-
fixes).
* drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
* drm/amdgpu: validate vm ioctl flags (git-fixes).
* drm/atomic: allow vblank-enabled + self-refresh "disable" (git-fixes).
* drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
* drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
* drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
* drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
* drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-
fixes).
* drm/i915: fix one wrong caching mode enum usage (git-fixes).
* drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
* drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-
fixes).
* drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
* drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-
fixes).
* drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
* drm/ttm: do not leak a resource on swapout move error (git-fixes).
* drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
* dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in "compatible"
conditional schema (git-fixes).
* enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758)
* ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
* ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid()
(bsc#1213088).
* ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
* ext4: add strict range checks while freeing blocks (bsc#1213089).
* ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
* ext4: block range must be validated before use in ext4_mb_clear_bb()
(bsc#1213090).
* ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
* ext4: disallow ea_inodes with extended attributes (bsc#1213108).
* ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
* ext4: fix data races when using cached status extents (bsc#1213102).
* ext4: fix deadlock when converting an inline directory in nojournal mode
(bsc#1213105).
* ext4: fix i_disksize exceeding i_size problem in paritally written case
(bsc#1213015).
* ext4: fix lockdep warning when enabling mmp (bsc#1213100).
* ext4: fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
* ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
(bsc#1213021).
* ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
(bsc#1213098).
* ext4: fix warning in ext4_update_inline_data (bsc#1213012).
* ext4: fix warning in mb_find_extent (bsc#1213099).
* ext4: improve error handling from ext4_dirhash() (bsc#1213104).
* ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
* ext4: move where set the may_inline_data flag is set (bsc#1213011).
* ext4: only update i_reserved_data_blocks on successful block allocation
(bsc#1213019).
* ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
* ext4: refuse to create ea block when umounted (bsc#1213093).
* ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
(bsc#1213107).
* ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
* ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
* ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
* ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
* fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* file: always lock position for fmode_atomic_pos (bsc#1213759).
* fix documentation of panic_on_warn (git-fixes).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -eagain or error returns (git-fixes).
* fs: dlm: return positive pid value for f_getlk (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
* fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
* fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
* fuse: ioctl: translate enosys in outarg (bsc#1213524).
* fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
* gve: set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
* hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
* hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
* hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134
ltc#202861).
* hvcs: use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
* hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
* hwmon: (adm1275) allow setting sample averaging (git-fixes).
* hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled
(git-fixes).
* hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272
(git-fixes).
* i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: do not try to handle more interrupt events after error (git-
fixes).
* iavf: fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: fix use-after-free in free_netdev (git-fixes).
* iavf: use internal state to free traffic irqs (git-fixes).
* ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
* igc: check if hardware tx timestamping is enabled earlier (git-fixes).
* igc: enable and fix rx hash usage by netstack (git-fixes).
* igc: fix inserting of empty frame for launchtime (git-fixes).
* igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
* igc: fix launchtime before start of cycle (git-fixes).
* igc: fix race condition in ptp tx code (git-fixes).
* igc: handle pps start time programming for past time values (git-fixes).
* igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
* igc: remove delay during tx ring configuration (git-fixes).
* igc: set tp bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* igc: work around hw bug causing missing timestamps (git-fixes).
* inotify: avoid reporting event with invalid wd (bsc#1213025).
* input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
* input: iqs269a - do not poll during ati (git-fixes).
* input: iqs269a - do not poll during suspend or resume (git-fixes).
* jbd2: fix data missing when reusing bh which is ready to be checkpointed
(bsc#1213095).
* jdb2: do not refuse invalidation of already invalidated buffers
(bsc#1213014).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
* kabi/severities: add vas symbols changed due to recent fix vas accelerators
are directly tied to the architecture, there is no reason to have out-of-
tree production drivers
* kabi: do not check external trampolines for signature (kabi bsc#1207894
bsc#1211243).
* kernel-binary.spec.in: remove superfluous %% in supplements fixes:
02b7735e0caf ("rpm/kernel-binary.spec.in: add enhances and supplements tags
to in-tree kmps")
* kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime
is undefined (git-fixes).
* kvm: arm64: do not read a hw interrupt pending state in user context (git-
fixes)
* kvm: arm64: warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* kvm: do not null dereference ops->destroy (git-fixes)
* kvm: downgrade two bug_ons to warn_on_once (git-fixes)
* kvm: initialize debugfs_dentry when a vm is created to avoid null (git-
fixes)
* kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
* kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-
fixes).
* kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-
fixes).
* kvm: vmx: restore vmx_vmexit alignment (git-fixes).
* kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
* leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-
fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
(git-fixes).
* media: cec: i2c: ch7322: also select regmap (git-fixes).
* media: i2c: correct format propagation for st-mipid02 (git-fixes).
* media: staging: atomisp: select v4l2_fwnode (git-fixes).
* media: usb: check az6007_read() return value (git-fixes).
* media: usb: siano: fix warning due to null work_func_t function pointer
(git-fixes).
* media: venus: helpers: fix align() of non power of two (git-fixes).
* media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
* memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
* mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
* mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is
used (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: add support for vlan tagging (bsc#1212301).
* net: mana: batch ringing rx queue doorbell on receiving packets
(bsc#1212901).
* net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: fix sparse warning (git-fixes).
* nfsd: remove open coding of string copy (git-fixes).
* nfsv4.1: always send a reclaim_complete after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-
fixes).
* ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
* ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
* ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
* ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
* ntb: ntb_transport: fix possible memory leak while device_register() fails
(git-fixes).
* nvme-multipath: support io stats on the mpath device (bsc#1210565).
* nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* nvme: introduce nvme_start_request (bsc#1210565).
* ocfs2: check new file size on fallocate call (git-fixes).
* ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
* ocfs2: switch to security_inode_init_security() (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: add additional check for mcam rules (git-fixes).
* opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
* pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
* pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
* phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* phy: revert "phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb" (git-
fixes).
* phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
* phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
* pie: fix kernel-doc notation warning (git-fixes).
* pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
* pinctrl: amd: do not show `invalid config param` errors (git-fixes).
* pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
* pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-
fixes).
* powerpc/64: only warn if __pa()/__va() called with bad addresses
(bsc#1194869).
* powerpc/64s: fix vas mm use after free (bsc#1194869).
* powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
* powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
* powerpc/ftrace: remove ftrace init tramp once kernel init is complete
(bsc#1194869).
* powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare()
(bsc#1194869).
* powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-
boundary (bsc#1150305 ltc#176097 git-fixes).
* powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
* powerpc/powernv/sriov: perform null check on iov before dereferencing iov
(bsc#1194869).
* powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr
(bsc#1194869).
* powerpc/prom_init: fix kernel config grep (bsc#1194869).
* powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
* powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
* powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
* powerpc: define get_cycles macro for arch-override (bsc#1194869).
* powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
* pwm: ab8500: fix error code in probe() (git-fixes).
* pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
* pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
* rdma/bnxt_re: fix hang during driver unload (git-fixes)
* rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
* rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
* rdma/irdma: add missing read barriers (git-fixes)
* rdma/irdma: fix data race on cqp completion stats (git-fixes)
* rdma/irdma: fix data race on cqp request done (git-fixes)
* rdma/irdma: fix op_type reporting in cqes (git-fixes)
* rdma/irdma: report correct wc error (git-fixes)
* rdma/mlx4: make check for invalid flags stricter (git-fixes)
* rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
* rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
* regmap: account for register length in smbus i/o limits (git-fixes).
* regmap: drop initial version of maximum transfer length fixes (git-fixes).
* revert "arm64: dts: zynqmp: add address-cells property to interrupt (git-
fixes)
* revert "debugfs, coccinelle: check for obsolete define_simple_attribute()
usage" (git-fixes).
* revert "drm/amd/display: edp do not add non-edid timings" (git-fixes).
* revert "nfsv4: retry lock on old_stateid during delegation return" (git-
fixes).
* revert "usb: dwc3: core: enable autoretry feature in the controller" (git-
fixes).
* revert "usb: gadget: tegra-xudc: fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* revert "usb: xhci: tegra: fix error check" (git-fixes).
* revert "xhci: add quirk for host controllers that do not update endpoint
dcs" (git-fixes).
* rpm/check-for-config-changes: ignore also riscv_isa_ _and dynamic_sigframe
they depend on config_toolchain_has__.
* rpm: update dependency to match current kmod.
* rsi: remove kernel-doc comment marker (git-fixes).
* rxrpc, afs: fix selection of abort codes (git-fixes).
* s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
* s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
* s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes
bsc#1213252).
* s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under kasan (git-fixes
bsc#1213715).
* s390: define runtime_discard_exit to fix link error with gnu ld < 2.36
(git-fixes bsc#1213264).
* s390: discard .interp section (git-fixes bsc#1213247).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* scftorture: count reschedule ipis (git-fixes).
* sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
* sched: fix debug && !schedstats warn (git-fixes)
* scsi: lpfc: abort outstanding els cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths
(bsc#1213756).
* scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: make fabric zone discovery more robust when handling unsolicited
logo (bsc#1213756).
* scsi: lpfc: pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
* scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: set establish image pair service parameter only for target
functions (bsc#1213756).
* scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
* scsi: qla2xxx: array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: correct the index of array (bsc#1213747).
* scsi: qla2xxx: drop useless list_head (bsc#1213747).
* scsi: qla2xxx: fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
* scsi: qla2xxx: fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: fix end of loop test (bsc#1213747).
* scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
* scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
* scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: fix tmf leak through (bsc#1213747).
* scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
* scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: replace one-element array with declare_flex_array() helper
(bsc#1213747).
* scsi: qla2xxx: silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
* security: keys: modify mismatched function name (git-fixes).
* selftests: mptcp: depend on syn_cookies (git-fixes).
* selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* selftests: tc: add 'ct' action kconfig dep (git-fixes).
* selftests: tc: add conntrack procfs kconfig (git-fixes).
* selftests: tc: set timeout to 15 minutes (git-fixes).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
* signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
* signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv)
(bsc#1194869).
* smb3: do not reserve too many oplock credits (bsc#1193629).
* smb3: missing null check in smb2_change_notify (bsc#1193629).
* smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
* smb: client: fix missed ses refcounting (git-fixes).
* smb: client: fix parsing of source mount option (bsc#1193629).
* smb: client: fix shared dfs root mounts with different prefixes
(bsc#1193629).
* smb: client: fix warning in cifs_match_super() (bsc#1193629).
* smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
* smb: client: fix warning in cifsfindfirst() (bsc#1193629).
* smb: client: fix warning in cifsfindnext() (bsc#1193629).
* smb: client: fix warning in generic_ip_connect() (bsc#1193629).
* smb: client: improve dfs mount check (bsc#1193629).
* smb: client: remove redundant pointer 'server' (bsc#1193629).
* smb: delete an unnecessary statement (bsc#1193629).
* smb: move client and server files to common directory fs/smb (bsc#1193629).
* smb: remove obsolete comment (bsc#1193629).
* soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-
fixes).
* spi: bcm63xx: fix max prepend length (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* sunrpc: always free ctxt when freeing deferred request (git-fixes).
* sunrpc: double free xprt_ctxt while still in use (git-fixes).
* sunrpc: fix trace_svc_register() call site (git-fixes).
* sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
* sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
* sunrpc: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: prevent page release when nothing was received (git-fixes).
* tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-
fixes).
* tpm_tis: explicitly check for error code (git-fixes).
* tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* ubi: ensure that vid header offset + vid header size <= alloc, size
(bsc#1210584).
* ubi: fix failure attaching when vid_hdr offset equals to (sub)page size
(bsc#1210584).
* ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: fix build errors as symbol undefined (git-fixes).
* ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: fix memory leak in do_rename (git-fixes).
* ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: fix to add refcount once page is set private (git-fixes).
* ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: free memory for tmpfile name (git-fixes).
* ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: rename whiteout atomically (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
* ubifs: reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-
fixes).
* udf: avoid double brelse() in udf_rename() (bsc#1213032).
* udf: define efscorrupted error code (bsc#1213038).
* udf: detect system inodes linked into directory hierarchy (bsc#1213114).
* udf: discard preallocation before extending file with a hole (bsc#1213036).
* udf: do not bother looking for prealloc extents if i_lenextents matches
i_size (bsc#1213035).
* udf: do not bother merging very long extents (bsc#1213040).
* udf: do not update file length for failed writes to inline files
(bsc#1213041).
* udf: fix error handling in udf_new_inode() (bsc#1213112).
* udf: fix extending file within last block (bsc#1213037).
* udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
* udf: preserve link count of system files (bsc#1213113).
* udf: truncate added extents on failed expansion (bsc#1213039).
* update config and supported.conf files due to renaming.
* update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes
bsc#1212604). added bug reference.
* usb: dwc2: fix some error handling paths (git-fixes).
* usb: dwc2: platform: improve error reporting for problems during .remove()
(git-fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
* usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
* usb: serial: option: add lara-r6 01b pids (git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost: support packed when setting-getting vring_base (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* virtio-net: maintain reverse cleanup order (git-fixes).
* virtio_net: fix error unwinding of xdp initialization (git-fixes).
* wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
* wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
* wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-
fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* writeback: fix call of incorrect macro (bsc#1213024).
* x86/pvh: obtain vga console info in dom0 (git-fixes).
* x86: fix .brk attribute in linker script (git-fixes).
* xen/blkfront: only check req_fua for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
* xfs: ail needs asynchronous cil forcing (bsc#1211811).
* xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: cil work is serialised, not pipelined (bsc#1211811).
* xfs: clean up the rtbitmap fsmap backend (git-fixes).
* xfs: do not deplete the reserve pool when trying to shrink the fs (git-
fixes).
* xfs: do not reverse order of items in bulk ail insertion (git-fixes).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from cil commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: fix getfsmap reporting past the last rt extent (git-fixes).
* xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-
fixes).
* xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
* xfs: fix logdev fsmap query result filtering (git-fixes).
* xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
* xfs: fix uninitialized variable access (git-fixes).
* xfs: make fsmap backend function key parameters const (git-fixes).
* xfs: make the record pointer passed to query_range functions const (git-
fixes).
* xfs: move the cil workqueue to the cil (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order cil checkpoint start records (bsc#1211811).
* xfs: pass a cil context to xlog_write() (bsc#1211811).
* xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down ail (bsc#1211811).
* xfs: xlog_state_ioerror must die (bsc#1211811).
* xhci: fix resume issue of some zhaoxin hosts (git-fixes).
* xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
* xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3318=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3318=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3318=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3318=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3318=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3318=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3318=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3318=1
* SUSE Real Time Module 15-SP4
zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-3318=1
## Package List:
* openSUSE Leap Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* openSUSE Leap Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* openSUSE Leap Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* openSUSE Leap Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* openSUSE Leap 15.4 (x86_64)
* kernel-syms-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-5.14.21-150400.15.46.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.46.1
* dlm-kmp-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-5.14.21-150400.15.46.1
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* gfs2-kmp-rt-5.14.21-150400.15.46.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.46.1
* kernel-source-rt-5.14.21-150400.15.46.1
* openSUSE Leap 15.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* kernel-livepatch-5_14_21-150400_15_46-rt-debuginfo-1-150400.1.5.1
* kernel-livepatch-SLE15-SP4-RT_Update_11-debugsource-1-150400.1.5.1
* kernel-livepatch-5_14_21-150400_15_46-rt-1-150400.1.5.1
* SUSE Real Time Module 15-SP4 (x86_64)
* kernel-syms-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-5.14.21-150400.15.46.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debuginfo-5.14.21-150400.15.46.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* gfs2-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt-devel-5.14.21-150400.15.46.1
* dlm-kmp-rt-debuginfo-5.14.21-150400.15.46.1
* kernel-rt_debug-debugsource-5.14.21-150400.15.46.1
* dlm-kmp-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-devel-5.14.21-150400.15.46.1
* kernel-rt-debugsource-5.14.21-150400.15.46.1
* gfs2-kmp-rt-5.14.21-150400.15.46.1
* SUSE Real Time Module 15-SP4 (noarch)
* kernel-devel-rt-5.14.21-150400.15.46.1
* kernel-source-rt-5.14.21-150400.15.46.1
* SUSE Real Time Module 15-SP4 (nosrc x86_64)
* kernel-rt-5.14.21-150400.15.46.1
* kernel-rt_debug-5.14.21-150400.15.46.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-20593.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-2985.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3117.html
* https://www.suse.com/security/cve/CVE-2023-31248.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3390.html
* https://www.suse.com/security/cve/CVE-2023-35001.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-3812.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1150305
* https://bugzilla.suse.com/show_bug.cgi?id=1193629
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1207894
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
* https://bugzilla.suse.com/show_bug.cgi?id=1210565
* https://bugzilla.suse.com/show_bug.cgi?id=1210584
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1210853
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211243
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1211867
* https://bugzilla.suse.com/show_bug.cgi?id=1212301
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212846
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1212905
* https://bugzilla.suse.com/show_bug.cgi?id=1213010
* https://bugzilla.suse.com/show_bug.cgi?id=1213011
* https://bugzilla.suse.com/show_bug.cgi?id=1213012
* https://bugzilla.suse.com/show_bug.cgi?id=1213013
* https://bugzilla.suse.com/show_bug.cgi?id=1213014
* https://bugzilla.suse.com/show_bug.cgi?id=1213015
* https://bugzilla.suse.com/show_bug.cgi?id=1213016
* https://bugzilla.suse.com/show_bug.cgi?id=1213017
* https://bugzilla.suse.com/show_bug.cgi?id=1213018
* https://bugzilla.suse.com/show_bug.cgi?id=1213019
* https://bugzilla.suse.com/show_bug.cgi?id=1213020
* https://bugzilla.suse.com/show_bug.cgi?id=1213021
* https://bugzilla.suse.com/show_bug.cgi?id=1213024
* https://bugzilla.suse.com/show_bug.cgi?id=1213025
* https://bugzilla.suse.com/show_bug.cgi?id=1213032
* https://bugzilla.suse.com/show_bug.cgi?id=1213034
* https://bugzilla.suse.com/show_bug.cgi?id=1213035
* https://bugzilla.suse.com/show_bug.cgi?id=1213036
* https://bugzilla.suse.com/show_bug.cgi?id=1213037
* https://bugzilla.suse.com/show_bug.cgi?id=1213038
* https://bugzilla.suse.com/show_bug.cgi?id=1213039
* https://bugzilla.suse.com/show_bug.cgi?id=1213040
* https://bugzilla.suse.com/show_bug.cgi?id=1213041
* https://bugzilla.suse.com/show_bug.cgi?id=1213059
* https://bugzilla.suse.com/show_bug.cgi?id=1213061
* https://bugzilla.suse.com/show_bug.cgi?id=1213087
* https://bugzilla.suse.com/show_bug.cgi?id=1213088
* https://bugzilla.suse.com/show_bug.cgi?id=1213089
* https://bugzilla.suse.com/show_bug.cgi?id=1213090
* https://bugzilla.suse.com/show_bug.cgi?id=1213092
* https://bugzilla.suse.com/show_bug.cgi?id=1213093
* https://bugzilla.suse.com/show_bug.cgi?id=1213094
* https://bugzilla.suse.com/show_bug.cgi?id=1213095
* https://bugzilla.suse.com/show_bug.cgi?id=1213096
* https://bugzilla.suse.com/show_bug.cgi?id=1213098
* https://bugzilla.suse.com/show_bug.cgi?id=1213099
* https://bugzilla.suse.com/show_bug.cgi?id=1213100
* https://bugzilla.suse.com/show_bug.cgi?id=1213102
* https://bugzilla.suse.com/show_bug.cgi?id=1213103
* https://bugzilla.suse.com/show_bug.cgi?id=1213104
* https://bugzilla.suse.com/show_bug.cgi?id=1213105
* https://bugzilla.suse.com/show_bug.cgi?id=1213106
* https://bugzilla.suse.com/show_bug.cgi?id=1213107
* https://bugzilla.suse.com/show_bug.cgi?id=1213108
* https://bugzilla.suse.com/show_bug.cgi?id=1213109
* https://bugzilla.suse.com/show_bug.cgi?id=1213110
* https://bugzilla.suse.com/show_bug.cgi?id=1213111
* https://bugzilla.suse.com/show_bug.cgi?id=1213112
* https://bugzilla.suse.com/show_bug.cgi?id=1213113
* https://bugzilla.suse.com/show_bug.cgi?id=1213114
* https://bugzilla.suse.com/show_bug.cgi?id=1213134
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213245
* https://bugzilla.suse.com/show_bug.cgi?id=1213247
* https://bugzilla.suse.com/show_bug.cgi?id=1213252
* https://bugzilla.suse.com/show_bug.cgi?id=1213258
* https://bugzilla.suse.com/show_bug.cgi?id=1213259
* https://bugzilla.suse.com/show_bug.cgi?id=1213263
* https://bugzilla.suse.com/show_bug.cgi?id=1213264
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213286
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213523
* https://bugzilla.suse.com/show_bug.cgi?id=1213524
* https://bugzilla.suse.com/show_bug.cgi?id=1213543
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213705
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
1
0
SUSE-FU-2023:3322-1: moderate: Feature update for slurm_23_02 and pdsh
by maintenance@opensuse.org 15 Aug '23
by maintenance@opensuse.org 15 Aug '23
15 Aug '23
# Feature update for slurm_23_02 and pdsh
Announcement ID: SUSE-FU-2023:3322-1
Rating: moderate
References:
* #1088693
* #1206795
* #1208846
* #1209216
* #1209260
* #1212946
* PED-2987
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
An update that contains one feature and has six feature fixes can now be
installed.
## Description:
This update for slurm_23_02 and pdsh fixes the following issues:
slurm_23_02 - New version upgrade of Slurm to 23.02 (jsc#PED-2987):
* For the full list of new features and changes please consult the packaged
NEWS file and the following references:
* 23.02.2
* 23.02.1
* 23.02.0
* Important notes:
* If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first.
* If using a backup DBD you must start the primary first to do any database
conversion, the backup will not start until this has happened.
* The 23.02 `slurmdbd` will work with Slurm daemons of version 21.08 and
above. You will not need to update all clusters at the same time, but it is
very important to update `slurmdbd` first and having it running before
updating any other clusters making use of it.
* Slurm can be upgraded from version 21.08 or 22.05 to version 23.02 without
loss of jobs or other state information. Upgrading directly from an earlier
version of Slurm will result in loss of state information.
* All SPANK plugins must be recompiled when upgrading from any Slurm version
prior to 23.02
* PMIx v1.x is no longer supported
* Packaging patches and changes:
* Only call slurm_init() if Slurm > 21.02 (bsc#1212946)
* Web-configurator: changed presets to SUSE defaults.
* Use libpmix.so.2 instead of libpmix.so to fix (bsc#1209260) this removes the
need of pmix-pluginlib
* `slurm-plugins` need to require `pmix-pluginlib` (bsc#1209260)
* Remove workaround to fix the restart issue in an Slurm package described in
bsc#1088693 The Slurm version in this package is 16.05. Any attempt to
directly migrate to the current version is bound to fail
* Now require `slurm-munge` if `munge` authentication is installed
* testsuite: on later SUSE versions claim ownership of directory
`/etc/security/limits.d`
* Move the ext_sensors/rrd plugin to a separate package: this plugin requires
`librrd` which in turn requires huge parts of the client side X Window
System stack. There is probably no use in cluttering up a system for a
plugin that probably only used by a few
* Configuration file changes:
* `job_container.conf` \- Added "`Dirs`" option to list desired private mount
points
* `node_features` plugins - invalid users specified for `AllowUserBoot` will
now result in `fatal()` rather than just an error
* Allow jobs to queue even if the user is not in `AllowGroups` when
`EnforcePartLimits=no` is set. This ensures consistency for all the
Partition access controls, and matches the documented behavior for
`EnforcePartLimits`
* Add `InfluxDBTimeout` parameter to `acct_gather.conf`
* `job_container/tmpfs` \- add support for expanding `%h` and `%n` in
`BasePath`
* `slurm.conf` \- Removed `SlurmctldPlugstack` option
* Add new `SlurmctldParameters=validate_nodeaddr_threads=<number>`
option to allow concurrent hostname resolution at `slurmctld` startup
* Add new `AccountingStoreFlags=job_extra` option to store a job's extra field
in the database
* Add new "`defer_batch`" option to `SchedulerParameters` to only defer
scheduling for batch jobs
* Add new `DebugFlags` option '`JobComp`' to replace '`Elasticsearch`'
* Add configurable job requeue limit parameter - `MaxBatchRequeue` \- in
`slurm.conf` to permit changes from the old hard-coded value of 5
* `helpers.conf` \- Allow specification of node specific features
* `helpers.conf` \- Allow many features to one helper script
* `job_container/tmpfs` \- Add "`Shared`" option to support shared namespaces.
This allows autofs to work with the `job_container/tmpfs` plugin when
enabled
* `acct_gather.conf` \- Added `EnergyIPMIPowerSensors=Node=DCMI` and
`Node=DCMI_ENHANCED`.
* Add new "`getnameinfo_cache_timeout=<number>`" option to
CommunicationParameters to adjust or disable caching the results of
`getnameinfo()`
* Add new PrologFlags=ForceRequeueOnFail option to automatically requeue batch
jobs on Prolog failures regardless of the job --requeue setting
* Add `HealthCheckNodeState=NONDRAINED_IDLE` option.
* Add '`explicit`' to Flags in `gres.conf`. This makes it so the gres is not
automatically added to a job's allocation when `--exclusive` is used. Note
that this is a per-node flag.
* Moved the "`preempt_`" options from `SchedulerParameters` to
`PreemptParameters`, and dropped the prefix from the option names. (The old
options will still be parsed for backwards compatibility, but are now
undocumented.)
* Add `LaunchParameters=ulimit_pam_adopt`, which enables setting `RLIMIT_RSS`
in adopted processes.
* Update SwitchParameters=job_vni to enable/disable creating job VNIs for all
jobs, or when a user requests them
* Update `SwitchParameters=single_node_vni` to enable/disable creating single
node VNIs for all jobs, or when a user requests them
* Add ability to preserve `SuspendExc*` parameters on reconfig with
`ReconfigFlags=KeepPowerSaveSettings`
* `slurmdbd.conf` \- Add new `AllResourcesAbsolute` to force all new resources
to be created with the `Absolute` flag
* `topology/tree` \- Add new `TopologyParam=SwitchAsNodeRank` option to
reorder nodes based on switch layout. This can be useful if the naming
convention for the nodes does not natually map to the network topology
* Removed the default setting for `GpuFreqDef`. If unset, no attempt to change
the GPU frequency will be made if `--gpu-freq` is not set for the step
* Command Changes:
* `sacctmgr` \- no longer force updates to the AdminComment, Comment, or
SystemComment to lower-case
* `sinfo` \- Add -F/--future option to sinfo to display future nodes.
* `sacct` \- Rename 'Reserved' field to 'Planned' to match sreport and the
nomenclature of the 'Planned' node
* `scontrol` \- advanced reservation flag MAINT will no longer replace nodes,
similar to STATIC_ALLOC
* `sbatch` \- add parsing for #PBS -d and #PBS -w.
* `scontrol` show assoc_mgr will show username(uid) instead of uid in QoS
section.
* Add `strigger --draining` and `-R/--resume` options.
* Change `--oversubscribe` and `--exclusive` to be mutually exclusive for job
submission. Job submission commands will now fatal if both are set.
Previously, these options would override each other, with the last one in
the job submission command taking effect.
* `scontrol` \- Requested TRES and allocated TRES will now always be printed
when showing jobs, instead of one TRES output that was either the requested
or allocated.
* `srun --ntasks-per-core` now applies to job and step allocations. Now, use
of `--ntasks-per-core=1` implies `--cpu-bind=cores` and `--ntasks-per-
core>1` implies `--cpu-bind=threads`.
* `salloc/sbatch/srun` \- Check and abort if `ntasks-per-core` > `threads-per-
core`.
* `scontrol` \- Add `ResumeAfter=<secs>` option to "scontrol update
nodename=".
* Add a new "nodes=" argument to scontrol setdebug to allow the debug level on
the slurmd processes to be temporarily altered
* Add a new "nodes=" argument to "scontrol setdebugflags" as well.
* Make it so `scrontab` prints client-side the job_submit() err_msg (which can
be set i.e. by using the log_user() function for the lua plugin).
* `scontrol` \- Reservations will not be allowed to have STATIC_ALLOC or MAINT
flags and REPLACE[_DOWN] flags simultaneously
* `scontrol` \- Reservations will only accept one reoccurring flag when being
created or updated.
* `scontrol` \- A reservation cannot be updated to be reoccurring if it is
already a floating reservation.
* `squeue` \- removed unused '%s' and 'SelectJobInfo' formats.
* `squeue` \- align print format for exit and derived codes with that of other
components (<exit_status>:<signal_number>).
* `sacct` \- Add --array option to expand job arrays and display array tasks
on separate lines.
* Partial support for `--json` and `--yaml` formated outputs have been
implemented for `sacctmgr`, `sdiag`, `sinfo`, `squeue`, and `scontrol`. The
resultant data ouput will be filtered by normal command arguments.
Formatting arguments will continue to be ignored.
* `salloc/sbatch/srun` \- extended the `--nodes` syntax to allow for a list of
valid node counts to be allocated to the job. This also supports a "step
count" value (e.g., --nodes=20-100:20 is equivalent to
--nodes=20,40,60,80,100) which can simplify the syntax when the job needs to
scale by a certain "chunk" size
* `srun` \- add user requestible vnis with '\--network=job_vni' option
* `srun` \- add user requestible single node vnis with the
`--network=single_node_vni` option
* API Changes:
* `job_container` plugins - `container_p_stepd_create()` function signature
replaced `uint32_t` uid with `stepd_step_rec_t*` step.
* `gres` plugins - `gres_g_get_devices()` function signature replaced `pid_t
pid` with `stepd_step_rec_t*` step.
* `cgroup` plugins - `task_cgroup_devices_constrain()` function signature
removed `pid_t pid`.
* `task` plugins - `replace task_p_pre_set_affinity()`,
`task_p_set_affinity()`, and `task_p_post_set_affinity()` with
`task_p_pre_launch_priv()` like it was back in slurm 20.11.
* Allow for concurrent processing of `job_submit_g_submit()` and
`job_submit_g_modify()` calls. If your plugin is not capable of concurrent
operation you must add additional locking within your plugin.
* Removed return value from slurm_list_append().
* The List and ListIterator types have been removed in favor of list_t and
list_itr_t respectively.
* burst buffer plugins:
* add `bb_g_build_het_job_script()`
* `bb_g_get_status()` \- added authenticated UID and GID
* `bb_g_run_script()` \- added job_info argument
* `burst_buffer.lua` \- Pass UID and GID to most hooks. Pass `job_info`
(detailed job information) to many hooks. See `etc/burst_buffer.lua.example`
for a complete list of changes. _WARNING_ : Backwards compatibility is
broken for `slurm_bb_get_status`: UID and GID are passed before the variadic
arguments. If UID and GID are not explicitly listed as arguments to
`slurm_bb_get_status()`, then they will be included in the variadic
arguments. Backwards compatibility is maintained for all other hooks because
the new arguments are passed after the existing arguments.
* `node_features plugins` changes:
* `node_features_p_reboot_weight()` function removed.
* `node_features_p_job_valid()` \- added parameter feature_list.
* `node_features_p_job_xlate()` \- added parameters feature_list and `job_node_bitmap`
* New `data_parser` interface with v0.0.39 plugin
* Test Suite fixes:
* Update README_Testsuite.md
* Clean up left over files when de-installing test suite
* Adjustment to test suite package: for SLE mark the openmpi4 devel package
and slurm-hdf5 optional
* Add `-ffat-lto-objects` to the build flags when LTO is set to make sure the
object files we ship with the test suite still work correctly.
* Improve `setup-testsuite.sh`: copy ssh fingerprints from all nodes
pdsh:
* Prepared `pdsh` for Slurm 23.02 (jsc#PED-2987)
* Fix slurm plugin: make sure slurm_init() is called before using the Slurm
API (bsc#1209216)
* Fix regression in Slurm 23.02 breaking the pdsh-internal List type by
exposing it thru it's public API (bsc#1208846)
* Backport a number of features and fixes (bsc#1206795):
* Add '-C' option on Slrum plugin to restrict selected nodes to ones with the
specified features present
* Add option '-k' to the ssh plugin to fail faster on connection failures
* Fix use of `strchr`
* `dshbak`: Fix uninitialized use of $tag on empty input
* `dsh`: Release a lock that is no longer used in dsh()
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3322=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3322=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3322=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* pdsh_slurm_20_02-debugsource-2.34-150100.10.19.1
* pdsh-slurm_20_02-2.34-150100.10.19.1
* pdsh-slurm_20_02-debuginfo-2.34-150100.10.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* pdsh_slurm_20_02-debugsource-2.34-150100.10.19.1
* pdsh-slurm_20_02-2.34-150100.10.19.1
* pdsh-slurm_20_02-debuginfo-2.34-150100.10.19.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* libnss_slurm2_23_02-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-plugins-23.02.2-150100.3.3.1
* slurm_23_02-cray-debuginfo-23.02.2-150100.3.3.1
* pdsh_slurm_20_02-debugsource-2.34-150100.10.19.1
* slurm_23_02-pam_slurm-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-torque-debuginfo-23.02.2-150100.3.3.1
* pdsh-slurm-debuginfo-2.34-150100.10.19.1
* libpmi0_23_02-debuginfo-23.02.2-150100.3.3.1
* libslurm39-debuginfo-23.02.2-150100.3.3.1
* pdsh-slurm_22_05-2.34-150100.10.19.1
* slurm_23_02-node-23.02.2-150100.3.3.1
* slurm_23_02-sview-23.02.2-150100.3.3.1
* slurm_23_02-plugin-ext-sensors-rrd-23.02.2-150100.3.3.1
* pdsh-machines-debuginfo-2.34-150100.10.19.1
* pdsh-slurm-2.34-150100.10.19.1
* pdsh-slurm_23_02-2.34-150100.10.19.1
* slurm_23_02-sview-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-munge-23.02.2-150100.3.3.1
* slurm_23_02-sql-23.02.2-150100.3.3.1
* pdsh-machines-2.34-150100.10.19.1
* pdsh_slurm_22_05-debugsource-2.34-150100.10.19.1
* perl-slurm_23_02-23.02.2-150100.3.3.1
* slurm_23_02-auth-none-debuginfo-23.02.2-150100.3.3.1
* pdsh-slurm_23_02-debuginfo-2.34-150100.10.19.1
* pdsh-debuginfo-2.34-150100.10.19.1
* pdsh-slurm_22_05-debuginfo-2.34-150100.10.19.1
* pdsh-dshgroup-debuginfo-2.34-150100.10.19.1
* pdsh-genders-2.34-150100.10.19.1
* slurm_23_02-debugsource-23.02.2-150100.3.3.1
* libslurm39-23.02.2-150100.3.3.1
* pdsh-slurm_20_02-2.34-150100.10.19.1
* slurm_23_02-pam_slurm-23.02.2-150100.3.3.1
* slurm_23_02-rest-23.02.2-150100.3.3.1
* pdsh-netgroup-2.34-150100.10.19.1
* perl-slurm_23_02-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-rest-debuginfo-23.02.2-150100.3.3.1
* libnss_slurm2_23_02-23.02.2-150100.3.3.1
* pdsh-2.34-150100.10.19.1
* slurm_23_02-slurmdbd-23.02.2-150100.3.3.1
* pdsh-dshgroup-2.34-150100.10.19.1
* slurm_23_02-auth-none-23.02.2-150100.3.3.1
* slurm_23_02-lua-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-munge-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-devel-23.02.2-150100.3.3.1
* slurm_23_02-lua-23.02.2-150100.3.3.1
* pdsh-debugsource-2.34-150100.10.19.1
* slurm_23_02-23.02.2-150100.3.3.1
* pdsh-netgroup-debuginfo-2.34-150100.10.19.1
* pdsh-genders-debuginfo-2.34-150100.10.19.1
* slurm_23_02-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-torque-23.02.2-150100.3.3.1
* slurm_23_02-node-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-slurmdbd-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-plugins-debuginfo-23.02.2-150100.3.3.1
* slurm_23_02-sql-debuginfo-23.02.2-150100.3.3.1
* pdsh-slurm_20_02-debuginfo-2.34-150100.10.19.1
* slurm_23_02-cray-23.02.2-150100.3.3.1
* libpmi0_23_02-23.02.2-150100.3.3.1
* slurm_23_02-plugin-ext-sensors-rrd-debuginfo-23.02.2-150100.3.3.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* slurm_23_02-webdoc-23.02.2-150100.3.3.1
* slurm_23_02-config-man-23.02.2-150100.3.3.1
* slurm_23_02-config-23.02.2-150100.3.3.1
* slurm_23_02-doc-23.02.2-150100.3.3.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1088693
* https://bugzilla.suse.com/show_bug.cgi?id=1206795
* https://bugzilla.suse.com/show_bug.cgi?id=1208846
* https://bugzilla.suse.com/show_bug.cgi?id=1209216
* https://bugzilla.suse.com/show_bug.cgi?id=1209260
* https://bugzilla.suse.com/show_bug.cgi?id=1212946
* https://jira.suse.com/browse/PED-2987
1
0
SUSE-FU-2023:3316-1: moderate: Feature update for jakarta-commons-discovery
by maintenance@opensuse.org 15 Aug '23
by maintenance@opensuse.org 15 Aug '23
15 Aug '23
# Feature update for jakarta-commons-discovery
Announcement ID: SUSE-FU-2023:3316-1
Rating: moderate
References:
* SLE-23217
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that contains one feature can now be installed.
## Description:
This update for jakarta-commons-discovery fixes the following issues:
* Version update from 0.4 to 0.5 (jsc#SLE-23217):
* The minimum JDK requirement is now JDK 1.5
* Dependencies: Commons Discovery depends on Commons Logging
* New features: Discovery APIs use Java5 Generics
* Known bugs/limitations: `resource.classes.DiscoverClasses` doesn't work with
Oracle embedded JVM in DBMS, see DISCOVERY-13:
https://issues.apache.org/jira/browse/DISCOVERY-13
* Deprecations:
* Classes in `org.apache.commons.discovery.log` package have been deprecated; depending on Apache Commons Logging 1.1.1 there is no more circular dependency between Apache Commons Discovery and Apache Commons Logging
* `setLog(org.apache.commons.logging.Log)` methods have been deprecated; they are not thread-safe
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3316=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3316=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3316=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3316=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3316=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3316=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3316=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3316=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3316=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3316=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3316=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3316=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3316=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3316=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3316=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3316=1
* SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-3316=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* jakarta-commons-discovery-javadoc-0.5-150000.4.11.1
* openSUSE Leap 15.5 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* jakarta-commons-discovery-javadoc-0.5-150000.4.11.1
* Basesystem Module 15-SP4 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* Basesystem Module 15-SP5 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Manager Server 4.2 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Enterprise Storage 7.1 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
* SUSE Enterprise Storage 7 (noarch)
* jakarta-commons-discovery-0.5-150000.4.11.1
## References:
* https://jira.suse.com/browse/SLE-23217
1
0
openSUSE-RU-2023:0220-1: moderate: Recommended update for catfish
by maintenance@opensuse.org 14 Aug '23
by maintenance@opensuse.org 14 Aug '23
14 Aug '23
openSUSE Recommended Update: Recommended update for catfish
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0220-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for catfish fixes the following issues:
Update to version 4.18.0:
* Filters: Add Archives, Other, update Apps
* Use Gio to open files, fix "no default app" issue
* Add symlink emblem to thumbnails in thumbnail mode
* config: Prefer plocate over mlocate if available
* window: Avoid IndexError on right click when selection is empty
* Create shared filetype lists for searching and filtering
* Ensure site-packages directory is prepended to sys.path
* Fix double border between sidebar and results area
* window: Fix and refactor new_column()
* window: Fix markup warnings in thumbnail view
* Fix GtkBuilder warnings
* Revert "Suppress the various GTK warnings GtkBuilder outputs"
* Fix crash and translations when install prefix != /usr
* Update `.gitignore`
* Remove generated file po/catfish.pot
* Performance improvements
* Translation Updates
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-220=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
catfish-4.18.0-bp155.2.3.1
catfish-lang-4.18.0-bp155.2.3.1
References:
1
0
14 Aug '23
# Recommended update for skopeo
Announcement ID: SUSE-RU-2023:3314-1
Rating: moderate
References:
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that can now be installed.
## Description:
This update for skopeo fixes the following issues:
skopeo was updated to version 1.12.0.
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3314=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3314=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3314=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3314=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3314=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3314=1
* SUSE Linux Enterprise Real Time 15 SP3
zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3314=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3314=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3314=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3314=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3314=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3314=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3314=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Linux Enterprise Real Time 15 SP3 (x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Manager Proxy 4.2 (x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* skopeo-1.12.0-150300.11.3.3
* skopeo-debuginfo-1.12.0-150300.11.3.3
1
0
openSUSE-SU-2023:0219-1: important: Security update for opensuse-welcome
by opensuse-security@opensuse.org 14 Aug '23
by opensuse-security@opensuse.org 14 Aug '23
14 Aug '23
openSUSE Security Update: Security update for opensuse-welcome
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0219-1
Rating: important
References: #1213708
Cross-References: CVE-2023-32184
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for opensuse-welcome fixes the following issues:
Update to version 0.1.9+git.35.4b9444a:
* CVE-2023-32184: panellayouter: use QTemporaryFile for applyLayout()
(boo#1213708).
* Translation updates.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-219=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):
opensuse-welcome-0.1.9+git.35.4b9444a-bp155.2.3.1
- openSUSE Backports SLE-15-SP5 (noarch):
opensuse-welcome-lang-0.1.9+git.35.4b9444a-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2023-32184.html
https://bugzilla.suse.com/1213708
1
0
SUSE-SU-2023:3311-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 14 Aug '23
by maintenance@opensuse.org 14 Aug '23
14 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3311-1
Rating: important
References:
* #1206418
* #1207129
* #1207948
* #1210627
* #1210780
* #1210825
* #1211131
* #1211738
* #1211811
* #1212445
* #1212502
* #1212604
* #1212766
* #1212901
* #1213167
* #1213272
* #1213287
* #1213304
* #1213417
* #1213578
* #1213585
* #1213586
* #1213588
* #1213601
* #1213620
* #1213632
* #1213653
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
* #1213872
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-31083
* CVE-2023-3268
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-38409
* CVE-2023-3863
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-38409 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-38409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3863 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3863 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
An update that solves 15 vulnerabilities and has 27 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-38409: Fixed an issue in set_con2fb_map in
drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the
first vc, the fbcon_registered_fb and fbcon_display arrays can be
desynchronized in fbcon_mode_deleted (the con2fb_map points at the old
fb_info) (bsc#1213417).
* CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in
net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special
privileges to impact a kernel information leak issue (bsc#1213601).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445).
* ACPI: CPPC: Add definition for undefined FADT preferred PM profile value
(bsc#1212445).
* ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-
fixes).
* ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
* afs: Adjust ACK interpretation to try and cope with NAT (git-fixes).
* afs: Fix access after dec in put functions (git-fixes).
* afs: Fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: Fix dynamic root getattr (git-fixes).
* afs: Fix fileserver probe RTT handling (git-fixes).
* afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: Fix lost servers_outstanding count (git-fixes).
* afs: Fix server->active leak in afs_put_server (git-fixes).
* afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: Fix updating of i_size with dv jump from server (git-fixes).
* afs: Fix vlserver probe RTT handling (git-fixes).
* afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
* afs: Use refcount_t rather than atomic_t (git-fixes).
* afs: Use the operation issue time instead of the reply time for callbacks
(git-fixes).
* ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes).
* ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
* ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
* ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
* ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
* ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
* ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
* ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
* ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-
fixes).
* ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-
fixes).
* ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
(bsc#1207129).
* ALSA: usb-audio: Always initialize fixed_rate in
snd_usb_find_implicit_fb_sync_format() (git-fixes).
* ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-
fixes).
* ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes).
* ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes).
* ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes).
* ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params()
(git-fixes).
* ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes).
* ALSA: usb-audio: Fix possible NULL pointer dereference in
snd_usb_pcm_has_fixed_rate() (git-fixes).
* ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-
fixes).
* ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes).
* ALSA: usb-audio: Properly refcounting clock rate (git-fixes).
* ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes).
* ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes).
* ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2)
(git-fixes).
* ALSA: usb-audio: Update for native DSD support quirks (git-fixes).
* ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes).
* ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes).
* amd-pstate: Fix amd_pstate mode switch (git-fixes).
* ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count()
(git-fixes).
* ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes).
* ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
* ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
* ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
* ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
* ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
* ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
* ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-
fixes).
* ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes).
* ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
* ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
* ASoC: fsl_spdif: Silence output on stop (git-fixes).
* ASoC: rt5640: Fix sleep in atomic context (git-fixes).
* ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes).
* ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes).
* ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes).
* ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write()
(git-fixes).
* ASoC: tegra: Fix ADX byte map (git-fixes).
* ASoC: tegra: Fix AMX byte map (git-fixes).
* ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
* block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948).
* bus: mhi: host: add destroy_device argument to mhi_power_down()
(bsc#1207948).
* can: gs_usb: gs_can_close(): add missing set of CAN state to
CAN_STATE_STOPPED (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* coda: Avoid partial allocation of sig_inputArgs (git-fixes).
* cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection
(bsc#1212445).
* cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445).
* cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445).
* cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445).
* cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
* cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445).
* cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445).
* cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445).
* cpufreq: amd-pstate: Add guided mode control support via sysfs
(bsc#1212445).
* cpufreq: amd-pstate: Add more tracepoint for AMD P-State module
(bsc#1212445).
* cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445).
* cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445).
* cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
* cpufreq: amd-pstate: change amd-pstate driver to be built-in type
(bsc#1212445).
* cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
* cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at
init (bsc#1212445).
* cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445).
* cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445).
* cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445).
* cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445).
* cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering
(bsc#1212445).
* cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment
(bsc#1212445).
* cpufreq: amd-pstate: fix white-space (bsc#1212445).
* cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
* cpufreq: amd-pstate: implement amd pstate cpu online and offline callback
(bsc#1212445).
* cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors
(bsc#1212445).
* cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
* cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future
processors (bsc#1212445).
* cpufreq: amd-pstate: Introduce the support for the processors with shared
memory solution (bsc#1212445).
* cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445).
* cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated
(bsc#1212445).
* cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445).
* cpufreq: amd_pstate: map desired perf into pstate scope for powersave
governor (bsc#1212445).
* cpufreq: amd-pstate: optimize driver working mode selection in
amd_pstate_param() (bsc#1212445).
* cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver
(bsc#1212445).
* cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445).
* cpufreq: amd-pstate: Set a fallback policy based on preferred_profile
(bsc#1212445).
* cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
* cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf()
(bsc#1212445).
* cpufreq: amd-pstate: update pstate frequency transition delay time
(bsc#1212445).
* cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445).
* crypto: kpp - Add helper to set reqsize (git-fixes).
* crypto: qat - Use helper to set reqsize (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical
order (bsc#1212445).
* Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* drm/amd/display: Add monitor specific edid quirk (git-fixes).
* drm/amd/display: Add polling method to handle MST reply packet
(bsc#1213578).
* drm/amd/display: check TG is non-null before checking if enabled (git-
fixes).
* drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
* drm/amd/display: Disable MPC split by default on special asic (git-fixes).
* drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
* drm/amd/display: fix seamless odm transitions (git-fixes).
* drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
* drm/amd/display: only accept async flips for fast updates (git-fixes).
* drm/amd/display: Only update link settings after successful MST link train
(git-fixes).
* drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
* drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-
fixes).
* drm/amd/display: save restore hdcp state when display is unplugged from mst
hub (git-fixes).
* drm/amd/display: Unlock on error path in
dm_handle_mst_sideband_msg_ready_event() (git-fixes).
* drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes).
* drm/amdgpu: add the fan abnormal detection feature (git-fixes).
* drm/amdgpu: avoid restore process run into dead loop (git-fixes).
* drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-
fixes).
* drm/amdgpu: Fix minmax warning (git-fixes).
* drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
* drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-
fixes).
* drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
* drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes).
* drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes).
* drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
* drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-
fixes).
* drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
* drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
* drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes).
* drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578).
* drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots()
(bsc#1213578).
* drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-
fixes).
* drm/i915/dpt: Use shmem for dpt objects (git-fixes).
* drm/i915: Fix an error handling path in igt_write_huge() (git-fixes).
* drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-
fixes).
* drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
* drm/msm/disp/dpu: get timing engine status from intf status register (git-
fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
* drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-
fixes).
* drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
* drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
* drm/ttm: fix warning that we shouldn't mix && and || (git-fixes).
* drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632).
* drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632).
* drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632).
* fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
* fbdev: imxfb: Removed unneeded release_mem_region (git-fixes).
* fbdev: imxfb: warn about invalid left/right margin (git-fixes).
* file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
* fs: dlm: return positive pid value for F_GETLK (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes).
* FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
* fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
* gve: Set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hwmon: (adm1275) Allow setting sample averaging (git-fixes).
* hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
(git-fixes).
* hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
(git-fixes).
* i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
(git-fixes).
* i2c: xiic: Do not try to handle more interrupt events after error (git-
fixes).
* iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes).
* iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies
(git-fixes).
* iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: fix potential deadlock on allocation failure (git-fixes).
* iavf: fix reset task race with iavf_remove() (git-fixes).
* iavf: Fix use-after-free in free_netdev (git-fixes).
* iavf: Move netdev_update_features() into watchdog task (git-fixes).
* iavf: use internal state to free traffic IRQs (git-fixes).
* iavf: Wait for reset in callbacks which trigger it (git-fixes).
* IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
* ice: Fix max_rate check while configuring TX rate limits (git-fixes).
* ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
* ice: handle extts in the miscellaneous interrupt thread (git-fixes).
* igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
* igc: Enable and fix RX hash usage by netstack (git-fixes).
* igc: Fix inserting of empty frame for launchtime (git-fixes).
* igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
* igc: Fix launchtime before start of cycle (git-fixes).
* igc: Fix race condition in PTP tx code (git-fixes).
* igc: Handle PPS start time programming for past time values (git-fixes).
* igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
* igc: Remove delay during TX ring configuration (git-fixes).
* igc: set TP bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* igc: Work around HW bug causing missing timestamps (git-fixes).
* Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes).
* Input: iqs269a - do not poll during ATI (git-fixes).
* Input: iqs269a - do not poll during suspend or resume (git-fixes).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
* kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825).
* kabi/severities: relax kABI for ath11k local symbols (bsc#1207948)
* kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME
is undefined (git-fixes).
* KVM: arm64: Do not read a HW interrupt pending state in user context (git-
fixes)
* KVM: arm64: Warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* KVM: Do not null dereference ops->destroy (git-fixes)
* KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
* KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-
fixes)
* KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867).
* KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-
fixes).
* KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-
fixes).
* KVM: VMX: restore vmx_vmexit alignment (git-fixes).
* KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes).
* leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-
fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445).
* m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes).
* md: add error_handlers for raid0 and linear (bsc#1212766).
* media: staging: atomisp: select V4L2_FWNODE (git-fixes).
* mhi_power_down() kABI workaround (bsc#1207948).
* mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
* mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is
used (git-fixes).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: Batch ringing RX queue doorbell on receiving packets
(bsc#1212901).
* net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
* net/mlx5: DR, Support SW created encap actions for FW table (git-fixes).
* net/mlx5e: Check for NOT_READY flag state after locking (git-fixes).
* net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
* net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
* net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
* net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes).
* net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: Fix sparse warning (git-fixes).
* nfsd: Remove open coding of string copy (git-fixes).
* nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-
fixes).
* nvme: do not reject probe due to duplicate IDs for single-ported PCIe
devices (git-fixes).
* nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes).
* nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: Add additional check for MCAM rules (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
* PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
* phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
* pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
* pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
* pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
* pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-
fixes).
* RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
* RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
* RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
* RDMA/irdma: Add missing read barriers (git-fixes)
* RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
* RDMA/irdma: Fix data race on CQP request done (git-fixes)
* RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
* RDMA/irdma: Report correct WC error (git-fixes)
* RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
* RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
* regmap: Account for register length in SMBus I/O limits (git-fixes).
* regmap: Drop initial version of maximum transfer length fixes (git-fixes).
* Restore kABI for NVidia vGPU driver (bsc#1210825).
* Revert "ALSA: usb-audio: Drop superfluous interface setup at parsing" (git-
fixes).
* Revert "debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE()
usage" (git-fixes).
* Revert "Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)"
* Revert "iavf: Detach device during reset task" (git-fixes).
* Revert "iavf: Do not restart Tx queues after reset task failure" (git-
fixes).
* Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation return" (git-
fixes).
* Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" (git-
fixes).
* Revert "usb: gadget: tegra-xudc: Fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* Revert "usb: xhci: tegra: Fix error check" (git-fixes).
* Revert "xhci: add quirk for host controllers that do not update endpoint
DCS" (git-fixes).
* Revive drm_dp_mst_hpd_irq() function (bsc#1213578).
* rxrpc, afs: Fix selection of abort codes (git-fixes).
* s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/dasd: print copy pair message only for the correct error (git-fixes
bsc#1213872).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
bsc#1213715).
* scftorture: Count reschedule IPIs (git-fixes).
* scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths
(bsc#1213756).
* scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited
LOGO (bsc#1213756).
* scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
* scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: Replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: Set Establish Image Pair service parameter only for Target
Functions (bsc#1213756).
* scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: Use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
* scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: Correct the index of array (bsc#1213747).
* scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
* scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
* scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: Fix end of loop test (bsc#1213747).
* scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
* scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
* scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
* scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
* scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper
(bsc#1213747).
* scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
* selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-
fixes).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
* series: udpate metadata Refresh
* sfc: fix crash when reading stats while NIC is resetting (git-fixes).
* sfc: fix XDP queues mode with legacy IRQ (git-fixes).
* sfc: use budget for TX completions (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* SUNRPC: always free ctxt when freeing deferred request (git-fixes).
* SUNRPC: double free xprt_ctxt while still in use (git-fixes).
* SUNRPC: Fix trace_svc_register() call site (git-fixes).
* SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
* SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
* SUNRPC: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: Prevent page release when nothing was received (git-fixes).
* tpm_tis: Explicitly check for error code (git-fixes).
* tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
* tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
* ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: Fix build errors as symbol undefined (git-fixes).
* ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: Fix memory leak in do_rename (git-fixes).
* ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: Fix to add refcount once page is set private (git-fixes).
* ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: Free memory for tmpfile name (git-fixes).
* ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: Rename whiteout atomically (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
* ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: Re-statistic cleaned znode count if commit failed (git-fixes).
* ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-
fixes).
* Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445)
* usb: dwc2: platform: Improve error reporting for problems during .remove()
(git-fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
* usb: typec: Iterate pds array when showing the pd list (git-fixes).
* usb: typec: Set port->pd before adding device for typec_port (git-fixes).
* usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* vhost: support PACKED when setting-getting vring_base (git-fixes).
* virtio_net: Fix error unwinding of XDP initialization (git-fixes).
* virtio-net: Maintain reverse cleanup order (git-fixes).
* wifi: ath11k: add support for suspend in power down state (bsc#1207948).
* wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
* wifi: ath11k: handle thermal device registeration together with MAC
(bsc#1207948).
* wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948).
* wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
* wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
* wl3501_cs: use eth_hw_addr_set() (git-fixes).
* x86/PVH: obtain VGA console info in Dom0 (git-fixes).
* xen/blkfront: Only check REQ_FUA for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
* xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
* xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
* xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
* xfs: CIL work is serialised, not pipelined (bsc#1211811).
* xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
* xfs: drop async cache flushes from CIL commits (bsc#1211811).
* xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
* xfs: move the CIL workqueue to the CIL (bsc#1211811).
* xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
* xfs: order CIL checkpoint start records (bsc#1211811).
* xfs: pass a CIL context to xlog_write() (bsc#1211811).
* xfs: rework xlog_state_do_callback() (bsc#1211811).
* xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks
(bsc#1211811).
* xfs: separate out log shutdown callback processing (bsc#1211811).
* xfs: wait iclog complete before tearing down AIL (bsc#1211811).
* xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
* xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
* xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
* xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3311=1 SUSE-2023-3311=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3311=1
* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3311=1
* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3311=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3311=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3311=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3311=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* dlm-kmp-default-5.14.21-150500.55.19.1
* kernel-obs-build-debugsource-5.14.21-150500.55.19.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.19.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.19.1
* kernel-default-livepatch-devel-5.14.21-150500.55.19.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.19.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-obs-build-5.14.21-150500.55.19.1
* ocfs2-kmp-default-5.14.21-150500.55.19.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kselftests-kmp-default-5.14.21-150500.55.19.1
* gfs2-kmp-default-5.14.21-150500.55.19.1
* kernel-default-livepatch-5.14.21-150500.55.19.1
* kernel-obs-qa-5.14.21-150500.55.19.1
* kernel-default-devel-5.14.21-150500.55.19.1
* reiserfs-kmp-default-5.14.21-150500.55.19.1
* kernel-syms-5.14.21-150500.55.19.1
* kernel-default-optional-5.14.21-150500.55.19.1
* kernel-default-extra-5.14.21-150500.55.19.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* cluster-md-kmp-default-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-debugsource-5.14.21-150500.55.19.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.19.1
* kernel-debug-devel-5.14.21-150500.55.19.1
* kernel-debug-devel-debuginfo-5.14.21-150500.55.19.1
* kernel-debug-debuginfo-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-debuginfo-5.14.21-150500.55.19.1
* kernel-default-vdso-5.14.21-150500.55.19.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.19.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.19.1
* kernel-debug-vdso-5.14.21-150500.55.19.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-debugsource-5.14.21-150500.55.19.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.19.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.19.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.19.1
* kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4
* kernel-kvmsmall-devel-5.14.21-150500.55.19.1
* kernel-default-base-rebuild-5.14.21-150500.55.19.1.150500.6.6.4
* openSUSE Leap 15.5 (noarch)
* kernel-macros-5.14.21-150500.55.19.1
* kernel-source-5.14.21-150500.55.19.1
* kernel-docs-html-5.14.21-150500.55.19.1
* kernel-source-vanilla-5.14.21-150500.55.19.1
* kernel-devel-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.19.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64)
* dtb-broadcom-5.14.21-150500.55.19.1
* dtb-rockchip-5.14.21-150500.55.19.1
* kernel-64kb-devel-5.14.21-150500.55.19.1
* kernel-64kb-optional-5.14.21-150500.55.19.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-apm-5.14.21-150500.55.19.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-cavium-5.14.21-150500.55.19.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.19.1
* dtb-arm-5.14.21-150500.55.19.1
* dtb-exynos-5.14.21-150500.55.19.1
* dtb-allwinner-5.14.21-150500.55.19.1
* kernel-64kb-extra-5.14.21-150500.55.19.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-xilinx-5.14.21-150500.55.19.1
* dtb-mediatek-5.14.21-150500.55.19.1
* dtb-apple-5.14.21-150500.55.19.1
* dtb-hisilicon-5.14.21-150500.55.19.1
* dtb-marvell-5.14.21-150500.55.19.1
* reiserfs-kmp-64kb-5.14.21-150500.55.19.1
* dtb-nvidia-5.14.21-150500.55.19.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.19.1
* dtb-amazon-5.14.21-150500.55.19.1
* dlm-kmp-64kb-5.14.21-150500.55.19.1
* kernel-64kb-debuginfo-5.14.21-150500.55.19.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-sprd-5.14.21-150500.55.19.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.19.1
* dtb-freescale-5.14.21-150500.55.19.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-amlogic-5.14.21-150500.55.19.1
* dtb-socionext-5.14.21-150500.55.19.1
* dtb-amd-5.14.21-150500.55.19.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.19.1
* dtb-lg-5.14.21-150500.55.19.1
* kselftests-kmp-64kb-5.14.21-150500.55.19.1
* dtb-altera-5.14.21-150500.55.19.1
* dtb-qcom-5.14.21-150500.55.19.1
* kernel-64kb-debugsource-5.14.21-150500.55.19.1
* gfs2-kmp-64kb-5.14.21-150500.55.19.1
* ocfs2-kmp-64kb-5.14.21-150500.55.19.1
* dtb-renesas-5.14.21-150500.55.19.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.19.1
* cluster-md-kmp-64kb-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.19.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-1-150500.11.3.4
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-1-150500.11.3.4
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-1-150500.11.3.4
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-debugsource-5.14.21-150500.55.19.1
* kernel-64kb-devel-5.14.21-150500.55.19.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.19.1
* kernel-64kb-debuginfo-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.19.1.150500.6.6.4
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.19.1
* kernel-macros-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.19.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.19.1
* kernel-zfcpdump-debugsource-5.14.21-150500.55.19.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.19.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.19.1
* kernel-obs-build-5.14.21-150500.55.19.1
* kernel-syms-5.14.21-150500.55.19.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.19.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_19-default-1-150500.11.3.4
* kernel-default-livepatch-devel-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-livepatch-5_14_21-150500_55_19-default-debuginfo-1-150500.11.3.4
* kernel-default-livepatch-5.14.21-150500.55.19.1
* kernel-livepatch-SLE15-SP5_Update_3-debugsource-1-150500.11.3.4
* kernel-default-debugsource-5.14.21-150500.55.19.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* dlm-kmp-default-5.14.21-150500.55.19.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.19.1
* ocfs2-kmp-default-5.14.21-150500.55.19.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* gfs2-kmp-default-5.14.21-150500.55.19.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* cluster-md-kmp-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.19.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-extra-debuginfo-5.14.21-150500.55.19.1
* kernel-default-debugsource-5.14.21-150500.55.19.1
* kernel-default-debuginfo-5.14.21-150500.55.19.1
* kernel-default-extra-5.14.21-150500.55.19.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-38409.html
* https://www.suse.com/security/cve/CVE-2023-3863.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1210825
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1211811
* https://bugzilla.suse.com/show_bug.cgi?id=1212445
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212766
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213417
* https://bugzilla.suse.com/show_bug.cgi?id=1213578
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213601
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213632
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
* https://bugzilla.suse.com/show_bug.cgi?id=1213872
1
0
SUSE-RU-2023:3312-1: important: Recommended update for scap-security-guide
by maintenance@opensuse.org 14 Aug '23
by maintenance@opensuse.org 14 Aug '23
14 Aug '23
# Recommended update for scap-security-guide
Announcement ID: SUSE-RU-2023:3312-1
Rating: important
References:
* #1213691
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.0
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Client Tools for SLE Micro 5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that has one recommended fix can now be installed.
## Description:
This update for scap-security-guide fixes the following issues:
* revert change to rule aide_periodic_cron_checking that broke the SLE
hardening aide part that has incorrect dependencies (bsc#1213691)
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3312=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3312=1
* SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-3312=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3312=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3312=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3312=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3312=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3312=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3312=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3312=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3312=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3312=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3312=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3312=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3312=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3312=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-3312=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3312=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3312=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* openSUSE Leap 15.5 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Manager Client Tools for SLE Micro 5 (noarch)
* scap-security-guide-0.1.68-150000.1.62.1
* Basesystem Module 15-SP4 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* Basesystem Module 15-SP5 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Manager Proxy 4.2 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Manager Retail Branch Server 4.2 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Manager Server 4.2 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE Enterprise Storage 7.1 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
* SUSE CaaS Platform 4.0 (noarch)
* scap-security-guide-redhat-0.1.68-150000.1.62.1
* scap-security-guide-0.1.68-150000.1.62.1
* scap-security-guide-debian-0.1.68-150000.1.62.1
* scap-security-guide-ubuntu-0.1.68-150000.1.62.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1213691
1
0
SUSE-SU-2023:3313-1: important: Security update for the Linux Kernel
by maintenance@opensuse.org 14 Aug '23
by maintenance@opensuse.org 14 Aug '23
14 Aug '23
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2023:3313-1
Rating: important
References:
* #1206418
* #1207129
* #1210627
* #1210780
* #1211131
* #1211738
* #1212502
* #1212604
* #1212901
* #1213167
* #1213272
* #1213287
* #1213304
* #1213585
* #1213586
* #1213588
* #1213620
* #1213653
* #1213713
* #1213715
* #1213747
* #1213756
* #1213759
* #1213777
* #1213810
* #1213812
* #1213842
* #1213856
* #1213857
* #1213863
* #1213867
* #1213870
* #1213871
Cross-References:
* CVE-2022-40982
* CVE-2023-0459
* CVE-2023-20569
* CVE-2023-21400
* CVE-2023-2156
* CVE-2023-2166
* CVE-2023-31083
* CVE-2023-3268
* CVE-2023-3567
* CVE-2023-3609
* CVE-2023-3611
* CVE-2023-3776
* CVE-2023-4004
CVSS scores:
* CVE-2022-40982 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-40982 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-0459 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-0459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-20569 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-21400 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-21400 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-2166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-31083 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-3268 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-3268 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-3567 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3567 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3609 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3611 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-3776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4004 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP4
* Development Tools Module 15-SP4
* Legacy Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 13 vulnerabilities and has 20 fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
* CVE-2022-40982: Fixed transient execution attack called "Gather Data
Sampling" (bsc#1206418).
* CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec
(bsc#1211738).
* CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’
(bsc#1213287).
* CVE-2023-21400: Fixed several memory corruptions due to improper locking in
io_uring (bsc#1213272).
* CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling
of the RPL protocol (bsc#1211131).
* CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter
(bsc#1210627).
* CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
* CVE-2023-3268: Fixed an out of bounds memory access flaw in
relay_file_read_start_pos in the relayfs (bsc#1212502).
* CVE-2023-3567: Fixed a use-after-free in vcs_read in
drivers/tty/vt/vc_screen.c (bsc#1213167).
* CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched
(bsc#1213586).
* CVE-2023-3611: Fixed an out-of-bounds write in net/sched
sch_qfq(bsc#1213585).
* CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-
free (bsc#1213588).
* CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo
(bsc#1213812).
The following non-security bugs were fixed:
* afs: Fix access after dec in put functions (git-fixes).
* afs: Fix afs_getattr() to refetch file status if callback break occurred
(git-fixes).
* afs: Fix dynamic root getattr (git-fixes).
* afs: Fix fileserver probe RTT handling (git-fixes).
* afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
* afs: Fix lost servers_outstanding count (git-fixes).
* afs: Fix server->active leak in afs_put_server (git-fixes).
* afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
* afs: Fix updating of i_size with dv jump from server (git-fixes).
* afs: Fix vlserver probe RTT handling (git-fixes).
* afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
* afs: Use refcount_t rather than atomic_t (git-fixes).
* afs: Use the operation issue time instead of the reply time for callbacks
(git-fixes).
* afs: adjust ack interpretation to try and cope with nat (git-fixes).
* alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
* alsa: hda/realtek: support asus g713pv laptop (git-fixes).
* alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
* alsa: usb-audio: add quirk for microsoft modern wireless headset
(bsc#1207129).
* alsa: usb-audio: update for native dsd support quirks (git-fixes).
* asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
* asoc: codecs: es8316: fix dmic config (git-fixes).
* asoc: da7219: check for failure reading aad irq events (git-fixes).
* asoc: da7219: flush pending aad irq when suspending (git-fixes).
* asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
* asoc: fsl_spdif: silence output on stop (git-fixes).
* asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
* asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
* ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
* block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
* block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-
fixes).
* can: gs_usb: gs_can_close(): add missing set of CAN state to
CAN_STATE_STOPPED (git-fixes).
* ceph: do not let check_caps skip sending responses for revoke msgs
(bsc#1213856).
* coda: Avoid partial allocation of sig_inputArgs (git-fixes).
* dlm: fix missing lkb refcount handling (git-fixes).
* dlm: fix plock invalid read (git-fixes).
* documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-
fixes).
* drm/amd/display: Disable MPC split by default on special asic (git-fixes).
* drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
* drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
* drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
* drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
* drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-
fixes).
* drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
* file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
* fs: dlm: add midcomms init/start functions (git-fixes).
* fs: dlm: do not set stop rx flag after node reset (git-fixes).
* fs: dlm: filter user dlm messages for kernel locks (git-fixes).
* fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
* fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
* fs: dlm: fix race in lowcomms (git-fixes).
* fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
* fs: dlm: move sending fin message into state change handling (git-fixes).
* fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
* fs: dlm: return positive pid value for F_GETLK (git-fixes).
* fs: dlm: start midcomms before scand (git-fixes).
* fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-
fixes).
* fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
* fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
* fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
* gve: Set default duplex configuration to full (git-fixes).
* gve: unify driver name usage (git-fixes).
* hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-
fixes).
* hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
(git-fixes).
* iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
* iavf: Fix use-after-free in free_netdev (git-fixes).
* iavf: use internal state to free traffic IRQs (git-fixes).
* igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
* igc: Enable and fix RX hash usage by netstack (git-fixes).
* igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
* igc: Fix inserting of empty frame for launchtime (git-fixes).
* igc: Fix launchtime before start of cycle (git-fixes).
* igc: Fix race condition in PTP tx code (git-fixes).
* igc: Handle PPS start time programming for past time values (git-fixes).
* igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
* igc: Remove delay during TX ring configuration (git-fixes).
* igc: Work around HW bug causing missing timestamps (git-fixes).
* igc: set TP bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
* input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
* input: iqs269a - do not poll during ati (git-fixes).
* input: iqs269a - do not poll during suspend or resume (git-fixes).
* jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-
fixes).
* jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
* jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
* jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
* jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
* jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
* jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
* kvm: arm64: do not read a hw interrupt pending state in user context (git-
fixes)
* kvm: arm64: warn if accessing timer pending state outside of vcpu
(bsc#1213620)
* kvm: do not null dereference ops->destroy (git-fixes)
* kvm: downgrade two bug_ons to warn_on_once (git-fixes)
* kvm: initialize debugfs_dentry when a vm is created to avoid null (git-
fixes)
* kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
* kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-
fixes).
* kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-
fixes).
* kvm: vmx: restore vmx_vmexit alignment (git-fixes).
* kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
* libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
* media: staging: atomisp: select V4L2_FWNODE (git-fixes).
* net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
* net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
* net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
* net: mana: Batch ringing RX queue doorbell on receiving packets
(bsc#1212901).
* net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
* net: phy: marvell10g: fix 88x3310 power up (git-fixes).
* nfsd: add encoding of op_recall flag for write delegation (git-fixes).
* nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
* nfsd: fix sparse warning (git-fixes).
* nfsd: remove open coding of string copy (git-fixes).
* nfsv4.1: always send a reclaim_complete after establishing lease (git-
fixes).
* nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-
fixes).
* nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
* nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
* octeontx-af: fix hardware timestamp configuration (git-fixes).
* octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
* octeontx2-pf: Add additional check for MCAM rules (git-fixes).
* phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-
fixes).
* pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
* pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
* platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-
fixes).
* rdma/bnxt_re: fix hang during driver unload (git-fixes)
* rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
* rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
* rdma/irdma: add missing read barriers (git-fixes)
* rdma/irdma: fix data race on cqp completion stats (git-fixes)
* rdma/irdma: fix data race on cqp request done (git-fixes)
* rdma/irdma: fix op_type reporting in cqes (git-fixes)
* rdma/irdma: report correct wc error (git-fixes)
* rdma/mlx4: make check for invalid flags stricter (git-fixes)
* rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
* regmap: Account for register length in SMBus I/O limits (git-fixes).
* regmap: Drop initial version of maximum transfer length fixes (git-fixes).
* revert "debugfs, coccinelle: check for obsolete define_simple_attribute()
usage" (git-fixes).
* revert "nfsv4: retry lock on old_stateid during delegation return" (git-
fixes).
* revert "usb: dwc3: core: enable autoretry feature in the controller" (git-
fixes).
* revert "usb: gadget: tegra-xudc: fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
* revert "usb: xhci: tegra: fix error check" (git-fixes).
* revert "xhci: add quirk for host controllers that do not update endpoint
dcs" (git-fixes).
* rxrpc, afs: Fix selection of abort codes (git-fixes).
* s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
* s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
* s390/decompressor: specify __decompress() buf len to avoid overflow (git-
fixes bsc#1213863).
* s390/ipl: add missing intersection check to ipl_report handling (git-fixes
bsc#1213871).
* s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
* s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
bsc#1213715).
* s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
* scftorture: Count reschedule IPIs (git-fixes).
* scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is
detected (bsc#1213756).
* scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
* scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
* scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
* scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path
(bsc#1213756).
* scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths
(bsc#1213756).
* scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
* scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited
LOGO (bsc#1213756).
* scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace
buffer (bsc#1213756).
* scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
* scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
* scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology
(bsc#1213756).
* scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
* scsi: lpfc: Replace one-element array with flexible-array member
(bsc#1213756).
* scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and
lpfc_drop_node (bsc#1213756).
* scsi: lpfc: Set Establish Image Pair service parameter only for Target
Functions (bsc#1213756).
* scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
* scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
* scsi: lpfc: Use struct_size() helper (bsc#1213756).
* scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
* scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
* scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
* scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
* scsi: qla2xxx: Correct the index of array (bsc#1213747).
* scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
* scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
* scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
* scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
* scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
* scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
* scsi: qla2xxx: Fix end of loop test (bsc#1213747).
* scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
* scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
* scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
* scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
* scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
* scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
* scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
* scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper
(bsc#1213747).
* scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
* scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
* scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
* scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
* scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
* serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
* serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
* soundwire: qcom: update status correctly with mask (git-fixes).
* staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-
fixes).
* staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
* sunrpc: always free ctxt when freeing deferred request (git-fixes).
* sunrpc: double free xprt_ctxt while still in use (git-fixes).
* sunrpc: fix trace_svc_register() call site (git-fixes).
* sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
* sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
* sunrpc: remove the maximum number of retries in call_bind_status (git-
fixes).
* svcrdma: Prevent page release when nothing was received (git-fixes).
* tpm_tis: Explicitly check for error code (git-fixes).
* tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
* ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-
fixes).
* ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
(git-fixes).
* ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-
fixes).
* ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
* ubifs: Fix build errors as symbol undefined (git-fixes).
* ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-
fixes).
* ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
* ubifs: Fix memory leak in do_rename (git-fixes).
* ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
* ubifs: Fix to add refcount once page is set private (git-fixes).
* ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
* ubifs: Free memory for tmpfile name (git-fixes).
* ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
* ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
(git-fixes).
* ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
* ubifs: Rename whiteout atomically (git-fixes).
* ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
* ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-
fixes).
* ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
* ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
* ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
* ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-
fixes).
* usb: dwc3: do not reset device side if dwc3 was configured as host-only
(git-fixes).
* usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
* usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate
(git-fixes).
* usb: xhci-mtk: set the dma max_seg_size (git-fixes).
* vhost: support PACKED when setting-getting vring_base (git-fixes).
* vhost_net: revert upend_idx only on retriable error (git-fixes).
* virtio-net: Maintain reverse cleanup order (git-fixes).
* virtio_net: Fix error unwinding of XDP initialization (git-fixes).
* x86/PVH: obtain VGA console info in Dom0 (git-fixes).
* xen/blkfront: Only check REQ_FUA for writes (git-fixes).
* xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3313=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-3313=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3313=1
* Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3313=1
* Legacy Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-3313=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3313=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3313=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3313=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-3313=1 openSUSE-SLE-15.4-2023-3313=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3313=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3313=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3313=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-3313=1
## Package List:
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64)
* kernel-64kb-devel-5.14.21-150400.24.81.1
* kernel-64kb-debuginfo-5.14.21-150400.24.81.1
* kernel-64kb-debugsource-5.14.21-150400.24.81.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150400.24.81.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (noarch)
* kernel-devel-5.14.21-150400.24.81.1
* kernel-macros-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.81.1
* Basesystem Module 15-SP4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.81.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.81.1
* Development Tools Module 15-SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.81.1
* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150400.24.81.1
* kernel-syms-5.14.21-150400.24.81.1
* kernel-obs-build-5.14.21-150400.24.81.1
* Development Tools Module 15-SP4 (noarch)
* kernel-source-5.14.21-150400.24.81.1
* Legacy Module 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-default-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-1-150400.9.3.3
* kernel-livepatch-5_14_21-150400_24_81-default-1-150400.9.3.3
* kernel-default-livepatch-5.14.21-150400.24.81.1
* kernel-default-livepatch-devel-5.14.21-150400.24.81.1
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-1-150400.9.3.3
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* cluster-md-kmp-default-5.14.21-150400.24.81.1
* gfs2-kmp-default-5.14.21-150400.24.81.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* dlm-kmp-default-5.14.21-150400.24.81.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* kernel-default-extra-debuginfo-5.14.21-150400.24.81.1
* kernel-default-extra-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_81-default-debuginfo-1-150400.9.3.3
* kernel-livepatch-5_14_21-150400_24_81-default-1-150400.9.3.3
* kernel-livepatch-SLE15-SP4_Update_16-debugsource-1-150400.9.3.3
* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (noarch)
* kernel-source-vanilla-5.14.21-150400.24.81.1
* kernel-source-5.14.21-150400.24.81.1
* kernel-devel-5.14.21-150400.24.81.1
* kernel-docs-html-5.14.21-150400.24.81.1
* kernel-macros-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (ppc64le x86_64)
* kernel-debug-debuginfo-5.14.21-150400.24.81.1
* kernel-debug-livepatch-devel-5.14.21-150400.24.81.1
* kernel-debug-devel-5.14.21-150400.24.81.1
* kernel-debug-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-debug-debugsource-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150400.24.81.1.150400.24.35.3
* kernel-kvmsmall-debugsource-5.14.21-150400.24.81.1
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* kernel-kvmsmall-devel-5.14.21-150400.24.81.1
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.81.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-5.14.21-150400.24.81.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.81.1
* kernel-obs-build-5.14.21-150400.24.81.1
* kernel-default-livepatch-5.14.21-150400.24.81.1
* kernel-default-extra-5.14.21-150400.24.81.1
* kernel-default-optional-5.14.21-150400.24.81.1
* kernel-obs-qa-5.14.21-150400.24.81.1
* kernel-default-devel-5.14.21-150400.24.81.1
* kernel-obs-build-debugsource-5.14.21-150400.24.81.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-default-5.14.21-150400.24.81.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kselftests-kmp-default-5.14.21-150400.24.81.1
* dlm-kmp-default-5.14.21-150400.24.81.1
* kernel-syms-5.14.21-150400.24.81.1
* ocfs2-kmp-default-5.14.21-150400.24.81.1
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* kernel-default-livepatch-devel-5.14.21-150400.24.81.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-default-5.14.21-150400.24.81.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150400.24.81.1
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64)
* dtb-marvell-5.14.21-150400.24.81.1
* dtb-apple-5.14.21-150400.24.81.1
* dtb-renesas-5.14.21-150400.24.81.1
* dtb-qcom-5.14.21-150400.24.81.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.81.1
* kernel-64kb-devel-5.14.21-150400.24.81.1
* kernel-64kb-debugsource-5.14.21-150400.24.81.1
* dtb-altera-5.14.21-150400.24.81.1
* dtb-freescale-5.14.21-150400.24.81.1
* dtb-cavium-5.14.21-150400.24.81.1
* kernel-64kb-optional-5.14.21-150400.24.81.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* kernel-64kb-livepatch-devel-5.14.21-150400.24.81.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.81.1
* gfs2-kmp-64kb-5.14.21-150400.24.81.1
* dtb-amd-5.14.21-150400.24.81.1
* dtb-amlogic-5.14.21-150400.24.81.1
* dtb-exynos-5.14.21-150400.24.81.1
* dtb-broadcom-5.14.21-150400.24.81.1
* ocfs2-kmp-64kb-5.14.21-150400.24.81.1
* cluster-md-kmp-64kb-5.14.21-150400.24.81.1
* dtb-allwinner-5.14.21-150400.24.81.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-rockchip-5.14.21-150400.24.81.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-amazon-5.14.21-150400.24.81.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* kselftests-kmp-64kb-5.14.21-150400.24.81.1
* kernel-64kb-extra-5.14.21-150400.24.81.1
* dtb-nvidia-5.14.21-150400.24.81.1
* kernel-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-lg-5.14.21-150400.24.81.1
* dtb-arm-5.14.21-150400.24.81.1
* dtb-sprd-5.14.21-150400.24.81.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.81.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-apm-5.14.21-150400.24.81.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.81.1
* dtb-xilinx-5.14.21-150400.24.81.1
* dlm-kmp-64kb-5.14.21-150400.24.81.1
* reiserfs-kmp-64kb-5.14.21-150400.24.81.1
* dtb-mediatek-5.14.21-150400.24.81.1
* dtb-socionext-5.14.21-150400.24.81.1
* dtb-hisilicon-5.14.21-150400.24.81.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64)
* kernel-default-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* openSUSE Leap Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.81.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150400.24.81.1
* kernel-default-debugsource-5.14.21-150400.24.81.1
## References:
* https://www.suse.com/security/cve/CVE-2022-40982.html
* https://www.suse.com/security/cve/CVE-2023-0459.html
* https://www.suse.com/security/cve/CVE-2023-20569.html
* https://www.suse.com/security/cve/CVE-2023-21400.html
* https://www.suse.com/security/cve/CVE-2023-2156.html
* https://www.suse.com/security/cve/CVE-2023-2166.html
* https://www.suse.com/security/cve/CVE-2023-31083.html
* https://www.suse.com/security/cve/CVE-2023-3268.html
* https://www.suse.com/security/cve/CVE-2023-3567.html
* https://www.suse.com/security/cve/CVE-2023-3609.html
* https://www.suse.com/security/cve/CVE-2023-3611.html
* https://www.suse.com/security/cve/CVE-2023-3776.html
* https://www.suse.com/security/cve/CVE-2023-4004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1206418
* https://bugzilla.suse.com/show_bug.cgi?id=1207129
* https://bugzilla.suse.com/show_bug.cgi?id=1210627
* https://bugzilla.suse.com/show_bug.cgi?id=1210780
* https://bugzilla.suse.com/show_bug.cgi?id=1211131
* https://bugzilla.suse.com/show_bug.cgi?id=1211738
* https://bugzilla.suse.com/show_bug.cgi?id=1212502
* https://bugzilla.suse.com/show_bug.cgi?id=1212604
* https://bugzilla.suse.com/show_bug.cgi?id=1212901
* https://bugzilla.suse.com/show_bug.cgi?id=1213167
* https://bugzilla.suse.com/show_bug.cgi?id=1213272
* https://bugzilla.suse.com/show_bug.cgi?id=1213287
* https://bugzilla.suse.com/show_bug.cgi?id=1213304
* https://bugzilla.suse.com/show_bug.cgi?id=1213585
* https://bugzilla.suse.com/show_bug.cgi?id=1213586
* https://bugzilla.suse.com/show_bug.cgi?id=1213588
* https://bugzilla.suse.com/show_bug.cgi?id=1213620
* https://bugzilla.suse.com/show_bug.cgi?id=1213653
* https://bugzilla.suse.com/show_bug.cgi?id=1213713
* https://bugzilla.suse.com/show_bug.cgi?id=1213715
* https://bugzilla.suse.com/show_bug.cgi?id=1213747
* https://bugzilla.suse.com/show_bug.cgi?id=1213756
* https://bugzilla.suse.com/show_bug.cgi?id=1213759
* https://bugzilla.suse.com/show_bug.cgi?id=1213777
* https://bugzilla.suse.com/show_bug.cgi?id=1213810
* https://bugzilla.suse.com/show_bug.cgi?id=1213812
* https://bugzilla.suse.com/show_bug.cgi?id=1213842
* https://bugzilla.suse.com/show_bug.cgi?id=1213856
* https://bugzilla.suse.com/show_bug.cgi?id=1213857
* https://bugzilla.suse.com/show_bug.cgi?id=1213863
* https://bugzilla.suse.com/show_bug.cgi?id=1213867
* https://bugzilla.suse.com/show_bug.cgi?id=1213870
* https://bugzilla.suse.com/show_bug.cgi?id=1213871
1
0
SUSE-SU-2023:3305-1: important: Security update for java-1_8_0-openj9
by maintenance@opensuse.org 14 Aug '23
by maintenance@opensuse.org 14 Aug '23
14 Aug '23
# Security update for java-1_8_0-openj9
Announcement ID: SUSE-SU-2023:3305-1
Rating: important
References:
* #1210628
* #1210631
* #1210632
* #1210634
* #1210635
* #1210636
* #1210637
* #1211615
Cross-References:
* CVE-2023-21930
* CVE-2023-21937
* CVE-2023-21938
* CVE-2023-21939
* CVE-2023-21954
* CVE-2023-21967
* CVE-2023-21968
* CVE-2023-2597
CVSS scores:
* CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-2597 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-2597 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine.
CVE-2023-21930: Unauthenticated attacker with network access via TLS to
compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628).
CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Networking).
(bsc#1210631). CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
(bsc#1210632). CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).
(bsc#1210634). CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
(bsc#1210635). CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).
(bsc#1210636). CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle
GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)
(bsc#1210637). CVE-2023-2597: Fixed buffer overflow in shared cache
implementation (bsc#1211615).
## Patch Instructions:
To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3305=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3305=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3305=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2
* openSUSE Leap 15.4 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2
* openSUSE Leap 15.5 (noarch)
* java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2
* SUSE Package Hub 15 15-SP5 (ppc64le s390x)
* java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-debugsource-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-demo-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-headless-debuginfo-1.8.0.372-150200.3.33.2
* java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2
## References:
* https://www.suse.com/security/cve/CVE-2023-21930.html
* https://www.suse.com/security/cve/CVE-2023-21937.html
* https://www.suse.com/security/cve/CVE-2023-21938.html
* https://www.suse.com/security/cve/CVE-2023-21939.html
* https://www.suse.com/security/cve/CVE-2023-21954.html
* https://www.suse.com/security/cve/CVE-2023-21967.html
* https://www.suse.com/security/cve/CVE-2023-21968.html
* https://www.suse.com/security/cve/CVE-2023-2597.html
* https://bugzilla.suse.com/show_bug.cgi?id=1210628
* https://bugzilla.suse.com/show_bug.cgi?id=1210631
* https://bugzilla.suse.com/show_bug.cgi?id=1210632
* https://bugzilla.suse.com/show_bug.cgi?id=1210634
* https://bugzilla.suse.com/show_bug.cgi?id=1210635
* https://bugzilla.suse.com/show_bug.cgi?id=1210636
* https://bugzilla.suse.com/show_bug.cgi?id=1210637
* https://bugzilla.suse.com/show_bug.cgi?id=1211615
1
0