Marcus Updateinfo to OVAL Converter 5.5 2026-01-10T06:38:14 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the apparmor-abstractions-2.13.6-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-6507 at SUSE CVE-2017-6507 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the augeas-1.10.1-1.11 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2012-0786 at SUSE CVE-2012-0786 at NVD CVE-2014-8119 at SUSE CVE-2014-8119 at NVD CVE-2017-7555 at SUSE CVE-2017-7555 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the bash-4.4-19.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-9401 at SUSE CVE-2016-9401 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-14722 at SUSE CVE-2018-14722 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the bzip2-1.0.6-5.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-3189 at SUSE CVE-2016-3189 at NVD CVE-2019-12900 at SUSE CVE-2019-12900 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the chrony-3.2-9.24.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-1567 at SUSE CVE-2016-1567 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-10749 at SUSE CVE-2020-10749 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the containerd-1.4.4-5.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD CVE-2020-15157 at SUSE CVE-2020-15157 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD CVE-2021-21334 at SUSE CVE-2021-21334 at NVD CVE-2021-32760 at SUSE CVE-2021-32760 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2007-4129 at SUSE CVE-2007-4129 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the coreutils-8.32-1.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-4041 at SUSE CVE-2015-4041 at NVD CVE-2015-4042 at SUSE CVE-2015-4042 at NVD CVE-2017-7476 at SUSE CVE-2017-7476 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the cpio-2.12-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9112 at SUSE CVE-2014-9112 at NVD CVE-2016-2037 at SUSE CVE-2016-2037 at NVD CVE-2019-14866 at SUSE CVE-2019-14866 at NVD CVE-2021-38185 at SUSE CVE-2021-38185 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the cracklib-2.9.7-11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-6318 at SUSE CVE-2016-6318 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the cryptsetup-2.3.4-1.34 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-14382 at SUSE CVE-2020-14382 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the curl-7.66.0-4.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-8150 at SUSE CVE-2014-8150 at NVD CVE-2015-3143 at SUSE CVE-2015-3143 at NVD CVE-2015-3144 at SUSE CVE-2015-3144 at NVD CVE-2015-3145 at SUSE CVE-2015-3145 at NVD CVE-2015-3148 at SUSE CVE-2015-3148 at NVD CVE-2015-3153 at SUSE CVE-2015-3153 at NVD CVE-2015-3236 at SUSE CVE-2015-3236 at NVD CVE-2015-3237 at SUSE CVE-2015-3237 at NVD CVE-2016-0755 at SUSE CVE-2016-0755 at NVD CVE-2016-7167 at SUSE CVE-2016-7167 at NVD CVE-2016-8615 at SUSE CVE-2016-8615 at NVD CVE-2016-8616 at SUSE CVE-2016-8616 at NVD CVE-2016-8617 at SUSE CVE-2016-8617 at NVD CVE-2016-8618 at SUSE CVE-2016-8618 at NVD CVE-2016-8619 at SUSE CVE-2016-8619 at NVD CVE-2016-8620 at SUSE CVE-2016-8620 at NVD CVE-2016-8621 at SUSE CVE-2016-8621 at NVD CVE-2016-8622 at SUSE CVE-2016-8622 at NVD CVE-2016-8623 at SUSE CVE-2016-8623 at NVD CVE-2016-8624 at SUSE CVE-2016-8624 at NVD CVE-2016-8625 at SUSE CVE-2016-8625 at NVD CVE-2016-9586 at SUSE CVE-2016-9586 at NVD CVE-2016-9594 at SUSE CVE-2016-9594 at NVD CVE-2017-1000099 at SUSE CVE-2017-1000099 at NVD CVE-2017-1000100 at SUSE CVE-2017-1000100 at NVD CVE-2017-1000101 at SUSE CVE-2017-1000101 at NVD CVE-2017-1000254 at SUSE CVE-2017-1000254 at NVD CVE-2017-1000257 at SUSE CVE-2017-1000257 at NVD CVE-2017-2629 at SUSE CVE-2017-2629 at NVD CVE-2017-7468 at SUSE CVE-2017-7468 at NVD CVE-2017-8816 at SUSE CVE-2017-8816 at NVD CVE-2017-8817 at SUSE CVE-2017-8817 at NVD CVE-2017-8818 at SUSE CVE-2017-8818 at NVD CVE-2017-9502 at SUSE CVE-2017-9502 at NVD CVE-2018-0500 at SUSE CVE-2018-0500 at NVD CVE-2018-1000005 at SUSE CVE-2018-1000005 at NVD CVE-2018-1000007 at SUSE CVE-2018-1000007 at NVD CVE-2018-1000120 at SUSE CVE-2018-1000120 at NVD CVE-2018-1000121 at SUSE CVE-2018-1000121 at NVD CVE-2018-1000122 at SUSE CVE-2018-1000122 at NVD CVE-2018-1000300 at SUSE CVE-2018-1000300 at NVD CVE-2018-1000301 at SUSE CVE-2018-1000301 at NVD CVE-2018-14618 at SUSE CVE-2018-14618 at NVD CVE-2018-16839 at SUSE CVE-2018-16839 at NVD CVE-2018-16840 at SUSE CVE-2018-16840 at NVD CVE-2018-16842 at SUSE CVE-2018-16842 at NVD CVE-2018-16890 at SUSE CVE-2018-16890 at NVD CVE-2019-3822 at SUSE CVE-2019-3822 at NVD CVE-2019-3823 at SUSE CVE-2019-3823 at NVD CVE-2019-5435 at SUSE CVE-2019-5435 at NVD CVE-2019-5436 at SUSE CVE-2019-5436 at NVD CVE-2019-5481 at SUSE CVE-2019-5481 at NVD CVE-2019-5482 at SUSE CVE-2019-5482 at NVD CVE-2020-8169 at SUSE CVE-2020-8169 at NVD CVE-2020-8177 at SUSE CVE-2020-8177 at NVD CVE-2020-8231 at SUSE CVE-2020-8231 at NVD CVE-2020-8284 at SUSE CVE-2020-8284 at NVD CVE-2020-8285 at SUSE CVE-2020-8285 at NVD CVE-2020-8286 at SUSE CVE-2020-8286 at NVD CVE-2021-22876 at SUSE CVE-2021-22876 at NVD CVE-2021-22890 at SUSE CVE-2021-22890 at NVD CVE-2021-22898 at SUSE CVE-2021-22898 at NVD CVE-2021-22922 at SUSE CVE-2021-22922 at NVD CVE-2021-22923 at SUSE CVE-2021-22923 at NVD CVE-2021-22924 at SUSE CVE-2021-22924 at NVD CVE-2021-22925 at SUSE CVE-2021-22925 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the cyrus-sasl-2.1.27-2.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-19906 at SUSE CVE-2019-19906 at NVD CVE-2020-8032 at SUSE CVE-2020-8032 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the dbus-1-1.12.2-8.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3636 at SUSE CVE-2014-3636 at NVD CVE-2014-3637 at SUSE CVE-2014-3637 at NVD CVE-2014-3639 at SUSE CVE-2014-3639 at NVD CVE-2014-7824 at SUSE CVE-2014-7824 at NVD CVE-2014-8148 at SUSE CVE-2014-8148 at NVD CVE-2015-0245 at SUSE CVE-2015-0245 at NVD CVE-2019-12749 at SUSE CVE-2019-12749 at NVD CVE-2020-12049 at SUSE CVE-2020-12049 at NVD CVE-2020-35512 at SUSE CVE-2020-35512 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the dnsmasq-2.78-7.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-3294 at SUSE CVE-2015-3294 at NVD CVE-2015-8899 at SUSE CVE-2015-8899 at NVD CVE-2017-14491 at SUSE CVE-2017-14491 at NVD CVE-2017-14492 at SUSE CVE-2017-14492 at NVD CVE-2017-14493 at SUSE CVE-2017-14493 at NVD CVE-2017-14494 at SUSE CVE-2017-14494 at NVD CVE-2017-14495 at SUSE CVE-2017-14495 at NVD CVE-2017-14496 at SUSE CVE-2017-14496 at NVD CVE-2017-15107 at SUSE CVE-2017-15107 at NVD CVE-2019-14834 at SUSE CVE-2019-14834 at NVD CVE-2020-25681 at SUSE CVE-2020-25681 at NVD CVE-2020-25682 at SUSE CVE-2020-25682 at NVD CVE-2020-25683 at SUSE CVE-2020-25683 at NVD CVE-2020-25684 at SUSE CVE-2020-25684 at NVD CVE-2020-25685 at SUSE CVE-2020-25685 at NVD CVE-2020-25686 at SUSE CVE-2020-25686 at NVD CVE-2020-25687 at SUSE CVE-2020-25687 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the docker-20.10.6_ce-6.49.3 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-5277 at SUSE CVE-2014-5277 at NVD CVE-2014-6407 at SUSE CVE-2014-6407 at NVD CVE-2014-6408 at SUSE CVE-2014-6408 at NVD CVE-2014-8178 at SUSE CVE-2014-8178 at NVD CVE-2014-8179 at SUSE CVE-2014-8179 at NVD CVE-2014-9356 at SUSE CVE-2014-9356 at NVD CVE-2014-9357 at SUSE CVE-2014-9357 at NVD CVE-2014-9358 at SUSE CVE-2014-9358 at NVD CVE-2015-3627 at SUSE CVE-2015-3627 at NVD CVE-2015-3629 at SUSE CVE-2015-3629 at NVD CVE-2015-3630 at SUSE CVE-2015-3630 at NVD CVE-2015-3631 at SUSE CVE-2015-3631 at NVD CVE-2016-3697 at SUSE CVE-2016-3697 at NVD CVE-2016-8867 at SUSE CVE-2016-8867 at NVD CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2017-14992 at SUSE CVE-2017-14992 at NVD CVE-2017-16539 at SUSE CVE-2017-16539 at NVD CVE-2018-10892 at SUSE CVE-2018-10892 at NVD CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2018-20699 at SUSE CVE-2018-20699 at NVD CVE-2019-13509 at SUSE CVE-2019-13509 at NVD CVE-2019-14271 at SUSE CVE-2019-14271 at NVD CVE-2020-13401 at SUSE CVE-2020-13401 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD CVE-2021-21284 at SUSE CVE-2021-21284 at NVD CVE-2021-21285 at SUSE CVE-2021-21285 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-16884 at SUSE CVE-2019-16884 at NVD CVE-2019-19921 at SUSE CVE-2019-19921 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the dracut-049.1+suse.203.g8ee14a90-3.35.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-8637 at SUSE CVE-2016-8637 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the e2fsprogs-1.43.8-4.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-0247 at SUSE CVE-2015-0247 at NVD CVE-2015-1572 at SUSE CVE-2015-1572 at NVD CVE-2019-5094 at SUSE CVE-2019-5094 at NVD CVE-2019-5188 at SUSE CVE-2019-5188 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9447 at SUSE CVE-2014-9447 at NVD CVE-2017-7607 at SUSE CVE-2017-7607 at NVD CVE-2017-7608 at SUSE CVE-2017-7608 at NVD CVE-2017-7609 at SUSE CVE-2017-7609 at NVD CVE-2017-7610 at SUSE CVE-2017-7610 at NVD CVE-2017-7611 at SUSE CVE-2017-7611 at NVD CVE-2017-7612 at SUSE CVE-2017-7612 at NVD CVE-2017-7613 at SUSE CVE-2017-7613 at NVD CVE-2018-16062 at SUSE CVE-2018-16062 at NVD CVE-2018-16402 at SUSE CVE-2018-16402 at NVD CVE-2018-16403 at SUSE CVE-2018-16403 at NVD CVE-2018-18310 at SUSE CVE-2018-18310 at NVD CVE-2018-18520 at SUSE CVE-2018-18520 at NVD CVE-2018-18521 at SUSE CVE-2018-18521 at NVD CVE-2019-7150 at SUSE CVE-2019-7150 at NVD CVE-2019-7665 at SUSE CVE-2019-7665 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the file-5.32-7.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3710 at SUSE CVE-2014-3710 at NVD CVE-2014-8116 at SUSE CVE-2014-8116 at NVD CVE-2014-8117 at SUSE CVE-2014-8117 at NVD CVE-2017-1000249 at SUSE CVE-2017-1000249 at NVD CVE-2018-10360 at SUSE CVE-2018-10360 at NVD CVE-2019-18218 at SUSE CVE-2019-18218 at NVD CVE-2019-8905 at SUSE CVE-2019-8905 at NVD CVE-2019-8906 at SUSE CVE-2019-8906 at NVD CVE-2019-8907 at SUSE CVE-2019-8907 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the firewalld-0.9.3-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-5410 at SUSE CVE-2016-5410 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2009-3297 at SUSE CVE-2009-3297 at NVD CVE-2011-0541 at SUSE CVE-2011-0541 at NVD CVE-2015-3202 at SUSE CVE-2015-3202 at NVD CVE-2018-10906 at SUSE CVE-2018-10906 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the glib2-tools-2.62.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-16428 at SUSE CVE-2018-16428 at NVD CVE-2018-16429 at SUSE CVE-2018-16429 at NVD CVE-2019-12450 at SUSE CVE-2019-12450 at NVD CVE-2020-6750 at SUSE CVE-2020-6750 at NVD CVE-2021-27218 at SUSE CVE-2021-27218 at NVD CVE-2021-27219 at SUSE CVE-2021-27219 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the glibc-2.31-7.30 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2009-5155 at SUSE CVE-2009-5155 at NVD CVE-2010-3192 at SUSE CVE-2010-3192 at NVD CVE-2012-3406 at SUSE CVE-2012-3406 at NVD CVE-2013-4458 at SUSE CVE-2013-4458 at NVD CVE-2014-7817 at SUSE CVE-2014-7817 at NVD CVE-2014-8121 at SUSE CVE-2014-8121 at NVD CVE-2014-9402 at SUSE CVE-2014-9402 at NVD CVE-2014-9761 at SUSE CVE-2014-9761 at NVD CVE-2015-1472 at SUSE CVE-2015-1472 at NVD CVE-2015-1473 at SUSE CVE-2015-1473 at NVD CVE-2015-1781 at SUSE CVE-2015-1781 at NVD CVE-2015-5180 at SUSE CVE-2015-5180 at NVD CVE-2015-7547 at SUSE CVE-2015-7547 at NVD CVE-2015-8776 at SUSE CVE-2015-8776 at NVD CVE-2015-8777 at SUSE CVE-2015-8777 at NVD CVE-2015-8778 at SUSE CVE-2015-8778 at NVD CVE-2015-8779 at SUSE CVE-2015-8779 at NVD CVE-2016-10228 at SUSE CVE-2016-10228 at NVD CVE-2016-10739 at SUSE CVE-2016-10739 at NVD CVE-2016-1234 at SUSE CVE-2016-1234 at NVD CVE-2016-3075 at SUSE CVE-2016-3075 at NVD CVE-2016-3706 at SUSE CVE-2016-3706 at NVD CVE-2016-4429 at SUSE CVE-2016-4429 at NVD CVE-2016-5417 at SUSE CVE-2016-5417 at NVD CVE-2016-6323 at SUSE CVE-2016-6323 at NVD CVE-2017-1000366 at SUSE CVE-2017-1000366 at NVD CVE-2017-1000408 at SUSE CVE-2017-1000408 at NVD CVE-2017-1000409 at SUSE CVE-2017-1000409 at NVD CVE-2017-12132 at SUSE CVE-2017-12132 at NVD CVE-2017-12133 at SUSE CVE-2017-12133 at NVD CVE-2017-15670 at SUSE CVE-2017-15670 at NVD CVE-2017-15671 at SUSE CVE-2017-15671 at NVD CVE-2017-15804 at SUSE CVE-2017-15804 at NVD CVE-2017-16997 at SUSE CVE-2017-16997 at NVD CVE-2017-17426 at SUSE CVE-2017-17426 at NVD CVE-2017-18269 at SUSE CVE-2017-18269 at NVD CVE-2018-1000001 at SUSE CVE-2018-1000001 at NVD CVE-2018-11236 at SUSE CVE-2018-11236 at NVD CVE-2018-11237 at SUSE CVE-2018-11237 at NVD CVE-2018-6485 at SUSE CVE-2018-6485 at NVD CVE-2018-6551 at SUSE CVE-2018-6551 at NVD CVE-2019-19126 at SUSE CVE-2019-19126 at NVD CVE-2019-9169 at SUSE CVE-2019-9169 at NVD CVE-2020-10029 at SUSE CVE-2020-10029 at NVD CVE-2020-1751 at SUSE CVE-2020-1751 at NVD CVE-2020-1752 at SUSE CVE-2020-1752 at NVD CVE-2020-27618 at SUSE CVE-2020-27618 at NVD CVE-2020-29562 at SUSE CVE-2020-29562 at NVD CVE-2020-29573 at SUSE CVE-2020-29573 at NVD CVE-2021-27645 at SUSE CVE-2021-27645 at NVD CVE-2021-3326 at SUSE CVE-2021-3326 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the gpg2-2.2.27-1.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-1000858 at SUSE CVE-2018-1000858 at NVD CVE-2018-12020 at SUSE CVE-2018-12020 at NVD CVE-2018-9234 at SUSE CVE-2018-9234 at NVD CVE-2019-13050 at SUSE CVE-2019-13050 at NVD CVE-2019-14855 at SUSE CVE-2019-14855 at NVD CVE-2020-25125 at SUSE CVE-2020-25125 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-1345 at SUSE CVE-2015-1345 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the grub2-2.04-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-8370 at SUSE CVE-2015-8370 at NVD CVE-2020-10713 at SUSE CVE-2020-10713 at NVD CVE-2020-14308 at SUSE CVE-2020-14308 at NVD CVE-2020-14309 at SUSE CVE-2020-14309 at NVD CVE-2020-14310 at SUSE CVE-2020-14310 at NVD CVE-2020-14311 at SUSE CVE-2020-14311 at NVD CVE-2020-14372 at SUSE CVE-2020-14372 at NVD CVE-2020-15705 at SUSE CVE-2020-15705 at NVD CVE-2020-15706 at SUSE CVE-2020-15706 at NVD CVE-2020-15707 at SUSE CVE-2020-15707 at NVD CVE-2020-25632 at SUSE CVE-2020-25632 at NVD CVE-2020-25647 at SUSE CVE-2020-25647 at NVD CVE-2020-27749 at SUSE CVE-2020-27749 at NVD CVE-2020-27779 at SUSE CVE-2020-27779 at NVD CVE-2021-20225 at SUSE CVE-2021-20225 at NVD CVE-2021-20233 at SUSE CVE-2021-20233 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the iscsiuio-0.7.8.6-32.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-13987 at SUSE CVE-2020-13987 at NVD CVE-2020-13988 at SUSE CVE-2020-13988 at NVD CVE-2020-17437 at SUSE CVE-2020-17437 at NVD CVE-2020-17438 at SUSE CVE-2020-17438 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-8863 at SUSE CVE-2015-8863 at NVD CVE-2016-4074 at SUSE CVE-2016-4074 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the kdump-0.9.0-16.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-5759 at SUSE CVE-2016-5759 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the kernel-default-5.3.18-59.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-1000251 at SUSE CVE-2017-1000251 at NVD CVE-2017-12153 at SUSE CVE-2017-12153 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-14051 at SUSE CVE-2017-14051 at NVD CVE-2017-16536 at SUSE CVE-2017-16536 at NVD CVE-2017-16537 at SUSE CVE-2017-16537 at NVD CVE-2017-16646 at SUSE CVE-2017-16646 at NVD CVE-2017-16648 at SUSE CVE-2017-16648 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2018-10323 at SUSE CVE-2018-10323 at NVD CVE-2018-12232 at SUSE CVE-2018-12232 at NVD CVE-2018-13053 at SUSE CVE-2018-13053 at NVD CVE-2018-20669 at SUSE CVE-2018-20669 at NVD CVE-2019-0154 at SUSE CVE-2019-0154 at NVD CVE-2019-0155 at SUSE CVE-2019-0155 at NVD CVE-2019-10220 at SUSE CVE-2019-10220 at NVD CVE-2019-11477 at SUSE CVE-2019-11477 at NVD CVE-2019-11478 at SUSE CVE-2019-11478 at NVD CVE-2019-11479 at SUSE CVE-2019-11479 at NVD CVE-2019-14615 at SUSE CVE-2019-14615 at NVD CVE-2019-14814 at SUSE CVE-2019-14814 at NVD CVE-2019-14815 at SUSE CVE-2019-14815 at NVD CVE-2019-14816 at SUSE CVE-2019-14816 at NVD CVE-2019-14895 at SUSE CVE-2019-14895 at NVD CVE-2019-14896 at SUSE CVE-2019-14896 at NVD CVE-2019-14897 at SUSE CVE-2019-14897 at NVD CVE-2019-14901 at SUSE CVE-2019-14901 at NVD CVE-2019-15030 at SUSE CVE-2019-15030 at NVD CVE-2019-15031 at SUSE CVE-2019-15031 at NVD CVE-2019-15098 at SUSE CVE-2019-15098 at NVD CVE-2019-15099 at SUSE CVE-2019-15099 at NVD CVE-2019-15290 at SUSE CVE-2019-15290 at NVD CVE-2019-15291 at SUSE CVE-2019-15291 at NVD CVE-2019-15504 at SUSE CVE-2019-15504 at NVD CVE-2019-16231 at SUSE CVE-2019-16231 at NVD CVE-2019-16232 at SUSE CVE-2019-16232 at NVD CVE-2019-16233 at SUSE CVE-2019-16233 at NVD CVE-2019-16234 at SUSE CVE-2019-16234 at NVD CVE-2019-17133 at SUSE CVE-2019-17133 at NVD CVE-2019-17666 at SUSE CVE-2019-17666 at NVD CVE-2019-18198 at SUSE CVE-2019-18198 at NVD CVE-2019-18660 at SUSE CVE-2019-18660 at NVD CVE-2019-18683 at SUSE CVE-2019-18683 at NVD CVE-2019-18786 at SUSE CVE-2019-18786 at NVD CVE-2019-18808 at SUSE CVE-2019-18808 at NVD CVE-2019-18809 at SUSE CVE-2019-18809 at NVD CVE-2019-18811 at SUSE CVE-2019-18811 at NVD CVE-2019-18812 at SUSE CVE-2019-18812 at NVD CVE-2019-18813 at SUSE CVE-2019-18813 at NVD CVE-2019-18814 at SUSE CVE-2019-18814 at NVD CVE-2019-19037 at SUSE CVE-2019-19037 at NVD CVE-2019-19043 at SUSE CVE-2019-19043 at NVD CVE-2019-19044 at SUSE CVE-2019-19044 at NVD CVE-2019-19045 at SUSE CVE-2019-19045 at NVD CVE-2019-19046 at SUSE CVE-2019-19046 at NVD CVE-2019-19047 at SUSE CVE-2019-19047 at NVD CVE-2019-19048 at SUSE CVE-2019-19048 at NVD CVE-2019-19049 at SUSE CVE-2019-19049 at NVD CVE-2019-19050 at SUSE CVE-2019-19050 at NVD CVE-2019-19051 at SUSE CVE-2019-19051 at NVD CVE-2019-19052 at SUSE CVE-2019-19052 at NVD CVE-2019-19053 at SUSE CVE-2019-19053 at NVD CVE-2019-19054 at SUSE CVE-2019-19054 at NVD CVE-2019-19055 at SUSE CVE-2019-19055 at NVD CVE-2019-19056 at SUSE CVE-2019-19056 at NVD CVE-2019-19057 at SUSE CVE-2019-19057 at NVD CVE-2019-19058 at SUSE CVE-2019-19058 at NVD CVE-2019-19060 at SUSE CVE-2019-19060 at NVD CVE-2019-19061 at SUSE CVE-2019-19061 at NVD CVE-2019-19062 at SUSE CVE-2019-19062 at NVD CVE-2019-19063 at SUSE CVE-2019-19063 at NVD CVE-2019-19064 at SUSE CVE-2019-19064 at NVD CVE-2019-19065 at SUSE CVE-2019-19065 at NVD CVE-2019-19066 at SUSE CVE-2019-19066 at NVD CVE-2019-19067 at SUSE CVE-2019-19067 at NVD CVE-2019-19068 at SUSE CVE-2019-19068 at NVD CVE-2019-19069 at SUSE CVE-2019-19069 at NVD CVE-2019-19070 at SUSE CVE-2019-19070 at NVD CVE-2019-19071 at SUSE CVE-2019-19071 at NVD CVE-2019-19072 at SUSE CVE-2019-19072 at NVD CVE-2019-19073 at SUSE CVE-2019-19073 at NVD CVE-2019-19074 at SUSE CVE-2019-19074 at NVD CVE-2019-19075 at SUSE CVE-2019-19075 at NVD CVE-2019-19077 at SUSE CVE-2019-19077 at NVD CVE-2019-19078 at SUSE CVE-2019-19078 at NVD CVE-2019-19080 at SUSE CVE-2019-19080 at NVD CVE-2019-19081 at SUSE CVE-2019-19081 at NVD CVE-2019-19082 at SUSE CVE-2019-19082 at NVD CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2019-19241 at SUSE CVE-2019-19241 at NVD CVE-2019-19252 at SUSE CVE-2019-19252 at NVD CVE-2019-19332 at SUSE CVE-2019-19332 at NVD CVE-2019-19338 at SUSE CVE-2019-19338 at NVD CVE-2019-19447 at SUSE CVE-2019-19447 at NVD CVE-2019-19462 at SUSE CVE-2019-19462 at NVD CVE-2019-19523 at SUSE CVE-2019-19523 at NVD CVE-2019-19524 at SUSE CVE-2019-19524 at NVD CVE-2019-19525 at SUSE CVE-2019-19525 at NVD CVE-2019-19526 at SUSE CVE-2019-19526 at NVD CVE-2019-19528 at SUSE CVE-2019-19528 at NVD CVE-2019-19529 at SUSE CVE-2019-19529 at NVD CVE-2019-19532 at SUSE CVE-2019-19532 at NVD CVE-2019-19533 at SUSE CVE-2019-19533 at NVD CVE-2019-19534 at SUSE CVE-2019-19534 at NVD CVE-2019-19602 at SUSE CVE-2019-19602 at NVD CVE-2019-19767 at SUSE CVE-2019-19767 at NVD CVE-2019-19768 at SUSE CVE-2019-19768 at NVD CVE-2019-19769 at SUSE CVE-2019-19769 at NVD CVE-2019-19770 at SUSE CVE-2019-19770 at NVD CVE-2019-19807 at SUSE CVE-2019-19807 at NVD CVE-2019-19922 at SUSE CVE-2019-19922 at NVD CVE-2019-19947 at SUSE CVE-2019-19947 at NVD CVE-2019-19965 at SUSE CVE-2019-19965 at NVD CVE-2019-20422 at SUSE CVE-2019-20422 at NVD CVE-2019-20810 at SUSE CVE-2019-20810 at NVD CVE-2019-20812 at SUSE CVE-2019-20812 at NVD CVE-2019-3016 at SUSE CVE-2019-3016 at NVD CVE-2019-8912 at SUSE CVE-2019-8912 at NVD CVE-2020-0110 at SUSE CVE-2020-0110 at NVD CVE-2020-0305 at SUSE CVE-2020-0305 at NVD CVE-2020-0404 at SUSE CVE-2020-0404 at NVD CVE-2020-0427 at SUSE CVE-2020-0427 at NVD CVE-2020-0431 at SUSE CVE-2020-0431 at NVD CVE-2020-0432 at SUSE CVE-2020-0432 at NVD CVE-2020-0444 at SUSE CVE-2020-0444 at NVD CVE-2020-0465 at SUSE CVE-2020-0465 at NVD CVE-2020-0466 at SUSE CVE-2020-0466 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-10135 at SUSE CVE-2020-10135 at NVD CVE-2020-10690 at SUSE CVE-2020-10690 at NVD CVE-2020-10711 at SUSE CVE-2020-10711 at NVD CVE-2020-10732 at SUSE CVE-2020-10732 at NVD CVE-2020-10751 at SUSE CVE-2020-10751 at NVD CVE-2020-10757 at SUSE CVE-2020-10757 at NVD CVE-2020-10766 at SUSE CVE-2020-10766 at NVD CVE-2020-10767 at SUSE CVE-2020-10767 at NVD CVE-2020-10768 at SUSE CVE-2020-10768 at NVD CVE-2020-10773 at SUSE CVE-2020-10773 at NVD CVE-2020-10781 at SUSE CVE-2020-10781 at NVD CVE-2020-10942 at SUSE CVE-2020-10942 at NVD CVE-2020-11494 at SUSE CVE-2020-11494 at NVD CVE-2020-11608 at SUSE CVE-2020-11608 at NVD CVE-2020-11668 at SUSE CVE-2020-11668 at NVD CVE-2020-11884 at SUSE CVE-2020-11884 at NVD CVE-2020-12351 at SUSE CVE-2020-12351 at NVD CVE-2020-12352 at SUSE CVE-2020-12352 at NVD CVE-2020-12362 at SUSE CVE-2020-12362 at NVD CVE-2020-12363 at SUSE CVE-2020-12363 at NVD CVE-2020-12364 at SUSE CVE-2020-12364 at NVD CVE-2020-12373 at SUSE CVE-2020-12373 at NVD CVE-2020-12464 at SUSE CVE-2020-12464 at NVD CVE-2020-12465 at SUSE CVE-2020-12465 at NVD CVE-2020-12652 at SUSE CVE-2020-12652 at NVD CVE-2020-12653 at SUSE CVE-2020-12653 at NVD CVE-2020-12654 at SUSE CVE-2020-12654 at NVD CVE-2020-12655 at SUSE CVE-2020-12655 at NVD CVE-2020-12656 at SUSE CVE-2020-12656 at NVD CVE-2020-12657 at SUSE CVE-2020-12657 at NVD CVE-2020-12659 at SUSE CVE-2020-12659 at NVD CVE-2020-12769 at SUSE CVE-2020-12769 at NVD CVE-2020-12771 at SUSE CVE-2020-12771 at NVD CVE-2020-12888 at SUSE CVE-2020-12888 at NVD CVE-2020-13143 at SUSE CVE-2020-13143 at NVD CVE-2020-13974 at SUSE CVE-2020-13974 at NVD CVE-2020-14314 at SUSE CVE-2020-14314 at NVD CVE-2020-14331 at SUSE CVE-2020-14331 at NVD CVE-2020-14351 at SUSE CVE-2020-14351 at NVD CVE-2020-14356 at SUSE CVE-2020-14356 at NVD CVE-2020-14385 at SUSE CVE-2020-14385 at NVD CVE-2020-14386 at SUSE CVE-2020-14386 at NVD CVE-2020-14390 at SUSE CVE-2020-14390 at NVD CVE-2020-14416 at SUSE CVE-2020-14416 at NVD CVE-2020-15393 at SUSE CVE-2020-15393 at NVD CVE-2020-15436 at SUSE CVE-2020-15436 at NVD CVE-2020-15437 at SUSE CVE-2020-15437 at NVD CVE-2020-15780 at SUSE CVE-2020-15780 at NVD CVE-2020-16120 at SUSE CVE-2020-16120 at NVD CVE-2020-16166 at SUSE CVE-2020-16166 at NVD CVE-2020-1749 at SUSE CVE-2020-1749 at NVD CVE-2020-24490 at SUSE CVE-2020-24490 at NVD CVE-2020-24586 at SUSE CVE-2020-24586 at NVD CVE-2020-24587 at SUSE CVE-2020-24587 at NVD CVE-2020-24588 at SUSE CVE-2020-24588 at NVD CVE-2020-2521 at SUSE CVE-2020-2521 at NVD CVE-2020-25211 at SUSE CVE-2020-25211 at NVD CVE-2020-25212 at SUSE CVE-2020-25212 at NVD CVE-2020-25284 at SUSE CVE-2020-25284 at NVD CVE-2020-25285 at SUSE CVE-2020-25285 at NVD CVE-2020-25639 at SUSE CVE-2020-25639 at NVD CVE-2020-25641 at SUSE CVE-2020-25641 at NVD CVE-2020-25643 at SUSE CVE-2020-25643 at NVD CVE-2020-25645 at SUSE CVE-2020-25645 at NVD CVE-2020-25656 at SUSE CVE-2020-25656 at NVD CVE-2020-25668 at SUSE CVE-2020-25668 at NVD CVE-2020-25669 at SUSE CVE-2020-25669 at NVD CVE-2020-25670 at SUSE CVE-2020-25670 at NVD CVE-2020-25671 at SUSE CVE-2020-25671 at NVD CVE-2020-25672 at SUSE CVE-2020-25672 at NVD CVE-2020-25673 at SUSE CVE-2020-25673 at NVD CVE-2020-25704 at SUSE CVE-2020-25704 at NVD CVE-2020-25705 at SUSE CVE-2020-25705 at NVD CVE-2020-26088 at SUSE CVE-2020-26088 at NVD CVE-2020-26139 at SUSE CVE-2020-26139 at NVD CVE-2020-26141 at SUSE CVE-2020-26141 at NVD CVE-2020-26145 at SUSE CVE-2020-26145 at NVD CVE-2020-26147 at SUSE CVE-2020-26147 at NVD CVE-2020-26558 at SUSE CVE-2020-26558 at NVD CVE-2020-27068 at SUSE CVE-2020-27068 at NVD CVE-2020-27170 at SUSE CVE-2020-27170 at NVD CVE-2020-27171 at SUSE CVE-2020-27171 at NVD CVE-2020-27194 at SUSE CVE-2020-27194 at NVD CVE-2020-2732 at SUSE CVE-2020-2732 at NVD CVE-2020-27673 at SUSE CVE-2020-27673 at NVD CVE-2020-27675 at SUSE CVE-2020-27675 at NVD CVE-2020-27777 at SUSE CVE-2020-27777 at NVD CVE-2020-27786 at SUSE CVE-2020-27786 at NVD CVE-2020-27815 at SUSE CVE-2020-27815 at NVD CVE-2020-27825 at SUSE CVE-2020-27825 at NVD CVE-2020-27830 at SUSE CVE-2020-27830 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2020-28374 at SUSE CVE-2020-28374 at NVD CVE-2020-28915 at SUSE CVE-2020-28915 at NVD CVE-2020-28941 at SUSE CVE-2020-28941 at NVD CVE-2020-28974 at SUSE CVE-2020-28974 at NVD CVE-2020-29368 at SUSE CVE-2020-29368 at NVD CVE-2020-29369 at SUSE CVE-2020-29369 at NVD CVE-2020-29370 at SUSE CVE-2020-29370 at NVD CVE-2020-29371 at SUSE CVE-2020-29371 at NVD CVE-2020-29373 at SUSE CVE-2020-29373 at NVD CVE-2020-29568 at SUSE CVE-2020-29568 at NVD CVE-2020-29569 at SUSE CVE-2020-29569 at NVD CVE-2020-29660 at SUSE CVE-2020-29660 at NVD CVE-2020-29661 at SUSE CVE-2020-29661 at NVD CVE-2020-35519 at SUSE CVE-2020-35519 at NVD CVE-2020-36158 at SUSE CVE-2020-36158 at NVD CVE-2020-36310 at SUSE CVE-2020-36310 at NVD CVE-2020-36311 at SUSE CVE-2020-36311 at NVD CVE-2020-36312 at SUSE CVE-2020-36312 at NVD CVE-2020-36322 at SUSE CVE-2020-36322 at NVD CVE-2020-36385 at SUSE CVE-2020-36385 at NVD CVE-2020-36386 at SUSE CVE-2020-36386 at NVD CVE-2020-4788 at SUSE CVE-2020-4788 at NVD CVE-2020-8428 at SUSE CVE-2020-8428 at NVD CVE-2020-8647 at SUSE CVE-2020-8647 at NVD CVE-2020-8648 at SUSE CVE-2020-8648 at NVD CVE-2020-8649 at SUSE CVE-2020-8649 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8835 at SUSE CVE-2020-8835 at NVD CVE-2020-8992 at SUSE CVE-2020-8992 at NVD CVE-2020-9383 at SUSE CVE-2020-9383 at NVD CVE-2021-0129 at SUSE CVE-2021-0129 at NVD CVE-2021-0342 at SUSE CVE-2021-0342 at NVD CVE-2021-0512 at SUSE CVE-2021-0512 at NVD CVE-2021-0605 at SUSE CVE-2021-0605 at NVD CVE-2021-20177 at SUSE CVE-2021-20177 at NVD CVE-2021-20268 at SUSE CVE-2021-20268 at NVD CVE-2021-21781 at SUSE CVE-2021-21781 at NVD CVE-2021-22543 at SUSE CVE-2021-22543 at NVD CVE-2021-22555 at SUSE CVE-2021-22555 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-26930 at SUSE CVE-2021-26930 at NVD CVE-2021-26931 at SUSE CVE-2021-26931 at NVD CVE-2021-26932 at SUSE CVE-2021-26932 at NVD CVE-2021-27363 at SUSE CVE-2021-27363 at NVD CVE-2021-27364 at SUSE CVE-2021-27364 at NVD CVE-2021-27365 at SUSE CVE-2021-27365 at NVD CVE-2021-28038 at SUSE CVE-2021-28038 at NVD CVE-2021-28375 at SUSE CVE-2021-28375 at NVD CVE-2021-28660 at SUSE CVE-2021-28660 at NVD CVE-2021-28688 at SUSE CVE-2021-28688 at NVD CVE-2021-28950 at SUSE CVE-2021-28950 at NVD CVE-2021-28952 at SUSE CVE-2021-28952 at NVD CVE-2021-28964 at SUSE CVE-2021-28964 at NVD CVE-2021-28971 at SUSE CVE-2021-28971 at NVD CVE-2021-28972 at SUSE CVE-2021-28972 at NVD CVE-2021-29154 at SUSE CVE-2021-29154 at NVD CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-29264 at SUSE CVE-2021-29264 at NVD CVE-2021-29265 at SUSE CVE-2021-29265 at NVD CVE-2021-29647 at SUSE CVE-2021-29647 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD CVE-2021-30002 at SUSE CVE-2021-30002 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-33034 at SUSE CVE-2021-33034 at NVD CVE-2021-33200 at SUSE CVE-2021-33200 at NVD CVE-2021-3347 at SUSE CVE-2021-3347 at NVD CVE-2021-3348 at SUSE CVE-2021-3348 at NVD CVE-2021-33624 at SUSE CVE-2021-33624 at NVD CVE-2021-33909 at SUSE CVE-2021-33909 at NVD CVE-2021-3428 at SUSE CVE-2021-3428 at NVD CVE-2021-3444 at SUSE CVE-2021-3444 at NVD CVE-2021-34693 at SUSE CVE-2021-34693 at NVD CVE-2021-3483 at SUSE CVE-2021-3483 at NVD CVE-2021-3489 at SUSE CVE-2021-3489 at NVD CVE-2021-3490 at SUSE CVE-2021-3490 at NVD CVE-2021-3491 at SUSE CVE-2021-3491 at NVD CVE-2021-35039 at SUSE CVE-2021-35039 at NVD CVE-2021-3573 at SUSE CVE-2021-3573 at NVD CVE-2021-3609 at SUSE CVE-2021-3609 at NVD CVE-2021-3612 at SUSE CVE-2021-3612 at NVD CVE-2021-3659 at SUSE CVE-2021-3659 at NVD CVE-2021-37576 at SUSE CVE-2021-37576 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the kernel-firmware-all-20210208-2.4 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-13081 at SUSE CVE-2017-13081 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2019-9836 at SUSE CVE-2019-9836 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the kernel-rt-5.3.18-8.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-1000251 at SUSE CVE-2017-1000251 at NVD CVE-2017-12153 at SUSE CVE-2017-12153 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-14051 at SUSE CVE-2017-14051 at NVD CVE-2017-16536 at SUSE CVE-2017-16536 at NVD CVE-2017-16537 at SUSE CVE-2017-16537 at NVD CVE-2017-16646 at SUSE CVE-2017-16646 at NVD CVE-2017-16648 at SUSE CVE-2017-16648 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2018-10323 at SUSE CVE-2018-10323 at NVD CVE-2018-12232 at SUSE CVE-2018-12232 at NVD CVE-2018-13053 at SUSE CVE-2018-13053 at NVD CVE-2018-20669 at SUSE CVE-2018-20669 at NVD CVE-2019-0154 at SUSE CVE-2019-0154 at NVD CVE-2019-0155 at SUSE CVE-2019-0155 at NVD CVE-2019-10220 at SUSE CVE-2019-10220 at NVD CVE-2019-11477 at SUSE CVE-2019-11477 at NVD CVE-2019-11478 at SUSE CVE-2019-11478 at NVD CVE-2019-11479 at SUSE CVE-2019-11479 at NVD CVE-2019-14615 at SUSE CVE-2019-14615 at NVD CVE-2019-14814 at SUSE CVE-2019-14814 at NVD CVE-2019-14815 at SUSE CVE-2019-14815 at NVD CVE-2019-14816 at SUSE CVE-2019-14816 at NVD CVE-2019-14895 at SUSE CVE-2019-14895 at NVD CVE-2019-14896 at SUSE CVE-2019-14896 at NVD CVE-2019-14897 at SUSE CVE-2019-14897 at NVD CVE-2019-14901 at SUSE CVE-2019-14901 at NVD CVE-2019-15030 at SUSE CVE-2019-15030 at NVD CVE-2019-15031 at SUSE CVE-2019-15031 at NVD CVE-2019-15098 at SUSE CVE-2019-15098 at NVD CVE-2019-15099 at SUSE CVE-2019-15099 at NVD CVE-2019-15290 at SUSE CVE-2019-15290 at NVD CVE-2019-15291 at SUSE CVE-2019-15291 at NVD CVE-2019-15504 at SUSE CVE-2019-15504 at NVD CVE-2019-16231 at SUSE CVE-2019-16231 at NVD CVE-2019-16232 at SUSE CVE-2019-16232 at NVD CVE-2019-16233 at SUSE CVE-2019-16233 at NVD CVE-2019-16234 at SUSE CVE-2019-16234 at NVD CVE-2019-17133 at SUSE CVE-2019-17133 at NVD CVE-2019-17666 at SUSE CVE-2019-17666 at NVD CVE-2019-18198 at SUSE CVE-2019-18198 at NVD CVE-2019-18660 at SUSE CVE-2019-18660 at NVD CVE-2019-18683 at SUSE CVE-2019-18683 at NVD CVE-2019-18786 at SUSE CVE-2019-18786 at NVD CVE-2019-18808 at SUSE CVE-2019-18808 at NVD CVE-2019-18809 at SUSE CVE-2019-18809 at NVD CVE-2019-18811 at SUSE CVE-2019-18811 at NVD CVE-2019-18812 at SUSE CVE-2019-18812 at NVD CVE-2019-18813 at SUSE CVE-2019-18813 at NVD CVE-2019-18814 at SUSE CVE-2019-18814 at NVD CVE-2019-19037 at SUSE CVE-2019-19037 at NVD CVE-2019-19043 at SUSE CVE-2019-19043 at NVD CVE-2019-19044 at SUSE CVE-2019-19044 at NVD CVE-2019-19045 at SUSE CVE-2019-19045 at NVD CVE-2019-19046 at SUSE CVE-2019-19046 at NVD CVE-2019-19047 at SUSE CVE-2019-19047 at NVD CVE-2019-19048 at SUSE CVE-2019-19048 at NVD CVE-2019-19049 at SUSE CVE-2019-19049 at NVD CVE-2019-19050 at SUSE CVE-2019-19050 at NVD CVE-2019-19051 at SUSE CVE-2019-19051 at NVD CVE-2019-19052 at SUSE CVE-2019-19052 at NVD CVE-2019-19053 at SUSE CVE-2019-19053 at NVD CVE-2019-19054 at SUSE CVE-2019-19054 at NVD CVE-2019-19055 at SUSE CVE-2019-19055 at NVD CVE-2019-19056 at SUSE CVE-2019-19056 at NVD CVE-2019-19057 at SUSE CVE-2019-19057 at NVD CVE-2019-19058 at SUSE CVE-2019-19058 at NVD CVE-2019-19060 at SUSE CVE-2019-19060 at NVD CVE-2019-19061 at SUSE CVE-2019-19061 at NVD CVE-2019-19062 at SUSE CVE-2019-19062 at NVD CVE-2019-19063 at SUSE CVE-2019-19063 at NVD CVE-2019-19064 at SUSE CVE-2019-19064 at NVD CVE-2019-19065 at SUSE CVE-2019-19065 at NVD CVE-2019-19066 at SUSE CVE-2019-19066 at NVD CVE-2019-19067 at SUSE CVE-2019-19067 at NVD CVE-2019-19068 at SUSE CVE-2019-19068 at NVD CVE-2019-19069 at SUSE CVE-2019-19069 at NVD CVE-2019-19070 at SUSE CVE-2019-19070 at NVD CVE-2019-19071 at SUSE CVE-2019-19071 at NVD CVE-2019-19072 at SUSE CVE-2019-19072 at NVD CVE-2019-19073 at SUSE CVE-2019-19073 at NVD CVE-2019-19074 at SUSE CVE-2019-19074 at NVD CVE-2019-19075 at SUSE CVE-2019-19075 at NVD CVE-2019-19077 at SUSE CVE-2019-19077 at NVD CVE-2019-19078 at SUSE CVE-2019-19078 at NVD CVE-2019-19080 at SUSE CVE-2019-19080 at NVD CVE-2019-19081 at SUSE CVE-2019-19081 at NVD CVE-2019-19082 at SUSE CVE-2019-19082 at NVD CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2019-19241 at SUSE CVE-2019-19241 at NVD CVE-2019-19252 at SUSE CVE-2019-19252 at NVD CVE-2019-19332 at SUSE CVE-2019-19332 at NVD CVE-2019-19338 at SUSE CVE-2019-19338 at NVD CVE-2019-19447 at SUSE CVE-2019-19447 at NVD CVE-2019-19462 at SUSE CVE-2019-19462 at NVD CVE-2019-19523 at SUSE CVE-2019-19523 at NVD CVE-2019-19524 at SUSE CVE-2019-19524 at NVD CVE-2019-19525 at SUSE CVE-2019-19525 at NVD CVE-2019-19526 at SUSE CVE-2019-19526 at NVD CVE-2019-19528 at SUSE CVE-2019-19528 at NVD CVE-2019-19529 at SUSE CVE-2019-19529 at NVD CVE-2019-19532 at SUSE CVE-2019-19532 at NVD CVE-2019-19533 at SUSE CVE-2019-19533 at NVD CVE-2019-19534 at SUSE CVE-2019-19534 at NVD CVE-2019-19602 at SUSE CVE-2019-19602 at NVD CVE-2019-19767 at SUSE CVE-2019-19767 at NVD CVE-2019-19768 at SUSE CVE-2019-19768 at NVD CVE-2019-19769 at SUSE CVE-2019-19769 at NVD CVE-2019-19770 at SUSE CVE-2019-19770 at NVD CVE-2019-19807 at SUSE CVE-2019-19807 at NVD CVE-2019-19922 at SUSE CVE-2019-19922 at NVD CVE-2019-19947 at SUSE CVE-2019-19947 at NVD CVE-2019-19965 at SUSE CVE-2019-19965 at NVD CVE-2019-20422 at SUSE CVE-2019-20422 at NVD CVE-2019-20810 at SUSE CVE-2019-20810 at NVD CVE-2019-20812 at SUSE CVE-2019-20812 at NVD CVE-2019-3016 at SUSE CVE-2019-3016 at NVD CVE-2019-8912 at SUSE CVE-2019-8912 at NVD CVE-2020-0110 at SUSE CVE-2020-0110 at NVD CVE-2020-0305 at SUSE CVE-2020-0305 at NVD CVE-2020-0404 at SUSE CVE-2020-0404 at NVD CVE-2020-0427 at SUSE CVE-2020-0427 at NVD CVE-2020-0431 at SUSE CVE-2020-0431 at NVD CVE-2020-0432 at SUSE CVE-2020-0432 at NVD CVE-2020-0444 at SUSE CVE-2020-0444 at NVD CVE-2020-0465 at SUSE CVE-2020-0465 at NVD CVE-2020-0466 at SUSE CVE-2020-0466 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-10135 at SUSE CVE-2020-10135 at NVD CVE-2020-10690 at SUSE CVE-2020-10690 at NVD CVE-2020-10711 at SUSE CVE-2020-10711 at NVD CVE-2020-10732 at SUSE CVE-2020-10732 at NVD CVE-2020-10751 at SUSE CVE-2020-10751 at NVD CVE-2020-10757 at SUSE CVE-2020-10757 at NVD CVE-2020-10766 at SUSE CVE-2020-10766 at NVD CVE-2020-10767 at SUSE CVE-2020-10767 at NVD CVE-2020-10768 at SUSE CVE-2020-10768 at NVD CVE-2020-10773 at SUSE CVE-2020-10773 at NVD CVE-2020-10781 at SUSE CVE-2020-10781 at NVD CVE-2020-10942 at SUSE CVE-2020-10942 at NVD CVE-2020-11494 at SUSE CVE-2020-11494 at NVD CVE-2020-11608 at SUSE CVE-2020-11608 at NVD CVE-2020-11668 at SUSE CVE-2020-11668 at NVD CVE-2020-11884 at SUSE CVE-2020-11884 at NVD CVE-2020-12351 at SUSE CVE-2020-12351 at NVD CVE-2020-12352 at SUSE CVE-2020-12352 at NVD CVE-2020-12362 at SUSE CVE-2020-12362 at NVD CVE-2020-12363 at SUSE CVE-2020-12363 at NVD CVE-2020-12364 at SUSE CVE-2020-12364 at NVD CVE-2020-12373 at SUSE CVE-2020-12373 at NVD CVE-2020-12464 at SUSE CVE-2020-12464 at NVD CVE-2020-12465 at SUSE CVE-2020-12465 at NVD CVE-2020-12652 at SUSE CVE-2020-12652 at NVD CVE-2020-12653 at SUSE CVE-2020-12653 at NVD CVE-2020-12654 at SUSE CVE-2020-12654 at NVD CVE-2020-12655 at SUSE CVE-2020-12655 at NVD CVE-2020-12656 at SUSE CVE-2020-12656 at NVD CVE-2020-12657 at SUSE CVE-2020-12657 at NVD CVE-2020-12659 at SUSE CVE-2020-12659 at NVD CVE-2020-12769 at SUSE CVE-2020-12769 at NVD CVE-2020-12771 at SUSE CVE-2020-12771 at NVD CVE-2020-12888 at SUSE CVE-2020-12888 at NVD CVE-2020-13143 at SUSE CVE-2020-13143 at NVD CVE-2020-13974 at SUSE CVE-2020-13974 at NVD CVE-2020-14314 at SUSE CVE-2020-14314 at NVD CVE-2020-14331 at SUSE CVE-2020-14331 at NVD CVE-2020-14351 at SUSE CVE-2020-14351 at NVD CVE-2020-14356 at SUSE CVE-2020-14356 at NVD CVE-2020-14385 at SUSE CVE-2020-14385 at NVD CVE-2020-14386 at SUSE CVE-2020-14386 at NVD CVE-2020-14390 at SUSE CVE-2020-14390 at NVD CVE-2020-14416 at SUSE CVE-2020-14416 at NVD CVE-2020-15393 at SUSE CVE-2020-15393 at NVD CVE-2020-15436 at SUSE CVE-2020-15436 at NVD CVE-2020-15437 at SUSE CVE-2020-15437 at NVD CVE-2020-15780 at SUSE CVE-2020-15780 at NVD CVE-2020-16120 at SUSE CVE-2020-16120 at NVD CVE-2020-16166 at SUSE CVE-2020-16166 at NVD CVE-2020-1749 at SUSE CVE-2020-1749 at NVD CVE-2020-24490 at SUSE CVE-2020-24490 at NVD CVE-2020-24586 at SUSE CVE-2020-24586 at NVD CVE-2020-24587 at SUSE CVE-2020-24587 at NVD CVE-2020-24588 at SUSE CVE-2020-24588 at NVD CVE-2020-2521 at SUSE CVE-2020-2521 at NVD CVE-2020-25211 at SUSE CVE-2020-25211 at NVD CVE-2020-25212 at SUSE CVE-2020-25212 at NVD CVE-2020-25284 at SUSE CVE-2020-25284 at NVD CVE-2020-25285 at SUSE CVE-2020-25285 at NVD CVE-2020-25639 at SUSE CVE-2020-25639 at NVD CVE-2020-25641 at SUSE CVE-2020-25641 at NVD CVE-2020-25643 at SUSE CVE-2020-25643 at NVD CVE-2020-25645 at SUSE CVE-2020-25645 at NVD CVE-2020-25656 at SUSE CVE-2020-25656 at NVD CVE-2020-25668 at SUSE CVE-2020-25668 at NVD CVE-2020-25669 at SUSE CVE-2020-25669 at NVD CVE-2020-25670 at SUSE CVE-2020-25670 at NVD CVE-2020-25671 at SUSE CVE-2020-25671 at NVD CVE-2020-25672 at SUSE CVE-2020-25672 at NVD CVE-2020-25673 at SUSE CVE-2020-25673 at NVD CVE-2020-25704 at SUSE CVE-2020-25704 at NVD CVE-2020-25705 at SUSE CVE-2020-25705 at NVD CVE-2020-26088 at SUSE CVE-2020-26088 at NVD CVE-2020-26139 at SUSE CVE-2020-26139 at NVD CVE-2020-26141 at SUSE CVE-2020-26141 at NVD CVE-2020-26145 at SUSE CVE-2020-26145 at NVD CVE-2020-26147 at SUSE CVE-2020-26147 at NVD CVE-2020-27068 at SUSE CVE-2020-27068 at NVD CVE-2020-27170 at SUSE CVE-2020-27170 at NVD CVE-2020-27171 at SUSE CVE-2020-27171 at NVD CVE-2020-2732 at SUSE CVE-2020-2732 at NVD CVE-2020-27673 at SUSE CVE-2020-27673 at NVD CVE-2020-27675 at SUSE CVE-2020-27675 at NVD CVE-2020-27777 at SUSE CVE-2020-27777 at NVD CVE-2020-27786 at SUSE CVE-2020-27786 at NVD CVE-2020-27815 at SUSE CVE-2020-27815 at NVD CVE-2020-27825 at SUSE CVE-2020-27825 at NVD CVE-2020-27830 at SUSE CVE-2020-27830 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2020-28374 at SUSE CVE-2020-28374 at NVD CVE-2020-28915 at SUSE CVE-2020-28915 at NVD CVE-2020-28941 at SUSE CVE-2020-28941 at NVD CVE-2020-28974 at SUSE CVE-2020-28974 at NVD CVE-2020-29368 at SUSE CVE-2020-29368 at NVD CVE-2020-29369 at SUSE CVE-2020-29369 at NVD CVE-2020-29370 at SUSE CVE-2020-29370 at NVD CVE-2020-29371 at SUSE CVE-2020-29371 at NVD CVE-2020-29373 at SUSE CVE-2020-29373 at NVD CVE-2020-29568 at SUSE CVE-2020-29568 at NVD CVE-2020-29569 at SUSE CVE-2020-29569 at NVD CVE-2020-29660 at SUSE CVE-2020-29660 at NVD CVE-2020-29661 at SUSE CVE-2020-29661 at NVD CVE-2020-35519 at SUSE CVE-2020-35519 at NVD CVE-2020-36158 at SUSE CVE-2020-36158 at NVD CVE-2020-36310 at SUSE CVE-2020-36310 at NVD CVE-2020-36311 at SUSE CVE-2020-36311 at NVD CVE-2020-36312 at SUSE CVE-2020-36312 at NVD CVE-2020-36322 at SUSE CVE-2020-36322 at NVD CVE-2020-4788 at SUSE CVE-2020-4788 at NVD CVE-2020-8428 at SUSE CVE-2020-8428 at NVD CVE-2020-8647 at SUSE CVE-2020-8647 at NVD CVE-2020-8648 at SUSE CVE-2020-8648 at NVD CVE-2020-8649 at SUSE CVE-2020-8649 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8835 at SUSE CVE-2020-8835 at NVD CVE-2020-8992 at SUSE CVE-2020-8992 at NVD CVE-2020-9383 at SUSE CVE-2020-9383 at NVD CVE-2021-0342 at SUSE CVE-2021-0342 at NVD CVE-2021-20177 at SUSE CVE-2021-20177 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-26930 at SUSE CVE-2021-26930 at NVD CVE-2021-26931 at SUSE CVE-2021-26931 at NVD CVE-2021-26932 at SUSE CVE-2021-26932 at NVD CVE-2021-27363 at SUSE CVE-2021-27363 at NVD CVE-2021-27364 at SUSE CVE-2021-27364 at NVD CVE-2021-27365 at SUSE CVE-2021-27365 at NVD CVE-2021-28038 at SUSE CVE-2021-28038 at NVD CVE-2021-28375 at SUSE CVE-2021-28375 at NVD CVE-2021-28660 at SUSE CVE-2021-28660 at NVD CVE-2021-28688 at SUSE CVE-2021-28688 at NVD CVE-2021-28950 at SUSE CVE-2021-28950 at NVD CVE-2021-28964 at SUSE CVE-2021-28964 at NVD CVE-2021-28971 at SUSE CVE-2021-28971 at NVD CVE-2021-28972 at SUSE CVE-2021-28972 at NVD CVE-2021-29154 at SUSE CVE-2021-29154 at NVD CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-29264 at SUSE CVE-2021-29264 at NVD CVE-2021-29265 at SUSE CVE-2021-29265 at NVD CVE-2021-29647 at SUSE CVE-2021-29647 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD CVE-2021-30002 at SUSE CVE-2021-30002 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-33034 at SUSE CVE-2021-33034 at NVD CVE-2021-33200 at SUSE CVE-2021-33200 at NVD CVE-2021-3347 at SUSE CVE-2021-3347 at NVD CVE-2021-3348 at SUSE CVE-2021-3348 at NVD CVE-2021-3428 at SUSE CVE-2021-3428 at NVD CVE-2021-3444 at SUSE CVE-2021-3444 at NVD CVE-2021-3483 at SUSE CVE-2021-3483 at NVD CVE-2021-3491 at SUSE CVE-2021-3491 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the krb5-1.16.3-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-5351 at SUSE CVE-2014-5351 at NVD CVE-2014-5352 at SUSE CVE-2014-5352 at NVD CVE-2014-5353 at SUSE CVE-2014-5353 at NVD CVE-2014-5354 at SUSE CVE-2014-5354 at NVD CVE-2014-5355 at SUSE CVE-2014-5355 at NVD CVE-2014-9421 at SUSE CVE-2014-9421 at NVD CVE-2014-9422 at SUSE CVE-2014-9422 at NVD CVE-2014-9423 at SUSE CVE-2014-9423 at NVD CVE-2015-2694 at SUSE CVE-2015-2694 at NVD CVE-2015-2695 at SUSE CVE-2015-2695 at NVD CVE-2015-2696 at SUSE CVE-2015-2696 at NVD CVE-2015-2697 at SUSE CVE-2015-2697 at NVD CVE-2015-2698 at SUSE CVE-2015-2698 at NVD CVE-2015-8629 at SUSE CVE-2015-8629 at NVD CVE-2015-8630 at SUSE CVE-2015-8630 at NVD CVE-2015-8631 at SUSE CVE-2015-8631 at NVD CVE-2016-3119 at SUSE CVE-2016-3119 at NVD CVE-2016-3120 at SUSE CVE-2016-3120 at NVD CVE-2017-11368 at SUSE CVE-2017-11368 at NVD CVE-2017-11462 at SUSE CVE-2017-11462 at NVD CVE-2018-20217 at SUSE CVE-2018-20217 at NVD CVE-2018-5729 at SUSE CVE-2018-5729 at NVD CVE-2018-5730 at SUSE CVE-2018-5730 at NVD CVE-2020-28196 at SUSE CVE-2020-28196 at NVD CVE-2021-36222 at SUSE CVE-2021-36222 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the less-530-1.6 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9488 at SUSE CVE-2014-9488 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libaudit1-2.8.5-3.43 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-5186 at SUSE CVE-2015-5186 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libblkid1-2.36.2-2.29 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9114 at SUSE CVE-2014-9114 at NVD CVE-2015-5218 at SUSE CVE-2015-5218 at NVD CVE-2016-2779 at SUSE CVE-2016-2779 at NVD CVE-2016-5011 at SUSE CVE-2016-5011 at NVD CVE-2017-2616 at SUSE CVE-2017-2616 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-20367 at SUSE CVE-2019-20367 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libcares2-1.17.1+20200724-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-5180 at SUSE CVE-2016-5180 at NVD CVE-2017-1000381 at SUSE CVE-2017-1000381 at NVD CVE-2020-8277 at SUSE CVE-2020-8277 at NVD CVE-2021-3672 at SUSE CVE-2021-3672 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libcontainers-common-20200727-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2019-10152 at SUSE CVE-2019-10152 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libekmfweb1-2.15.1-8.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2021-25316 at SUSE CVE-2021-25316 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-6272 at SUSE CVE-2014-6272 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libexpat1-2.2.5-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2012-0876 at SUSE CVE-2012-0876 at NVD CVE-2012-6702 at SUSE CVE-2012-6702 at NVD CVE-2015-1283 at SUSE CVE-2015-1283 at NVD CVE-2016-0718 at SUSE CVE-2016-0718 at NVD CVE-2016-4472 at SUSE CVE-2016-4472 at NVD CVE-2016-5300 at SUSE CVE-2016-5300 at NVD CVE-2016-9063 at SUSE CVE-2016-9063 at NVD CVE-2017-9233 at SUSE CVE-2017-9233 at NVD CVE-2018-20843 at SUSE CVE-2018-20843 at NVD CVE-2019-15903 at SUSE CVE-2019-15903 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libfreebl3-3.53.1-3.53.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-1569 at SUSE CVE-2014-1569 at NVD CVE-2015-2721 at SUSE CVE-2015-2721 at NVD CVE-2015-4000 at SUSE CVE-2015-4000 at NVD CVE-2015-7181 at SUSE CVE-2015-7181 at NVD CVE-2015-7182 at SUSE CVE-2015-7182 at NVD CVE-2015-7575 at SUSE CVE-2015-7575 at NVD CVE-2016-1950 at SUSE CVE-2016-1950 at NVD CVE-2016-1979 at SUSE CVE-2016-1979 at NVD CVE-2016-2834 at SUSE CVE-2016-2834 at NVD CVE-2018-0495 at SUSE CVE-2018-0495 at NVD CVE-2018-12384 at SUSE CVE-2018-12384 at NVD CVE-2018-12404 at SUSE CVE-2018-12404 at NVD CVE-2018-18508 at SUSE CVE-2018-18508 at NVD CVE-2019-11745 at SUSE CVE-2019-11745 at NVD CVE-2019-17006 at SUSE CVE-2019-17006 at NVD CVE-2020-12399 at SUSE CVE-2020-12399 at NVD CVE-2020-12402 at SUSE CVE-2020-12402 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-2240 at SUSE CVE-2014-2240 at NVD CVE-2014-9656 at SUSE CVE-2014-9656 at NVD CVE-2014-9657 at SUSE CVE-2014-9657 at NVD CVE-2014-9658 at SUSE CVE-2014-9658 at NVD CVE-2014-9659 at SUSE CVE-2014-9659 at NVD CVE-2014-9660 at SUSE CVE-2014-9660 at NVD CVE-2014-9661 at SUSE CVE-2014-9661 at NVD CVE-2014-9662 at SUSE CVE-2014-9662 at NVD CVE-2014-9663 at SUSE CVE-2014-9663 at NVD CVE-2014-9664 at SUSE CVE-2014-9664 at NVD CVE-2014-9665 at SUSE CVE-2014-9665 at NVD CVE-2014-9666 at SUSE CVE-2014-9666 at NVD CVE-2014-9667 at SUSE CVE-2014-9667 at NVD CVE-2014-9668 at SUSE CVE-2014-9668 at NVD CVE-2014-9669 at SUSE CVE-2014-9669 at NVD CVE-2014-9670 at SUSE CVE-2014-9670 at NVD CVE-2014-9671 at SUSE CVE-2014-9671 at NVD CVE-2014-9672 at SUSE CVE-2014-9672 at NVD CVE-2014-9673 at SUSE CVE-2014-9673 at NVD CVE-2014-9674 at SUSE CVE-2014-9674 at NVD CVE-2014-9675 at SUSE CVE-2014-9675 at NVD CVE-2017-8105 at SUSE CVE-2017-8105 at NVD CVE-2017-8287 at SUSE CVE-2017-8287 at NVD CVE-2018-6942 at SUSE CVE-2018-6942 at NVD CVE-2020-15999 at SUSE CVE-2020-15999 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libgcc_s1-10.3.0+git1587-1.6.4 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-13844 at SUSE CVE-2020-13844 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libgcrypt20-1.8.2-8.39.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3591 at SUSE CVE-2014-3591 at NVD CVE-2015-0837 at SUSE CVE-2015-0837 at NVD CVE-2015-5738 at SUSE CVE-2015-5738 at NVD CVE-2015-7511 at SUSE CVE-2015-7511 at NVD CVE-2016-6313 at SUSE CVE-2016-6313 at NVD CVE-2017-0379 at SUSE CVE-2017-0379 at NVD CVE-2017-7526 at SUSE CVE-2017-7526 at NVD CVE-2018-0495 at SUSE CVE-2018-0495 at NVD CVE-2019-12904 at SUSE CVE-2019-12904 at NVD CVE-2019-13627 at SUSE CVE-2019-13627 at NVD CVE-2021-33560 at SUSE CVE-2021-33560 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libgnutls30-3.6.7-14.13.5 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-8564 at SUSE CVE-2014-8564 at NVD CVE-2015-6251 at SUSE CVE-2015-6251 at NVD CVE-2016-8610 at SUSE CVE-2016-8610 at NVD CVE-2017-7869 at SUSE CVE-2017-7869 at NVD CVE-2018-10844 at SUSE CVE-2018-10844 at NVD CVE-2018-10845 at SUSE CVE-2018-10845 at NVD CVE-2018-10846 at SUSE CVE-2018-10846 at NVD CVE-2018-16868 at SUSE CVE-2018-16868 at NVD CVE-2019-3829 at SUSE CVE-2019-3829 at NVD CVE-2019-3836 at SUSE CVE-2019-3836 at NVD CVE-2020-11501 at SUSE CVE-2020-11501 at NVD CVE-2020-13777 at SUSE CVE-2020-13777 at NVD CVE-2020-24659 at SUSE CVE-2020-24659 at NVD CVE-2021-20231 at SUSE CVE-2021-20231 at NVD CVE-2021-20232 at SUSE CVE-2021-20232 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libhivex0-1.3.14-5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2021-3504 at SUSE CVE-2021-3504 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libhogweed4-3.4.1-4.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-8803 at SUSE CVE-2015-8803 at NVD CVE-2015-8804 at SUSE CVE-2015-8804 at NVD CVE-2015-8805 at SUSE CVE-2015-8805 at NVD CVE-2016-6489 at SUSE CVE-2016-6489 at NVD CVE-2018-16869 at SUSE CVE-2018-16869 at NVD CVE-2021-20305 at SUSE CVE-2021-20305 at NVD CVE-2021-3580 at SUSE CVE-2021-3580 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-2059 at SUSE CVE-2015-2059 at NVD CVE-2015-8948 at SUSE CVE-2015-8948 at NVD CVE-2016-6261 at SUSE CVE-2016-6261 at NVD CVE-2016-6262 at SUSE CVE-2016-6262 at NVD CVE-2016-6263 at SUSE CVE-2016-6263 at NVD CVE-2017-14062 at SUSE CVE-2017-14062 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-2059 at SUSE CVE-2015-2059 at NVD CVE-2015-8948 at SUSE CVE-2015-8948 at NVD CVE-2016-6261 at SUSE CVE-2016-6261 at NVD CVE-2016-6262 at SUSE CVE-2016-6262 at NVD CVE-2016-6263 at SUSE CVE-2016-6263 at NVD CVE-2019-12290 at SUSE CVE-2019-12290 at NVD CVE-2019-18224 at SUSE CVE-2019-18224 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2013-6401 at SUSE CVE-2013-6401 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libjpeg8-8.1.2-5.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9092 at SUSE CVE-2014-9092 at NVD CVE-2017-15232 at SUSE CVE-2017-15232 at NVD CVE-2018-1152 at SUSE CVE-2018-1152 at NVD CVE-2018-11813 at SUSE CVE-2018-11813 at NVD CVE-2018-14498 at SUSE CVE-2018-14498 at NVD CVE-2019-2201 at SUSE CVE-2019-2201 at NVD CVE-2020-13790 at SUSE CVE-2020-13790 at NVD CVE-2020-17541 at SUSE CVE-2020-17541 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libjson-c3-0.13-1.19 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2013-6370 at SUSE CVE-2013-6370 at NVD CVE-2013-6371 at SUSE CVE-2013-6371 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9087 at SUSE CVE-2014-9087 at NVD CVE-2016-4574 at SUSE CVE-2016-4574 at NVD CVE-2016-4579 at SUSE CVE-2016-4579 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libldap-2_4-2-2.4.46-9.58.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-1545 at SUSE CVE-2015-1545 at NVD CVE-2015-1546 at SUSE CVE-2015-1546 at NVD CVE-2015-6908 at SUSE CVE-2015-6908 at NVD CVE-2017-17740 at SUSE CVE-2017-17740 at NVD CVE-2019-13057 at SUSE CVE-2019-13057 at NVD CVE-2019-13565 at SUSE CVE-2019-13565 at NVD CVE-2020-12243 at SUSE CVE-2020-12243 at NVD CVE-2020-15719 at SUSE CVE-2020-15719 at NVD CVE-2020-25692 at SUSE CVE-2020-25692 at NVD CVE-2020-25709 at SUSE CVE-2020-25709 at NVD CVE-2020-25710 at SUSE CVE-2020-25710 at NVD CVE-2020-36221 at SUSE CVE-2020-36221 at NVD CVE-2020-36222 at SUSE CVE-2020-36222 at NVD CVE-2020-36223 at SUSE CVE-2020-36223 at NVD CVE-2020-36224 at SUSE CVE-2020-36224 at NVD CVE-2020-36225 at SUSE CVE-2020-36225 at NVD CVE-2020-36226 at SUSE CVE-2020-36226 at NVD CVE-2020-36227 at SUSE CVE-2020-36227 at NVD CVE-2020-36228 at SUSE CVE-2020-36228 at NVD CVE-2020-36229 at SUSE CVE-2020-36229 at NVD CVE-2020-36230 at SUSE CVE-2020-36230 at NVD CVE-2020-8023 at SUSE CVE-2020-8023 at NVD CVE-2020-8027 at SUSE CVE-2020-8027 at NVD CVE-2021-27212 at SUSE CVE-2021-27212 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libldb2-2.2.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-3223 at SUSE CVE-2015-3223 at NVD CVE-2015-5330 at SUSE CVE-2015-5330 at NVD CVE-2018-1140 at SUSE CVE-2018-1140 at NVD CVE-2019-3824 at SUSE CVE-2019-3824 at NVD CVE-2020-10700 at SUSE CVE-2020-10700 at NVD CVE-2020-10730 at SUSE CVE-2020-10730 at NVD CVE-2020-27840 at SUSE CVE-2020-27840 at NVD CVE-2021-20277 at SUSE CVE-2021-20277 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-6706 at SUSE CVE-2019-6706 at NVD CVE-2020-24370 at SUSE CVE-2020-24370 at NVD CVE-2020-24371 at SUSE CVE-2020-24371 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the liblz4-1-1.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-17543 at SUSE CVE-2019-17543 at NVD CVE-2021-3520 at SUSE CVE-2021-3520 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-4607 at SUSE CVE-2014-4607 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2013-7038 at SUSE CVE-2013-7038 at NVD CVE-2013-7039 at SUSE CVE-2013-7039 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libmspack0-0.6-3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9556 at SUSE CVE-2014-9556 at NVD CVE-2017-11423 at SUSE CVE-2017-11423 at NVD CVE-2017-6419 at SUSE CVE-2017-6419 at NVD CVE-2018-14679 at SUSE CVE-2018-14679 at NVD CVE-2018-14681 at SUSE CVE-2018-14681 at NVD CVE-2018-14682 at SUSE CVE-2018-14682 at NVD CVE-2018-18584 at SUSE CVE-2018-18584 at NVD CVE-2018-18585 at SUSE CVE-2018-18585 at NVD CVE-2019-1010305 at SUSE CVE-2019-1010305 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libncurses6-6.1-5.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-19211 at SUSE CVE-2018-19211 at NVD CVE-2019-17594 at SUSE CVE-2019-17594 at NVD CVE-2019-17595 at SUSE CVE-2019-17595 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-1544 at SUSE CVE-2016-1544 at NVD CVE-2018-1000168 at SUSE CVE-2018-1000168 at NVD CVE-2019-18802 at SUSE CVE-2019-18802 at NVD CVE-2019-9511 at SUSE CVE-2019-9511 at NVD CVE-2019-9513 at SUSE CVE-2019-9513 at NVD CVE-2020-11080 at SUSE CVE-2020-11080 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libnm0-1.22.10-3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2006-7246 at SUSE CVE-2006-7246 at NVD CVE-2015-2924 at SUSE CVE-2015-2924 at NVD CVE-2016-0764 at SUSE CVE-2016-0764 at NVD CVE-2018-1000135 at SUSE CVE-2018-1000135 at NVD CVE-2018-15688 at SUSE CVE-2018-15688 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libopenssl-1_1-devel-1.1.1d-11.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3513 at SUSE CVE-2014-3513 at NVD CVE-2014-3567 at SUSE CVE-2014-3567 at NVD CVE-2014-3568 at SUSE CVE-2014-3568 at NVD CVE-2014-3569 at SUSE CVE-2014-3569 at NVD CVE-2014-3570 at SUSE CVE-2014-3570 at NVD CVE-2014-3571 at SUSE CVE-2014-3571 at NVD CVE-2014-3572 at SUSE CVE-2014-3572 at NVD CVE-2014-8275 at SUSE CVE-2014-8275 at NVD CVE-2015-0204 at SUSE CVE-2015-0204 at NVD CVE-2015-0205 at SUSE CVE-2015-0205 at NVD CVE-2015-0206 at SUSE CVE-2015-0206 at NVD CVE-2015-0209 at SUSE CVE-2015-0209 at NVD CVE-2015-0286 at SUSE CVE-2015-0286 at NVD CVE-2015-0287 at SUSE CVE-2015-0287 at NVD CVE-2015-0288 at SUSE CVE-2015-0288 at NVD CVE-2015-0289 at SUSE CVE-2015-0289 at NVD CVE-2015-0293 at SUSE CVE-2015-0293 at NVD CVE-2015-1788 at SUSE CVE-2015-1788 at NVD CVE-2015-1789 at SUSE CVE-2015-1789 at NVD CVE-2015-1790 at SUSE CVE-2015-1790 at NVD CVE-2015-1791 at SUSE CVE-2015-1791 at NVD CVE-2015-1792 at SUSE CVE-2015-1792 at NVD CVE-2015-1793 at SUSE CVE-2015-1793 at NVD CVE-2015-1794 at SUSE CVE-2015-1794 at NVD CVE-2015-3193 at SUSE CVE-2015-3193 at NVD CVE-2015-3194 at SUSE CVE-2015-3194 at NVD CVE-2015-3195 at SUSE CVE-2015-3195 at NVD CVE-2015-3196 at SUSE CVE-2015-3196 at NVD CVE-2015-3197 at SUSE CVE-2015-3197 at NVD CVE-2016-0701 at SUSE CVE-2016-0701 at NVD CVE-2016-0702 at SUSE CVE-2016-0702 at NVD CVE-2016-0705 at SUSE CVE-2016-0705 at NVD CVE-2016-0797 at SUSE CVE-2016-0797 at NVD CVE-2016-0798 at SUSE CVE-2016-0798 at NVD CVE-2016-0800 at SUSE CVE-2016-0800 at NVD CVE-2016-2105 at SUSE CVE-2016-2105 at NVD CVE-2016-2106 at SUSE CVE-2016-2106 at NVD CVE-2016-2107 at SUSE CVE-2016-2107 at NVD CVE-2016-2109 at SUSE CVE-2016-2109 at NVD CVE-2016-2176 at SUSE CVE-2016-2176 at NVD CVE-2016-2177 at SUSE CVE-2016-2177 at NVD CVE-2016-2178 at SUSE CVE-2016-2178 at NVD CVE-2016-2179 at SUSE CVE-2016-2179 at NVD CVE-2016-2180 at SUSE CVE-2016-2180 at NVD CVE-2016-2181 at SUSE CVE-2016-2181 at NVD CVE-2016-2182 at SUSE CVE-2016-2182 at NVD CVE-2016-2183 at SUSE CVE-2016-2183 at NVD CVE-2016-6302 at SUSE CVE-2016-6302 at NVD CVE-2016-6303 at SUSE CVE-2016-6303 at NVD CVE-2016-6304 at SUSE CVE-2016-6304 at NVD CVE-2016-6306 at SUSE CVE-2016-6306 at NVD CVE-2016-7052 at SUSE CVE-2016-7052 at NVD CVE-2016-7055 at SUSE CVE-2016-7055 at NVD CVE-2016-7056 at SUSE CVE-2016-7056 at NVD CVE-2017-3731 at SUSE CVE-2017-3731 at NVD CVE-2017-3732 at SUSE CVE-2017-3732 at NVD CVE-2017-3735 at SUSE CVE-2017-3735 at NVD CVE-2017-3736 at SUSE CVE-2017-3736 at NVD CVE-2017-3738 at SUSE CVE-2017-3738 at NVD CVE-2018-0732 at SUSE CVE-2018-0732 at NVD CVE-2018-0734 at SUSE CVE-2018-0734 at NVD CVE-2018-0735 at SUSE CVE-2018-0735 at NVD CVE-2018-0737 at SUSE CVE-2018-0737 at NVD CVE-2018-0739 at SUSE CVE-2018-0739 at NVD CVE-2019-1543 at SUSE CVE-2019-1543 at NVD CVE-2019-1547 at SUSE CVE-2019-1547 at NVD CVE-2019-1549 at SUSE CVE-2019-1549 at NVD CVE-2019-1551 at SUSE CVE-2019-1551 at NVD CVE-2019-1563 at SUSE CVE-2019-1563 at NVD CVE-2020-1967 at SUSE CVE-2020-1967 at NVD CVE-2020-1971 at SUSE CVE-2020-1971 at NVD CVE-2021-23840 at SUSE CVE-2021-23840 at NVD CVE-2021-23841 at SUSE CVE-2021-23841 at NVD CVE-2021-3449 at SUSE CVE-2021-3449 at NVD CVE-2021-3711 at SUSE CVE-2021-3711 at NVD CVE-2021-3712 at SUSE CVE-2021-3712 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpcap1-1.9.1-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-16301 at SUSE CVE-2018-16301 at NVD CVE-2019-15161 at SUSE CVE-2019-15161 at NVD CVE-2019-15162 at SUSE CVE-2019-15162 at NVD CVE-2019-15163 at SUSE CVE-2019-15163 at NVD CVE-2019-15164 at SUSE CVE-2019-15164 at NVD CVE-2019-15165 at SUSE CVE-2019-15165 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpcre1-8.41-6.4.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-8964 at SUSE CVE-2014-8964 at NVD CVE-2015-2325 at SUSE CVE-2015-2325 at NVD CVE-2015-2326 at SUSE CVE-2015-2326 at NVD CVE-2015-3217 at SUSE CVE-2015-3217 at NVD CVE-2016-1283 at SUSE CVE-2016-1283 at NVD CVE-2016-3191 at SUSE CVE-2016-3191 at NVD CVE-2017-6004 at SUSE CVE-2017-6004 at NVD CVE-2017-7186 at SUSE CVE-2017-7186 at NVD CVE-2017-7244 at SUSE CVE-2017-7244 at NVD CVE-2017-7245 at SUSE CVE-2017-7245 at NVD CVE-2017-7246 at SUSE CVE-2017-7246 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpcre2-8-0-10.31-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-8964 at SUSE CVE-2014-8964 at NVD CVE-2015-2325 at SUSE CVE-2015-2325 at NVD CVE-2015-2326 at SUSE CVE-2015-2326 at NVD CVE-2016-3191 at SUSE CVE-2016-3191 at NVD CVE-2017-7186 at SUSE CVE-2017-7186 at NVD CVE-2017-8786 at SUSE CVE-2017-8786 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpcsclite1-1.8.24-1.14 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-10109 at SUSE CVE-2016-10109 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-8126 at SUSE CVE-2015-8126 at NVD CVE-2016-10087 at SUSE CVE-2016-10087 at NVD CVE-2016-5735 at SUSE CVE-2016-5735 at NVD CVE-2017-12652 at SUSE CVE-2017-12652 at NVD CVE-2018-13785 at SUSE CVE-2018-13785 at NVD CVE-2019-7317 at SUSE CVE-2019-7317 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpolkit0-0.116-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-3218 at SUSE CVE-2015-3218 at NVD CVE-2015-3255 at SUSE CVE-2015-3255 at NVD CVE-2015-3256 at SUSE CVE-2015-3256 at NVD CVE-2015-4625 at SUSE CVE-2015-4625 at NVD CVE-2018-1116 at SUSE CVE-2018-1116 at NVD CVE-2018-19788 at SUSE CVE-2018-19788 at NVD CVE-2019-6133 at SUSE CVE-2019-6133 at NVD CVE-2021-3560 at SUSE CVE-2021-3560 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libprocps7-3.3.15-7.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-1122 at SUSE CVE-2018-1122 at NVD CVE-2018-1123 at SUSE CVE-2018-1123 at NVD CVE-2018-1124 at SUSE CVE-2018-1124 at NVD CVE-2018-1125 at SUSE CVE-2018-1125 at NVD CVE-2018-1126 at SUSE CVE-2018-1126 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libproxy1-0.4.15-12.41 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-25219 at SUSE CVE-2020-25219 at NVD CVE-2020-26154 at SUSE CVE-2020-26154 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libpython3_6m1_0-3.6.13-3.84.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-4650 at SUSE CVE-2014-4650 at NVD CVE-2016-0772 at SUSE CVE-2016-0772 at NVD CVE-2016-1000110 at SUSE CVE-2016-1000110 at NVD CVE-2016-5636 at SUSE CVE-2016-5636 at NVD CVE-2016-5699 at SUSE CVE-2016-5699 at NVD CVE-2017-18207 at SUSE CVE-2017-18207 at NVD CVE-2018-1000802 at SUSE CVE-2018-1000802 at NVD CVE-2018-1060 at SUSE CVE-2018-1060 at NVD CVE-2018-1061 at SUSE CVE-2018-1061 at NVD CVE-2018-14647 at SUSE CVE-2018-14647 at NVD CVE-2018-20406 at SUSE CVE-2018-20406 at NVD CVE-2018-20852 at SUSE CVE-2018-20852 at NVD CVE-2019-10160 at SUSE CVE-2019-10160 at NVD CVE-2019-15903 at SUSE CVE-2019-15903 at NVD CVE-2019-16056 at SUSE CVE-2019-16056 at NVD CVE-2019-16935 at SUSE CVE-2019-16935 at NVD CVE-2019-18348 at SUSE CVE-2019-18348 at NVD CVE-2019-20907 at SUSE CVE-2019-20907 at NVD CVE-2019-20916 at SUSE CVE-2019-20916 at NVD CVE-2019-5010 at SUSE CVE-2019-5010 at NVD CVE-2019-9636 at SUSE CVE-2019-9636 at NVD CVE-2019-9674 at SUSE CVE-2019-9674 at NVD CVE-2019-9947 at SUSE CVE-2019-9947 at NVD CVE-2020-14422 at SUSE CVE-2020-14422 at NVD CVE-2020-26116 at SUSE CVE-2020-26116 at NVD CVE-2020-27619 at SUSE CVE-2020-27619 at NVD CVE-2020-8492 at SUSE CVE-2020-8492 at NVD CVE-2021-23336 at SUSE CVE-2021-23336 at NVD CVE-2021-3177 at SUSE CVE-2021-3177 at NVD CVE-2021-3426 at SUSE CVE-2021-3426 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the librados2-15.2.13.79+g51835b62d61-3.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-16818 at SUSE CVE-2017-16818 at NVD CVE-2018-10861 at SUSE CVE-2018-10861 at NVD CVE-2018-1128 at SUSE CVE-2018-1128 at NVD CVE-2018-1129 at SUSE CVE-2018-1129 at NVD CVE-2018-16889 at SUSE CVE-2018-16889 at NVD CVE-2019-10222 at SUSE CVE-2019-10222 at NVD CVE-2019-3821 at SUSE CVE-2019-3821 at NVD CVE-2020-10736 at SUSE CVE-2020-10736 at NVD CVE-2020-1759 at SUSE CVE-2020-1759 at NVD CVE-2020-1760 at SUSE CVE-2020-1760 at NVD CVE-2020-25660 at SUSE CVE-2020-25660 at NVD CVE-2020-25678 at SUSE CVE-2020-25678 at NVD CVE-2020-27781 at SUSE CVE-2020-27781 at NVD CVE-2020-27839 at SUSE CVE-2020-27839 at NVD CVE-2021-20288 at SUSE CVE-2021-20288 at NVD CVE-2021-3509 at SUSE CVE-2021-3509 at NVD CVE-2021-3524 at SUSE CVE-2021-3524 at NVD CVE-2021-3531 at SUSE CVE-2021-3531 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libseccomp2-2.4.1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-9893 at SUSE CVE-2019-9893 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libslirp0-4.3.1-1.51 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-10756 at SUSE CVE-2020-10756 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libsolv-tools-0.7.19-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-20532 at SUSE CVE-2018-20532 at NVD CVE-2018-20533 at SUSE CVE-2018-20533 at NVD CVE-2018-20534 at SUSE CVE-2018-20534 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libsqlite3-0-3.36.0-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-3414 at SUSE CVE-2015-3414 at NVD CVE-2015-3415 at SUSE CVE-2015-3415 at NVD CVE-2018-20346 at SUSE CVE-2018-20346 at NVD CVE-2018-8740 at SUSE CVE-2018-8740 at NVD CVE-2019-16168 at SUSE CVE-2019-16168 at NVD CVE-2019-19244 at SUSE CVE-2019-19244 at NVD CVE-2019-19317 at SUSE CVE-2019-19317 at NVD CVE-2019-19603 at SUSE CVE-2019-19603 at NVD CVE-2019-19645 at SUSE CVE-2019-19645 at NVD CVE-2019-19646 at SUSE CVE-2019-19646 at NVD CVE-2019-19880 at SUSE CVE-2019-19880 at NVD CVE-2019-19923 at SUSE CVE-2019-19923 at NVD CVE-2019-19924 at SUSE CVE-2019-19924 at NVD CVE-2019-19925 at SUSE CVE-2019-19925 at NVD CVE-2019-19926 at SUSE CVE-2019-19926 at NVD CVE-2019-19959 at SUSE CVE-2019-19959 at NVD CVE-2019-20218 at SUSE CVE-2019-20218 at NVD CVE-2019-9936 at SUSE CVE-2019-9936 at NVD CVE-2019-9937 at SUSE CVE-2019-9937 at NVD CVE-2020-13434 at SUSE CVE-2020-13434 at NVD CVE-2020-13435 at SUSE CVE-2020-13435 at NVD CVE-2020-13630 at SUSE CVE-2020-13630 at NVD CVE-2020-13631 at SUSE CVE-2020-13631 at NVD CVE-2020-13632 at SUSE CVE-2020-13632 at NVD CVE-2020-15358 at SUSE CVE-2020-15358 at NVD CVE-2020-9327 at SUSE CVE-2020-9327 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-1782 at SUSE CVE-2015-1782 at NVD CVE-2016-0787 at SUSE CVE-2016-0787 at NVD CVE-2019-17498 at SUSE CVE-2019-17498 at NVD CVE-2019-3855 at SUSE CVE-2019-3855 at NVD CVE-2019-3856 at SUSE CVE-2019-3856 at NVD CVE-2019-3857 at SUSE CVE-2019-3857 at NVD CVE-2019-3858 at SUSE CVE-2019-3858 at NVD CVE-2019-3859 at SUSE CVE-2019-3859 at NVD CVE-2019-3860 at SUSE CVE-2019-3860 at NVD CVE-2019-3861 at SUSE CVE-2019-3861 at NVD CVE-2019-3862 at SUSE CVE-2019-3862 at NVD CVE-2019-3863 at SUSE CVE-2019-3863 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-8132 at SUSE CVE-2014-8132 at NVD CVE-2015-3146 at SUSE CVE-2015-3146 at NVD CVE-2018-10933 at SUSE CVE-2018-10933 at NVD CVE-2019-14889 at SUSE CVE-2019-14889 at NVD CVE-2020-1730 at SUSE CVE-2020-1730 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libsss_certmap0-1.16.1-23.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-12173 at SUSE CVE-2017-12173 at NVD CVE-2018-10852 at SUSE CVE-2018-10852 at NVD CVE-2018-16838 at SUSE CVE-2018-16838 at NVD CVE-2019-3811 at SUSE CVE-2019-3811 at NVD CVE-2021-3621 at SUSE CVE-2021-3621 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libsystemd0-246.15-7.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-7510 at SUSE CVE-2015-7510 at NVD CVE-2016-10156 at SUSE CVE-2016-10156 at NVD CVE-2017-15908 at SUSE CVE-2017-15908 at NVD CVE-2017-18078 at SUSE CVE-2017-18078 at NVD CVE-2017-9445 at SUSE CVE-2017-9445 at NVD CVE-2018-15686 at SUSE CVE-2018-15686 at NVD CVE-2018-15687 at SUSE CVE-2018-15687 at NVD CVE-2018-15688 at SUSE CVE-2018-15688 at NVD CVE-2018-16864 at SUSE CVE-2018-16864 at NVD CVE-2018-16865 at SUSE CVE-2018-16865 at NVD CVE-2018-21029 at SUSE CVE-2018-21029 at NVD CVE-2018-6954 at SUSE CVE-2018-6954 at NVD CVE-2019-20386 at SUSE CVE-2019-20386 at NVD CVE-2019-3842 at SUSE CVE-2019-3842 at NVD CVE-2019-3843 at SUSE CVE-2019-3843 at NVD CVE-2019-3844 at SUSE CVE-2019-3844 at NVD CVE-2019-6454 at SUSE CVE-2019-6454 at NVD CVE-2020-13529 at SUSE CVE-2020-13529 at NVD CVE-2020-1712 at SUSE CVE-2020-1712 at NVD CVE-2021-33910 at SUSE CVE-2021-33910 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-2806 at SUSE CVE-2015-2806 at NVD CVE-2015-3622 at SUSE CVE-2015-3622 at NVD CVE-2016-4008 at SUSE CVE-2016-4008 at NVD CVE-2018-1000654 at SUSE CVE-2018-1000654 at NVD CVE-2018-6003 at SUSE CVE-2018-6003 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libtirpc-netconfig-1.2.6-1.131 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-4429 at SUSE CVE-2016-4429 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libtpms0-0.8.2-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2021-3446 at SUSE CVE-2021-3446 at NVD CVE-2021-3505 at SUSE CVE-2021-3505 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-3239 at SUSE CVE-2015-3239 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libvirt-daemon-7.1.0-6.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-7823 at SUSE CVE-2014-7823 at NVD CVE-2014-8131 at SUSE CVE-2014-8131 at NVD CVE-2015-0236 at SUSE CVE-2015-0236 at NVD CVE-2015-5247 at SUSE CVE-2015-5247 at NVD CVE-2015-5313 at SUSE CVE-2015-5313 at NVD CVE-2017-1000256 at SUSE CVE-2017-1000256 at NVD CVE-2017-2635 at SUSE CVE-2017-2635 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2018-1064 at SUSE CVE-2018-1064 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-5748 at SUSE CVE-2018-5748 at NVD CVE-2019-10132 at SUSE CVE-2019-10132 at NVD CVE-2019-10161 at SUSE CVE-2019-10161 at NVD CVE-2019-10166 at SUSE CVE-2019-10166 at NVD CVE-2019-10167 at SUSE CVE-2019-10167 at NVD CVE-2019-10168 at SUSE CVE-2019-10168 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-3886 at SUSE CVE-2019-3886 at NVD CVE-2020-10701 at SUSE CVE-2020-10701 at NVD CVE-2020-12430 at SUSE CVE-2020-12430 at NVD CVE-2020-14339 at SUSE CVE-2020-14339 at NVD CVE-2020-15708 at SUSE CVE-2020-15708 at NVD CVE-2020-25637 at SUSE CVE-2020-25637 at NVD CVE-2021-3631 at SUSE CVE-2021-3631 at NVD CVE-2021-3667 at SUSE CVE-2021-3667 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libvmtools0-11.3.0-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-5191 at SUSE CVE-2015-5191 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libxkbcommon0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-15853 at SUSE CVE-2018-15853 at NVD CVE-2018-15854 at SUSE CVE-2018-15854 at NVD CVE-2018-15855 at SUSE CVE-2018-15855 at NVD CVE-2018-15856 at SUSE CVE-2018-15856 at NVD CVE-2018-15857 at SUSE CVE-2018-15857 at NVD CVE-2018-15858 at SUSE CVE-2018-15858 at NVD CVE-2018-15859 at SUSE CVE-2018-15859 at NVD CVE-2018-15861 at SUSE CVE-2018-15861 at NVD CVE-2018-15862 at SUSE CVE-2018-15862 at NVD CVE-2018-15863 at SUSE CVE-2018-15863 at NVD CVE-2018-15864 at SUSE CVE-2018-15864 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libxml2-2-2.9.7-3.37.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-0191 at SUSE CVE-2014-0191 at NVD CVE-2014-3660 at SUSE CVE-2014-3660 at NVD CVE-2015-1819 at SUSE CVE-2015-1819 at NVD CVE-2015-5312 at SUSE CVE-2015-5312 at NVD CVE-2015-7497 at SUSE CVE-2015-7497 at NVD CVE-2015-7498 at SUSE CVE-2015-7498 at NVD CVE-2015-7499 at SUSE CVE-2015-7499 at NVD CVE-2015-7500 at SUSE CVE-2015-7500 at NVD CVE-2015-7941 at SUSE CVE-2015-7941 at NVD CVE-2015-7942 at SUSE CVE-2015-7942 at NVD CVE-2015-8035 at SUSE CVE-2015-8035 at NVD CVE-2015-8242 at SUSE CVE-2015-8242 at NVD CVE-2016-1762 at SUSE CVE-2016-1762 at NVD CVE-2016-1833 at SUSE CVE-2016-1833 at NVD CVE-2016-1834 at SUSE CVE-2016-1834 at NVD CVE-2016-1835 at SUSE CVE-2016-1835 at NVD CVE-2016-1836 at SUSE CVE-2016-1836 at NVD CVE-2016-1837 at SUSE CVE-2016-1837 at NVD CVE-2016-1838 at SUSE CVE-2016-1838 at NVD CVE-2016-1839 at SUSE CVE-2016-1839 at NVD CVE-2016-1840 at SUSE CVE-2016-1840 at NVD CVE-2016-3627 at SUSE CVE-2016-3627 at NVD CVE-2016-3705 at SUSE CVE-2016-3705 at NVD CVE-2016-4483 at SUSE CVE-2016-4483 at NVD CVE-2016-4658 at SUSE CVE-2016-4658 at NVD CVE-2017-0663 at SUSE CVE-2017-0663 at NVD CVE-2017-18258 at SUSE CVE-2017-18258 at NVD CVE-2017-5969 at SUSE CVE-2017-5969 at NVD CVE-2017-9047 at SUSE CVE-2017-9047 at NVD CVE-2017-9048 at SUSE CVE-2017-9048 at NVD CVE-2017-9049 at SUSE CVE-2017-9049 at NVD CVE-2018-14404 at SUSE CVE-2018-14404 at NVD CVE-2018-14567 at SUSE CVE-2018-14567 at NVD CVE-2018-9251 at SUSE CVE-2018-9251 at NVD CVE-2019-19956 at SUSE CVE-2019-19956 at NVD CVE-2019-20388 at SUSE CVE-2019-20388 at NVD CVE-2020-24977 at SUSE CVE-2020-24977 at NVD CVE-2020-7595 at SUSE CVE-2020-7595 at NVD CVE-2021-3516 at SUSE CVE-2021-3516 at NVD CVE-2021-3517 at SUSE CVE-2021-3517 at NVD CVE-2021-3518 at SUSE CVE-2021-3518 at NVD CVE-2021-3537 at SUSE CVE-2021-3537 at NVD CVE-2021-3541 at SUSE CVE-2021-3541 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libxslt1-1.1.32-3.8.24 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-7995 at SUSE CVE-2015-7995 at NVD CVE-2015-9019 at SUSE CVE-2015-9019 at NVD CVE-2016-4738 at SUSE CVE-2016-4738 at NVD CVE-2017-5029 at SUSE CVE-2017-5029 at NVD CVE-2019-11068 at SUSE CVE-2019-11068 at NVD CVE-2019-13117 at SUSE CVE-2019-13117 at NVD CVE-2019-13118 at SUSE CVE-2019-13118 at NVD CVE-2019-18197 at SUSE CVE-2019-18197 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-5950 at SUSE CVE-2017-5950 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libz1-1.2.11-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-9843 at SUSE CVE-2016-9843 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-7202 at SUSE CVE-2014-7202 at NVD CVE-2014-7203 at SUSE CVE-2014-7203 at NVD CVE-2014-9721 at SUSE CVE-2014-9721 at NVD CVE-2019-13132 at SUSE CVE-2019-13132 at NVD CVE-2019-6250 at SUSE CVE-2019-6250 at NVD CVE-2020-15166 at SUSE CVE-2020-15166 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libzstd1-1.4.4-1.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-11922 at SUSE CVE-2019-11922 at NVD CVE-2021-24031 at SUSE CVE-2021-24031 at NVD CVE-2021-24032 at SUSE CVE-2021-24032 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the libzypp-17.27.0-12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-7435 at SUSE CVE-2017-7435 at NVD CVE-2017-7436 at SUSE CVE-2017-7436 at NVD CVE-2017-9269 at SUSE CVE-2017-9269 at NVD CVE-2017-9271 at SUSE CVE-2017-9271 at NVD CVE-2018-7685 at SUSE CVE-2018-7685 at NVD CVE-2019-18900 at SUSE CVE-2019-18900 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the login_defs-4.8.1-2.43 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-7169 at SUSE CVE-2018-7169 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2011-1098 at SUSE CVE-2011-1098 at NVD CVE-2011-1154 at SUSE CVE-2011-1154 at NVD CVE-2011-1155 at SUSE CVE-2011-1155 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the mozilla-nspr-4.25.1-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-7183 at SUSE CVE-2015-7183 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the nfs-client-2.1.1-10.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-3689 at SUSE CVE-2019-3689 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the opensc-0.19.0-3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-16391 at SUSE CVE-2018-16391 at NVD CVE-2018-16392 at SUSE CVE-2018-16392 at NVD CVE-2018-16393 at SUSE CVE-2018-16393 at NVD CVE-2018-16418 at SUSE CVE-2018-16418 at NVD CVE-2018-16419 at SUSE CVE-2018-16419 at NVD CVE-2018-16420 at SUSE CVE-2018-16420 at NVD CVE-2018-16421 at SUSE CVE-2018-16421 at NVD CVE-2018-16422 at SUSE CVE-2018-16422 at NVD CVE-2018-16423 at SUSE CVE-2018-16423 at NVD CVE-2018-16424 at SUSE CVE-2018-16424 at NVD CVE-2018-16425 at SUSE CVE-2018-16425 at NVD CVE-2018-16426 at SUSE CVE-2018-16426 at NVD CVE-2018-16427 at SUSE CVE-2018-16427 at NVD CVE-2019-15945 at SUSE CVE-2019-15945 at NVD CVE-2019-15946 at SUSE CVE-2019-15946 at NVD CVE-2019-19479 at SUSE CVE-2019-19479 at NVD CVE-2019-19480 at SUSE CVE-2019-19480 at NVD CVE-2019-20792 at SUSE CVE-2019-20792 at NVD CVE-2020-26570 at SUSE CVE-2020-26570 at NVD CVE-2020-26571 at SUSE CVE-2020-26571 at NVD CVE-2020-26572 at SUSE CVE-2020-26572 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-4912 at SUSE CVE-2016-4912 at NVD CVE-2016-7567 at SUSE CVE-2016-7567 at NVD CVE-2017-17833 at SUSE CVE-2017-17833 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the openssh-8.4p1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-8325 at SUSE CVE-2015-8325 at NVD CVE-2016-0777 at SUSE CVE-2016-0777 at NVD CVE-2016-0778 at SUSE CVE-2016-0778 at NVD CVE-2016-10009 at SUSE CVE-2016-10009 at NVD CVE-2016-10010 at SUSE CVE-2016-10010 at NVD CVE-2016-10011 at SUSE CVE-2016-10011 at NVD CVE-2016-10012 at SUSE CVE-2016-10012 at NVD CVE-2016-6210 at SUSE CVE-2016-6210 at NVD CVE-2016-6515 at SUSE CVE-2016-6515 at NVD CVE-2016-8858 at SUSE CVE-2016-8858 at NVD CVE-2018-20685 at SUSE CVE-2018-20685 at NVD CVE-2019-6109 at SUSE CVE-2019-6109 at NVD CVE-2019-6110 at SUSE CVE-2019-6110 at NVD CVE-2019-6111 at SUSE CVE-2019-6111 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3513 at SUSE CVE-2014-3513 at NVD CVE-2014-3567 at SUSE CVE-2014-3567 at NVD CVE-2014-3568 at SUSE CVE-2014-3568 at NVD CVE-2014-3569 at SUSE CVE-2014-3569 at NVD CVE-2014-3570 at SUSE CVE-2014-3570 at NVD CVE-2014-3571 at SUSE CVE-2014-3571 at NVD CVE-2014-3572 at SUSE CVE-2014-3572 at NVD CVE-2014-8275 at SUSE CVE-2014-8275 at NVD CVE-2015-0204 at SUSE CVE-2015-0204 at NVD CVE-2015-0205 at SUSE CVE-2015-0205 at NVD CVE-2015-0206 at SUSE CVE-2015-0206 at NVD CVE-2015-0209 at SUSE CVE-2015-0209 at NVD CVE-2015-0286 at SUSE CVE-2015-0286 at NVD CVE-2015-0287 at SUSE CVE-2015-0287 at NVD CVE-2015-0288 at SUSE CVE-2015-0288 at NVD CVE-2015-0289 at SUSE CVE-2015-0289 at NVD CVE-2015-0293 at SUSE CVE-2015-0293 at NVD CVE-2015-1788 at SUSE CVE-2015-1788 at NVD CVE-2015-1789 at SUSE CVE-2015-1789 at NVD CVE-2015-1790 at SUSE CVE-2015-1790 at NVD CVE-2015-1791 at SUSE CVE-2015-1791 at NVD CVE-2015-1792 at SUSE CVE-2015-1792 at NVD CVE-2015-1793 at SUSE CVE-2015-1793 at NVD CVE-2015-1794 at SUSE CVE-2015-1794 at NVD CVE-2015-3193 at SUSE CVE-2015-3193 at NVD CVE-2015-3194 at SUSE CVE-2015-3194 at NVD CVE-2015-3195 at SUSE CVE-2015-3195 at NVD CVE-2015-3196 at SUSE CVE-2015-3196 at NVD CVE-2015-3197 at SUSE CVE-2015-3197 at NVD CVE-2016-0701 at SUSE CVE-2016-0701 at NVD CVE-2016-0702 at SUSE CVE-2016-0702 at NVD CVE-2016-0705 at SUSE CVE-2016-0705 at NVD CVE-2016-0797 at SUSE CVE-2016-0797 at NVD CVE-2016-0798 at SUSE CVE-2016-0798 at NVD CVE-2016-0800 at SUSE CVE-2016-0800 at NVD CVE-2016-2105 at SUSE CVE-2016-2105 at NVD CVE-2016-2106 at SUSE CVE-2016-2106 at NVD CVE-2016-2107 at SUSE CVE-2016-2107 at NVD CVE-2016-2109 at SUSE CVE-2016-2109 at NVD CVE-2016-2176 at SUSE CVE-2016-2176 at NVD CVE-2016-2177 at SUSE CVE-2016-2177 at NVD CVE-2016-2178 at SUSE CVE-2016-2178 at NVD CVE-2016-2179 at SUSE CVE-2016-2179 at NVD CVE-2016-2180 at SUSE CVE-2016-2180 at NVD CVE-2016-2181 at SUSE CVE-2016-2181 at NVD CVE-2016-2182 at SUSE CVE-2016-2182 at NVD CVE-2016-2183 at SUSE CVE-2016-2183 at NVD CVE-2016-6302 at SUSE CVE-2016-6302 at NVD CVE-2016-6303 at SUSE CVE-2016-6303 at NVD CVE-2016-6304 at SUSE CVE-2016-6304 at NVD CVE-2016-6306 at SUSE CVE-2016-6306 at NVD CVE-2016-7052 at SUSE CVE-2016-7052 at NVD CVE-2016-7055 at SUSE CVE-2016-7055 at NVD CVE-2016-7056 at SUSE CVE-2016-7056 at NVD CVE-2017-3731 at SUSE CVE-2017-3731 at NVD CVE-2017-3732 at SUSE CVE-2017-3732 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the pam-1.3.0-6.38.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-3238 at SUSE CVE-2015-3238 at NVD CVE-2018-17953 at SUSE CVE-2018-17953 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the perl-5.26.1-15.87 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-12837 at SUSE CVE-2017-12837 at NVD CVE-2017-12883 at SUSE CVE-2017-12883 at NVD CVE-2018-12015 at SUSE CVE-2018-12015 at NVD CVE-2018-18311 at SUSE CVE-2018-18311 at NVD CVE-2018-18312 at SUSE CVE-2018-18312 at NVD CVE-2018-18313 at SUSE CVE-2018-18313 at NVD CVE-2018-18314 at SUSE CVE-2018-18314 at NVD CVE-2020-10543 at SUSE CVE-2020-10543 at NVD CVE-2020-10878 at SUSE CVE-2020-10878 at NVD CVE-2020-12723 at SUSE CVE-2020-12723 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the permissions-20181225-23.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-3687 at SUSE CVE-2019-3687 at NVD CVE-2019-3688 at SUSE CVE-2019-3688 at NVD CVE-2019-3690 at SUSE CVE-2019-3690 at NVD CVE-2020-8013 at SUSE CVE-2020-8013 at NVD CVE-2020-8025 at SUSE CVE-2020-8025 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the podman-2.1.1-4.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-10856 at SUSE CVE-2018-10856 at NVD CVE-2019-10152 at SUSE CVE-2019-10152 at NVD CVE-2019-10214 at SUSE CVE-2019-10214 at NVD CVE-2020-14370 at SUSE CVE-2020-14370 at NVD CVE-2020-1726 at SUSE CVE-2020-1726 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the policycoreutils-3.1-2.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-7545 at SUSE CVE-2016-7545 at NVD CVE-2018-1063 at SUSE CVE-2018-1063 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the powerpc-utils-1.3.8-9.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-4040 at SUSE CVE-2014-4040 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3618 at SUSE CVE-2014-3618 at NVD CVE-2017-16844 at SUSE CVE-2017-16844 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-10745 at SUSE CVE-2016-10745 at NVD CVE-2019-10906 at SUSE CVE-2019-10906 at NVD CVE-2019-8341 at SUSE CVE-2019-8341 at NVD CVE-2020-28493 at SUSE CVE-2020-28493 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-18342 at SUSE CVE-2017-18342 at NVD CVE-2020-14343 at SUSE CVE-2020-14343 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-cryptography-2.8-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-25659 at SUSE CVE-2020-25659 at NVD CVE-2020-36242 at SUSE CVE-2020-36242 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-py-1.8.1-5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-29651 at SUSE CVE-2020-29651 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-2296 at SUSE CVE-2015-2296 at NVD CVE-2018-18074 at SUSE CVE-2018-18074 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-salt-3002.2-50.1.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-1866 at SUSE CVE-2016-1866 at NVD CVE-2016-9639 at SUSE CVE-2016-9639 at NVD CVE-2017-12791 at SUSE CVE-2017-12791 at NVD CVE-2017-14695 at SUSE CVE-2017-14695 at NVD CVE-2017-14696 at SUSE CVE-2017-14696 at NVD CVE-2018-15750 at SUSE CVE-2018-15750 at NVD CVE-2018-15751 at SUSE CVE-2018-15751 at NVD CVE-2019-17361 at SUSE CVE-2019-17361 at NVD CVE-2019-18897 at SUSE CVE-2019-18897 at NVD CVE-2020-11651 at SUSE CVE-2020-11651 at NVD CVE-2020-11652 at SUSE CVE-2020-11652 at NVD CVE-2020-16846 at SUSE CVE-2020-16846 at NVD CVE-2020-17490 at SUSE CVE-2020-17490 at NVD CVE-2020-25592 at SUSE CVE-2020-25592 at NVD CVE-2020-28243 at SUSE CVE-2020-28243 at NVD CVE-2020-28972 at SUSE CVE-2020-28972 at NVD CVE-2020-35662 at SUSE CVE-2020-35662 at NVD CVE-2021-25281 at SUSE CVE-2021-25281 at NVD CVE-2021-25282 at SUSE CVE-2021-25282 at NVD CVE-2021-25283 at SUSE CVE-2021-25283 at NVD CVE-2021-25284 at SUSE CVE-2021-25284 at NVD CVE-2021-25315 at SUSE CVE-2021-25315 at NVD CVE-2021-3144 at SUSE CVE-2021-3144 at NVD CVE-2021-3148 at SUSE CVE-2021-3148 at NVD CVE-2021-31607 at SUSE CVE-2021-31607 at NVD CVE-2021-3197 at SUSE CVE-2021-3197 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-20916 at SUSE CVE-2019-20916 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-9015 at SUSE CVE-2016-9015 at NVD CVE-2018-20060 at SUSE CVE-2018-20060 at NVD CVE-2019-11236 at SUSE CVE-2019-11236 at NVD CVE-2019-11324 at SUSE CVE-2019-11324 at NVD CVE-2019-9740 at SUSE CVE-2019-9740 at NVD CVE-2020-26137 at SUSE CVE-2020-26137 at NVD CVE-2021-33503 at SUSE CVE-2021-33503 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the qemu-5.2.0-103.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-0222 at SUSE CVE-2014-0222 at NVD CVE-2014-0223 at SUSE CVE-2014-0223 at NVD CVE-2014-3461 at SUSE CVE-2014-3461 at NVD CVE-2014-3640 at SUSE CVE-2014-3640 at NVD CVE-2014-7840 at SUSE CVE-2014-7840 at NVD CVE-2014-8106 at SUSE CVE-2014-8106 at NVD CVE-2015-1779 at SUSE CVE-2015-1779 at NVD CVE-2015-3209 at SUSE CVE-2015-3209 at NVD CVE-2015-3456 at SUSE CVE-2015-3456 at NVD CVE-2015-4037 at SUSE CVE-2015-4037 at NVD CVE-2015-5154 at SUSE CVE-2015-5154 at NVD CVE-2015-5225 at SUSE CVE-2015-5225 at NVD CVE-2015-5278 at SUSE CVE-2015-5278 at NVD CVE-2015-5279 at SUSE CVE-2015-5279 at NVD CVE-2015-5745 at SUSE CVE-2015-5745 at NVD CVE-2015-6815 at SUSE CVE-2015-6815 at NVD CVE-2015-6855 at SUSE CVE-2015-6855 at NVD CVE-2015-7295 at SUSE CVE-2015-7295 at NVD CVE-2015-7512 at SUSE CVE-2015-7512 at NVD CVE-2015-7549 at SUSE CVE-2015-7549 at NVD CVE-2015-8345 at SUSE CVE-2015-8345 at NVD CVE-2015-8504 at SUSE CVE-2015-8504 at NVD CVE-2015-8558 at SUSE CVE-2015-8558 at NVD CVE-2015-8567 at SUSE CVE-2015-8567 at NVD CVE-2015-8568 at SUSE CVE-2015-8568 at NVD CVE-2015-8613 at SUSE CVE-2015-8613 at NVD CVE-2015-8619 at SUSE CVE-2015-8619 at NVD CVE-2015-8743 at SUSE CVE-2015-8743 at NVD CVE-2015-8744 at SUSE CVE-2015-8744 at NVD CVE-2015-8745 at SUSE CVE-2015-8745 at NVD CVE-2016-10028 at SUSE CVE-2016-10028 at NVD CVE-2016-10155 at SUSE CVE-2016-10155 at NVD CVE-2016-1568 at SUSE CVE-2016-1568 at NVD CVE-2016-1714 at SUSE CVE-2016-1714 at NVD CVE-2016-1922 at SUSE CVE-2016-1922 at NVD CVE-2016-1981 at SUSE CVE-2016-1981 at NVD CVE-2016-2198 at SUSE CVE-2016-2198 at NVD CVE-2016-3710 at SUSE CVE-2016-3710 at NVD CVE-2016-3712 at SUSE CVE-2016-3712 at NVD CVE-2016-4002 at SUSE CVE-2016-4002 at NVD CVE-2016-4020 at SUSE CVE-2016-4020 at NVD CVE-2016-4439 at SUSE CVE-2016-4439 at NVD CVE-2016-4441 at SUSE CVE-2016-4441 at NVD CVE-2016-4453 at SUSE CVE-2016-4453 at NVD CVE-2016-4454 at SUSE CVE-2016-4454 at NVD CVE-2016-4952 at SUSE CVE-2016-4952 at NVD CVE-2016-4964 at SUSE CVE-2016-4964 at NVD CVE-2016-5105 at SUSE CVE-2016-5105 at NVD CVE-2016-5106 at SUSE CVE-2016-5106 at NVD CVE-2016-5107 at SUSE CVE-2016-5107 at NVD CVE-2016-5126 at SUSE CVE-2016-5126 at NVD CVE-2016-5238 at SUSE CVE-2016-5238 at NVD CVE-2016-5337 at SUSE CVE-2016-5337 at NVD CVE-2016-5338 at SUSE CVE-2016-5338 at NVD CVE-2016-5403 at SUSE CVE-2016-5403 at NVD CVE-2016-6351 at SUSE CVE-2016-6351 at NVD CVE-2016-6490 at SUSE CVE-2016-6490 at NVD CVE-2016-6833 at SUSE CVE-2016-6833 at NVD CVE-2016-6836 at SUSE CVE-2016-6836 at NVD CVE-2016-6888 at SUSE CVE-2016-6888 at NVD CVE-2016-7116 at SUSE CVE-2016-7116 at NVD CVE-2016-7155 at SUSE CVE-2016-7155 at NVD CVE-2016-7156 at SUSE CVE-2016-7156 at NVD CVE-2016-7157 at SUSE CVE-2016-7157 at NVD CVE-2016-7161 at SUSE CVE-2016-7161 at NVD CVE-2016-7170 at SUSE CVE-2016-7170 at NVD CVE-2016-7421 at SUSE CVE-2016-7421 at NVD CVE-2016-7422 at SUSE CVE-2016-7422 at NVD CVE-2016-7423 at SUSE CVE-2016-7423 at NVD CVE-2016-7466 at SUSE CVE-2016-7466 at NVD CVE-2016-7907 at SUSE CVE-2016-7907 at NVD CVE-2016-7908 at SUSE CVE-2016-7908 at NVD CVE-2016-7909 at SUSE CVE-2016-7909 at NVD CVE-2016-7994 at SUSE CVE-2016-7994 at NVD CVE-2016-7995 at SUSE CVE-2016-7995 at NVD CVE-2016-8576 at SUSE CVE-2016-8576 at NVD CVE-2016-8577 at SUSE CVE-2016-8577 at NVD CVE-2016-8578 at SUSE CVE-2016-8578 at NVD CVE-2016-8667 at SUSE CVE-2016-8667 at NVD CVE-2016-8668 at SUSE CVE-2016-8668 at NVD CVE-2016-8669 at SUSE CVE-2016-8669 at NVD CVE-2016-8909 at SUSE CVE-2016-8909 at NVD CVE-2016-8910 at SUSE CVE-2016-8910 at NVD CVE-2016-9101 at SUSE CVE-2016-9101 at NVD CVE-2016-9102 at SUSE CVE-2016-9102 at NVD CVE-2016-9103 at SUSE CVE-2016-9103 at NVD CVE-2016-9104 at SUSE CVE-2016-9104 at NVD CVE-2016-9105 at SUSE CVE-2016-9105 at NVD CVE-2016-9106 at SUSE CVE-2016-9106 at NVD CVE-2016-9381 at SUSE CVE-2016-9381 at NVD CVE-2016-9602 at SUSE CVE-2016-9602 at NVD CVE-2016-9776 at SUSE CVE-2016-9776 at NVD CVE-2016-9845 at SUSE CVE-2016-9845 at NVD CVE-2016-9846 at SUSE CVE-2016-9846 at NVD CVE-2016-9907 at SUSE CVE-2016-9907 at NVD CVE-2016-9908 at SUSE CVE-2016-9908 at NVD CVE-2016-9911 at SUSE CVE-2016-9911 at NVD CVE-2016-9912 at SUSE CVE-2016-9912 at NVD CVE-2016-9913 at SUSE CVE-2016-9913 at NVD CVE-2016-9921 at SUSE CVE-2016-9921 at NVD CVE-2016-9922 at SUSE CVE-2016-9922 at NVD CVE-2016-9923 at SUSE CVE-2016-9923 at NVD CVE-2017-10664 at SUSE CVE-2017-10664 at NVD CVE-2017-10806 at SUSE CVE-2017-10806 at NVD CVE-2017-11334 at SUSE CVE-2017-11334 at NVD CVE-2017-11434 at SUSE CVE-2017-11434 at NVD CVE-2017-13672 at SUSE CVE-2017-13672 at NVD CVE-2017-13673 at SUSE CVE-2017-13673 at NVD CVE-2017-13711 at SUSE CVE-2017-13711 at NVD CVE-2017-14167 at SUSE CVE-2017-14167 at NVD CVE-2017-15038 at SUSE CVE-2017-15038 at NVD CVE-2017-15118 at SUSE CVE-2017-15118 at NVD CVE-2017-15119 at SUSE CVE-2017-15119 at NVD CVE-2017-15268 at SUSE CVE-2017-15268 at NVD CVE-2017-15289 at SUSE CVE-2017-15289 at NVD CVE-2017-2615 at SUSE CVE-2017-2615 at NVD CVE-2017-2620 at SUSE CVE-2017-2620 at NVD CVE-2017-2630 at SUSE CVE-2017-2630 at NVD CVE-2017-2633 at SUSE CVE-2017-2633 at NVD CVE-2017-5525 at SUSE CVE-2017-5525 at NVD CVE-2017-5526 at SUSE CVE-2017-5526 at NVD CVE-2017-5552 at SUSE CVE-2017-5552 at NVD CVE-2017-5578 at SUSE CVE-2017-5578 at NVD CVE-2017-5579 at SUSE CVE-2017-5579 at NVD CVE-2017-5667 at SUSE CVE-2017-5667 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5856 at SUSE CVE-2017-5856 at NVD CVE-2017-5857 at SUSE CVE-2017-5857 at NVD CVE-2017-5898 at SUSE CVE-2017-5898 at NVD CVE-2017-5931 at SUSE CVE-2017-5931 at NVD CVE-2017-5973 at SUSE CVE-2017-5973 at NVD CVE-2017-5987 at SUSE CVE-2017-5987 at NVD CVE-2017-6058 at SUSE CVE-2017-6058 at NVD CVE-2017-6505 at SUSE CVE-2017-6505 at NVD CVE-2017-7471 at SUSE CVE-2017-7471 at NVD CVE-2017-7493 at SUSE CVE-2017-7493 at NVD CVE-2017-8112 at SUSE CVE-2017-8112 at NVD CVE-2017-8309 at SUSE CVE-2017-8309 at NVD CVE-2017-8379 at SUSE CVE-2017-8379 at NVD CVE-2017-8380 at SUSE CVE-2017-8380 at NVD CVE-2017-9503 at SUSE CVE-2017-9503 at NVD CVE-2017-9524 at SUSE CVE-2017-9524 at NVD CVE-2018-10839 at SUSE CVE-2018-10839 at NVD CVE-2018-11806 at SUSE CVE-2018-11806 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-12207 at SUSE CVE-2018-12207 at NVD CVE-2018-12617 at SUSE CVE-2018-12617 at NVD CVE-2018-15746 at SUSE CVE-2018-15746 at NVD CVE-2018-16847 at SUSE CVE-2018-16847 at NVD CVE-2018-16872 at SUSE CVE-2018-16872 at NVD CVE-2018-17958 at SUSE CVE-2018-17958 at NVD CVE-2018-17962 at SUSE CVE-2018-17962 at NVD CVE-2018-17963 at SUSE CVE-2018-17963 at NVD CVE-2018-18849 at SUSE CVE-2018-18849 at NVD CVE-2018-20123 at SUSE CVE-2018-20123 at NVD CVE-2018-20124 at SUSE CVE-2018-20124 at NVD CVE-2018-20125 at SUSE CVE-2018-20125 at NVD CVE-2018-20126 at SUSE CVE-2018-20126 at NVD CVE-2018-20191 at SUSE CVE-2018-20191 at NVD CVE-2018-20216 at SUSE CVE-2018-20216 at NVD CVE-2018-20815 at SUSE CVE-2018-20815 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-7550 at SUSE CVE-2018-7550 at NVD CVE-2018-7858 at SUSE CVE-2018-7858 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-12068 at SUSE CVE-2019-12068 at NVD CVE-2019-12155 at SUSE CVE-2019-12155 at NVD CVE-2019-13164 at SUSE CVE-2019-13164 at NVD CVE-2019-14378 at SUSE CVE-2019-14378 at NVD CVE-2019-15890 at SUSE CVE-2019-15890 at NVD CVE-2019-5008 at SUSE CVE-2019-5008 at NVD CVE-2019-6778 at SUSE CVE-2019-6778 at NVD CVE-2019-8934 at SUSE CVE-2019-8934 at NVD CVE-2019-9824 at SUSE CVE-2019-9824 at NVD CVE-2020-10702 at SUSE CVE-2020-10702 at NVD CVE-2020-10717 at SUSE CVE-2020-10717 at NVD CVE-2020-10761 at SUSE CVE-2020-10761 at NVD CVE-2020-11102 at SUSE CVE-2020-11102 at NVD CVE-2020-11869 at SUSE CVE-2020-11869 at NVD CVE-2020-13361 at SUSE CVE-2020-13361 at NVD CVE-2020-13362 at SUSE CVE-2020-13362 at NVD CVE-2020-13659 at SUSE CVE-2020-13659 at NVD CVE-2020-13800 at SUSE CVE-2020-13800 at NVD CVE-2020-14364 at SUSE CVE-2020-14364 at NVD CVE-2020-15863 at SUSE CVE-2020-15863 at NVD CVE-2020-16092 at SUSE CVE-2020-16092 at NVD CVE-2020-1711 at SUSE CVE-2020-1711 at NVD CVE-2020-17380 at SUSE CVE-2020-17380 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD CVE-2020-24352 at SUSE CVE-2020-24352 at NVD CVE-2020-25085 at SUSE CVE-2020-25085 at NVD CVE-2020-25707 at SUSE CVE-2020-25707 at NVD CVE-2020-25723 at SUSE CVE-2020-25723 at NVD CVE-2020-27821 at SUSE CVE-2020-27821 at NVD CVE-2020-29129 at SUSE CVE-2020-29129 at NVD CVE-2020-29130 at SUSE CVE-2020-29130 at NVD CVE-2020-35503 at SUSE CVE-2020-35503 at NVD CVE-2020-35504 at SUSE CVE-2020-35504 at NVD CVE-2020-35505 at SUSE CVE-2020-35505 at NVD CVE-2020-35506 at SUSE CVE-2020-35506 at NVD CVE-2020-7039 at SUSE CVE-2020-7039 at NVD CVE-2020-8608 at SUSE CVE-2020-8608 at NVD CVE-2021-20181 at SUSE CVE-2021-20181 at NVD CVE-2021-20203 at SUSE CVE-2021-20203 at NVD CVE-2021-20221 at SUSE CVE-2021-20221 at NVD CVE-2021-20255 at SUSE CVE-2021-20255 at NVD CVE-2021-20257 at SUSE CVE-2021-20257 at NVD CVE-2021-20263 at SUSE CVE-2021-20263 at NVD CVE-2021-3409 at SUSE CVE-2021-3409 at NVD CVE-2021-3416 at SUSE CVE-2021-3416 at NVD CVE-2021-3419 at SUSE CVE-2021-3419 at NVD CVE-2021-3527 at SUSE CVE-2021-3527 at NVD CVE-2021-3544 at SUSE CVE-2021-3544 at NVD CVE-2021-3545 at SUSE CVE-2021-3545 at NVD CVE-2021-3546 at SUSE CVE-2021-3546 at NVD CVE-2021-3582 at SUSE CVE-2021-3582 at NVD CVE-2021-3607 at SUSE CVE-2021-3607 at NVD CVE-2021-3608 at SUSE CVE-2021-3608 at NVD CVE-2021-3611 at SUSE CVE-2021-3611 at NVD CVE-2021-3682 at SUSE CVE-2021-3682 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the qemu-ovmf-x86_64-202008-10.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-5731 at SUSE CVE-2017-5731 at NVD CVE-2017-5732 at SUSE CVE-2017-5732 at NVD CVE-2017-5733 at SUSE CVE-2017-5733 at NVD CVE-2017-5734 at SUSE CVE-2017-5734 at NVD CVE-2017-5735 at SUSE CVE-2017-5735 at NVD CVE-2018-0739 at SUSE CVE-2018-0739 at NVD CVE-2018-12178 at SUSE CVE-2018-12178 at NVD CVE-2018-12180 at SUSE CVE-2018-12180 at NVD CVE-2018-12181 at SUSE CVE-2018-12181 at NVD CVE-2018-3613 at SUSE CVE-2018-3613 at NVD CVE-2018-3630 at SUSE CVE-2018-3630 at NVD CVE-2019-0160 at SUSE CVE-2019-0160 at NVD CVE-2019-0161 at SUSE CVE-2019-0161 at NVD CVE-2019-14553 at SUSE CVE-2019-14553 at NVD CVE-2019-14559 at SUSE CVE-2019-14559 at NVD CVE-2019-14562 at SUSE CVE-2019-14562 at NVD CVE-2019-14563 at SUSE CVE-2019-14563 at NVD CVE-2019-14575 at SUSE CVE-2019-14575 at NVD CVE-2019-14584 at SUSE CVE-2019-14584 at NVD CVE-2021-28210 at SUSE CVE-2021-28210 at NVD CVE-2021-28211 at SUSE CVE-2021-28211 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-7236 at SUSE CVE-2015-7236 at NVD CVE-2017-8779 at SUSE CVE-2017-8779 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the rpm-4.14.3-37.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-7500 at SUSE CVE-2017-7500 at NVD CVE-2021-20266 at SUSE CVE-2021-20266 at NVD CVE-2021-20271 at SUSE CVE-2021-20271 at NVD CVE-2021-3421 at SUSE CVE-2021-3421 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the rsync-3.1.3-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-8242 at SUSE CVE-2014-8242 at NVD CVE-2014-9512 at SUSE CVE-2014-9512 at NVD CVE-2017-16548 at SUSE CVE-2017-16548 at NVD CVE-2018-5764 at SUSE CVE-2018-5764 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the runc-1.0.0~rc93-1.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-16884 at SUSE CVE-2019-16884 at NVD CVE-2019-19921 at SUSE CVE-2019-19921 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD CVE-2021-30465 at SUSE CVE-2021-30465 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3675 at SUSE CVE-2014-3675 at NVD CVE-2014-3676 at SUSE CVE-2014-3676 at NVD CVE-2014-3677 at SUSE CVE-2014-3677 at NVD CVE-2019-14584 at SUSE CVE-2019-14584 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the slirp4netns-0.4.7-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-6778 at SUSE CVE-2019-6778 at NVD CVE-2020-10756 at SUSE CVE-2020-10756 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-4645 at SUSE CVE-2015-4645 at NVD CVE-2015-4646 at SUSE CVE-2015-4646 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the sudo-1.9.5p2-1.5 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-9680 at SUSE CVE-2014-9680 at NVD CVE-2016-7032 at SUSE CVE-2016-7032 at NVD CVE-2016-7076 at SUSE CVE-2016-7076 at NVD CVE-2017-1000367 at SUSE CVE-2017-1000367 at NVD CVE-2017-1000368 at SUSE CVE-2017-1000368 at NVD CVE-2019-14287 at SUSE CVE-2019-14287 at NVD CVE-2019-18634 at SUSE CVE-2019-18634 at NVD CVE-2021-23239 at SUSE CVE-2021-23239 at NVD CVE-2021-23240 at SUSE CVE-2021-23240 at NVD CVE-2021-3156 at SUSE CVE-2021-3156 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the supportutils-3.1.17-7.35.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-19637 at SUSE CVE-2018-19637 at NVD CVE-2018-19638 at SUSE CVE-2018-19638 at NVD CVE-2018-19639 at SUSE CVE-2018-19639 at NVD CVE-2018-19640 at SUSE CVE-2018-19640 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the swtpm-0.5.2-1.20 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2020-28407 at SUSE CVE-2020-28407 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the sysstat-12.0.2-3.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2018-19416 at SUSE CVE-2018-19416 at NVD CVE-2018-19517 at SUSE CVE-2018-19517 at NVD CVE-2019-16167 at SUSE CVE-2019-16167 at NVD CVE-2019-19725 at SUSE CVE-2019-19725 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the tar-1.30-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2016-6321 at SUSE CVE-2016-6321 at NVD CVE-2018-20482 at SUSE CVE-2018-20482 at NVD CVE-2019-9923 at SUSE CVE-2019-9923 at NVD CVE-2021-20193 at SUSE CVE-2021-20193 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the trousers-0.3.14-6.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-18898 at SUSE CVE-2019-18898 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the ucode-intel-20210525-7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-3640 at SUSE CVE-2018-3640 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-11139 at SUSE CVE-2019-11139 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-0548 at SUSE CVE-2020-0548 at NVD CVE-2020-0549 at SUSE CVE-2020-0549 at NVD CVE-2020-24489 at SUSE CVE-2020-24489 at NVD CVE-2020-24511 at SUSE CVE-2020-24511 at NVD CVE-2020-24512 at SUSE CVE-2020-24512 at NVD CVE-2020-24513 at SUSE CVE-2020-24513 at NVD CVE-2020-8695 at SUSE CVE-2020-8695 at NVD CVE-2020-8696 at SUSE CVE-2020-8696 at NVD CVE-2020-8698 at SUSE CVE-2020-8698 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2015-0840 at SUSE CVE-2015-0840 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the vim-data-common-8.0.1568-5.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2009-0316 at SUSE CVE-2009-0316 at NVD CVE-2017-1000382 at SUSE CVE-2017-1000382 at NVD CVE-2017-5953 at SUSE CVE-2017-5953 at NVD CVE-2017-6349 at SUSE CVE-2017-6349 at NVD CVE-2017-6350 at SUSE CVE-2017-6350 at NVD CVE-2019-12735 at SUSE CVE-2019-12735 at NVD CVE-2019-20807 at SUSE CVE-2019-20807 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the wicked-0.6.65-2.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2019-18902 at SUSE CVE-2019-18902 at NVD CVE-2019-18903 at SUSE CVE-2019-18903 at NVD CVE-2020-7216 at SUSE CVE-2020-7216 at NVD CVE-2020-7217 at SUSE CVE-2020-7217 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the wpa_supplicant-2.9-4.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2014-3686 at SUSE CVE-2014-3686 at NVD CVE-2015-1863 at SUSE CVE-2015-1863 at NVD CVE-2015-4141 at SUSE CVE-2015-4141 at NVD CVE-2015-4142 at SUSE CVE-2015-4142 at NVD CVE-2015-4143 at SUSE CVE-2015-4143 at NVD CVE-2015-4144 at SUSE CVE-2015-4144 at NVD CVE-2015-4145 at SUSE CVE-2015-4145 at NVD CVE-2015-4146 at SUSE CVE-2015-4146 at NVD CVE-2015-5310 at SUSE CVE-2015-5310 at NVD CVE-2015-5315 at SUSE CVE-2015-5315 at NVD CVE-2015-5316 at SUSE CVE-2015-5316 at NVD CVE-2015-8041 at SUSE CVE-2015-8041 at NVD CVE-2016-4476 at SUSE CVE-2016-4476 at NVD CVE-2016-4477 at SUSE CVE-2016-4477 at NVD CVE-2017-13077 at SUSE CVE-2017-13077 at NVD CVE-2017-13078 at SUSE CVE-2017-13078 at NVD CVE-2017-13079 at SUSE CVE-2017-13079 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-13081 at SUSE CVE-2017-13081 at NVD CVE-2017-13082 at SUSE CVE-2017-13082 at NVD CVE-2017-13086 at SUSE CVE-2017-13086 at NVD CVE-2017-13087 at SUSE CVE-2017-13087 at NVD CVE-2017-13088 at SUSE CVE-2017-13088 at NVD CVE-2018-14526 at SUSE CVE-2018-14526 at NVD CVE-2019-11555 at SUSE CVE-2019-11555 at NVD CVE-2019-13377 at SUSE CVE-2019-13377 at NVD CVE-2019-16275 at SUSE CVE-2019-16275 at NVD CVE-2019-9494 at SUSE CVE-2019-9494 at NVD CVE-2019-9495 at SUSE CVE-2019-9495 at NVD CVE-2019-9497 at SUSE CVE-2019-9497 at NVD CVE-2019-9498 at SUSE CVE-2019-9498 at NVD CVE-2019-9499 at SUSE CVE-2019-9499 at NVD CVE-2021-0326 at SUSE CVE-2021-0326 at NVD CVE-2021-27803 at SUSE CVE-2021-27803 at NVD CVE-2021-30004 at SUSE CVE-2021-30004 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the xen-libs-4.14.2_04-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2013-3495 at SUSE CVE-2013-3495 at NVD CVE-2013-4533 at SUSE CVE-2013-4533 at NVD CVE-2013-4534 at SUSE CVE-2013-4534 at NVD CVE-2013-4537 at SUSE CVE-2013-4537 at NVD CVE-2013-4538 at SUSE CVE-2013-4538 at NVD CVE-2013-4539 at SUSE CVE-2013-4539 at NVD CVE-2013-4540 at SUSE CVE-2013-4540 at NVD CVE-2014-0222 at SUSE CVE-2014-0222 at NVD CVE-2014-3640 at SUSE CVE-2014-3640 at NVD CVE-2014-3672 at SUSE CVE-2014-3672 at NVD CVE-2014-7815 at SUSE CVE-2014-7815 at NVD CVE-2015-1779 at SUSE CVE-2015-1779 at NVD CVE-2015-3259 at SUSE CVE-2015-3259 at NVD CVE-2015-3340 at SUSE CVE-2015-3340 at NVD CVE-2015-3456 at SUSE CVE-2015-3456 at NVD CVE-2015-4037 at SUSE CVE-2015-4037 at NVD CVE-2015-4103 at SUSE CVE-2015-4103 at NVD CVE-2015-4104 at SUSE CVE-2015-4104 at NVD CVE-2015-4105 at SUSE CVE-2015-4105 at NVD CVE-2015-4106 at SUSE CVE-2015-4106 at NVD CVE-2015-5154 at SUSE CVE-2015-5154 at NVD CVE-2015-5239 at SUSE CVE-2015-5239 at NVD CVE-2015-5278 at SUSE CVE-2015-5278 at NVD CVE-2015-5307 at SUSE CVE-2015-5307 at NVD CVE-2015-6815 at SUSE CVE-2015-6815 at NVD CVE-2015-6855 at SUSE CVE-2015-6855 at NVD CVE-2015-7311 at SUSE CVE-2015-7311 at NVD CVE-2015-7504 at SUSE CVE-2015-7504 at NVD CVE-2015-7512 at SUSE CVE-2015-7512 at NVD CVE-2015-7549 at SUSE CVE-2015-7549 at NVD CVE-2015-7835 at SUSE CVE-2015-7835 at NVD CVE-2015-7969 at SUSE CVE-2015-7969 at NVD CVE-2015-7970 at SUSE CVE-2015-7970 at NVD CVE-2015-7971 at SUSE CVE-2015-7971 at NVD CVE-2015-7972 at SUSE CVE-2015-7972 at NVD CVE-2015-8104 at SUSE CVE-2015-8104 at NVD CVE-2015-8339 at SUSE CVE-2015-8339 at NVD CVE-2015-8340 at SUSE CVE-2015-8340 at NVD CVE-2015-8341 at SUSE CVE-2015-8341 at NVD CVE-2015-8345 at SUSE CVE-2015-8345 at NVD CVE-2015-8504 at SUSE CVE-2015-8504 at NVD CVE-2015-8550 at SUSE CVE-2015-8550 at NVD CVE-2015-8554 at SUSE CVE-2015-8554 at NVD CVE-2015-8555 at SUSE CVE-2015-8555 at NVD CVE-2015-8558 at SUSE CVE-2015-8558 at NVD CVE-2015-8567 at SUSE CVE-2015-8567 at NVD CVE-2015-8568 at SUSE CVE-2015-8568 at NVD CVE-2015-8613 at SUSE CVE-2015-8613 at NVD CVE-2015-8615 at SUSE CVE-2015-8615 at NVD CVE-2015-8619 at SUSE CVE-2015-8619 at NVD CVE-2015-8743 at SUSE CVE-2015-8743 at NVD CVE-2015-8744 at SUSE CVE-2015-8744 at NVD CVE-2015-8745 at SUSE CVE-2015-8745 at NVD CVE-2016-10013 at SUSE CVE-2016-10013 at NVD CVE-2016-10024 at SUSE CVE-2016-10024 at NVD CVE-2016-10025 at SUSE CVE-2016-10025 at NVD CVE-2016-1568 at SUSE CVE-2016-1568 at NVD CVE-2016-1570 at SUSE CVE-2016-1570 at NVD CVE-2016-1571 at SUSE CVE-2016-1571 at NVD CVE-2016-1714 at SUSE CVE-2016-1714 at NVD CVE-2016-1922 at SUSE CVE-2016-1922 at NVD CVE-2016-1981 at SUSE CVE-2016-1981 at NVD CVE-2016-2198 at SUSE CVE-2016-2198 at NVD CVE-2016-2270 at SUSE CVE-2016-2270 at NVD CVE-2016-2271 at SUSE CVE-2016-2271 at NVD CVE-2016-2391 at SUSE CVE-2016-2391 at NVD CVE-2016-2392 at SUSE CVE-2016-2392 at NVD CVE-2016-2538 at SUSE CVE-2016-2538 at NVD CVE-2016-2841 at SUSE CVE-2016-2841 at NVD CVE-2016-4439 at SUSE CVE-2016-4439 at NVD CVE-2016-4441 at SUSE CVE-2016-4441 at NVD CVE-2016-5238 at SUSE CVE-2016-5238 at NVD CVE-2016-5338 at SUSE CVE-2016-5338 at NVD CVE-2016-6258 at SUSE CVE-2016-6258 at NVD CVE-2016-6259 at SUSE CVE-2016-6259 at NVD CVE-2016-6351 at SUSE CVE-2016-6351 at NVD CVE-2016-7092 at SUSE CVE-2016-7092 at NVD CVE-2016-7093 at SUSE CVE-2016-7093 at NVD CVE-2016-7094 at SUSE CVE-2016-7094 at NVD CVE-2016-7777 at SUSE CVE-2016-7777 at NVD CVE-2016-7908 at SUSE CVE-2016-7908 at NVD CVE-2016-7909 at SUSE CVE-2016-7909 at NVD CVE-2016-8667 at SUSE CVE-2016-8667 at NVD CVE-2016-8669 at SUSE CVE-2016-8669 at NVD CVE-2016-8910 at SUSE CVE-2016-8910 at NVD CVE-2016-9377 at SUSE CVE-2016-9377 at NVD CVE-2016-9378 at SUSE CVE-2016-9378 at NVD CVE-2016-9379 at SUSE CVE-2016-9379 at NVD CVE-2016-9380 at SUSE CVE-2016-9380 at NVD CVE-2016-9381 at SUSE CVE-2016-9381 at NVD CVE-2016-9382 at SUSE CVE-2016-9382 at NVD CVE-2016-9383 at SUSE CVE-2016-9383 at NVD CVE-2016-9384 at SUSE CVE-2016-9384 at NVD CVE-2016-9385 at SUSE CVE-2016-9385 at NVD CVE-2016-9386 at SUSE CVE-2016-9386 at NVD CVE-2016-9637 at SUSE CVE-2016-9637 at NVD CVE-2016-9921 at SUSE CVE-2016-9921 at NVD CVE-2016-9922 at SUSE CVE-2016-9922 at NVD CVE-2016-9932 at SUSE CVE-2016-9932 at NVD CVE-2017-12135 at SUSE CVE-2017-12135 at NVD CVE-2017-12136 at SUSE CVE-2017-12136 at NVD CVE-2017-12137 at SUSE CVE-2017-12137 at NVD CVE-2017-2615 at SUSE CVE-2017-2615 at NVD CVE-2017-2620 at SUSE CVE-2017-2620 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2017-6505 at SUSE CVE-2017-6505 at NVD CVE-2017-8309 at SUSE CVE-2017-8309 at NVD CVE-2017-9330 at SUSE CVE-2017-9330 at NVD CVE-2018-10471 at SUSE CVE-2018-10471 at NVD CVE-2018-10472 at SUSE CVE-2018-10472 at NVD CVE-2018-10981 at SUSE CVE-2018-10981 at NVD CVE-2018-10982 at SUSE CVE-2018-10982 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-12891 at SUSE CVE-2018-12891 at NVD CVE-2018-12892 at SUSE CVE-2018-12892 at NVD CVE-2018-12893 at SUSE CVE-2018-12893 at NVD CVE-2018-15468 at SUSE CVE-2018-15468 at NVD CVE-2018-15469 at SUSE CVE-2018-15469 at NVD CVE-2018-15470 at SUSE CVE-2018-15470 at NVD CVE-2018-18883 at SUSE CVE-2018-18883 at NVD CVE-2018-19961 at SUSE CVE-2018-19961 at NVD CVE-2018-19962 at SUSE CVE-2018-19962 at NVD CVE-2018-19963 at SUSE CVE-2018-19963 at NVD CVE-2018-19964 at SUSE CVE-2018-19964 at NVD CVE-2018-19965 at SUSE CVE-2018-19965 at NVD CVE-2018-19966 at SUSE CVE-2018-19966 at NVD CVE-2018-19967 at SUSE CVE-2018-19967 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-3646 at SUSE CVE-2018-3646 at NVD CVE-2018-3665 at SUSE CVE-2018-3665 at NVD CVE-2018-5244 at SUSE CVE-2018-5244 at NVD CVE-2018-7540 at SUSE CVE-2018-7540 at NVD CVE-2018-7541 at SUSE CVE-2018-7541 at NVD CVE-2018-7542 at SUSE CVE-2018-7542 at NVD CVE-2018-8897 at SUSE CVE-2018-8897 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-17349 at SUSE CVE-2019-17349 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-11739 at SUSE CVE-2020-11739 at NVD CVE-2020-11740 at SUSE CVE-2020-11740 at NVD CVE-2020-11741 at SUSE CVE-2020-11741 at NVD CVE-2020-11742 at SUSE CVE-2020-11742 at NVD CVE-2020-11743 at SUSE CVE-2020-11743 at NVD CVE-2020-15563 at SUSE CVE-2020-15563 at NVD CVE-2020-15565 at SUSE CVE-2020-15565 at NVD CVE-2020-15566 at SUSE CVE-2020-15566 at NVD CVE-2020-15567 at SUSE CVE-2020-15567 at NVD CVE-2020-25595 at SUSE CVE-2020-25595 at NVD CVE-2020-25596 at SUSE CVE-2020-25596 at NVD CVE-2020-25597 at SUSE CVE-2020-25597 at NVD CVE-2020-25598 at SUSE CVE-2020-25598 at NVD CVE-2020-25599 at SUSE CVE-2020-25599 at NVD CVE-2020-25600 at SUSE CVE-2020-25600 at NVD CVE-2020-25601 at SUSE CVE-2020-25601 at NVD CVE-2020-25602 at SUSE CVE-2020-25602 at NVD CVE-2020-25603 at SUSE CVE-2020-25603 at NVD CVE-2020-25604 at SUSE CVE-2020-25604 at NVD CVE-2020-27670 at SUSE CVE-2020-27670 at NVD CVE-2020-27671 at SUSE CVE-2020-27671 at NVD CVE-2020-27672 at SUSE CVE-2020-27672 at NVD CVE-2020-27674 at SUSE CVE-2020-27674 at NVD CVE-2020-28368 at SUSE CVE-2020-28368 at NVD CVE-2020-29040 at SUSE CVE-2020-29040 at NVD CVE-2020-29480 at SUSE CVE-2020-29480 at NVD CVE-2020-29481 at SUSE CVE-2020-29481 at NVD CVE-2020-29483 at SUSE CVE-2020-29483 at NVD CVE-2020-29484 at SUSE CVE-2020-29484 at NVD CVE-2020-29566 at SUSE CVE-2020-29566 at NVD CVE-2020-29567 at SUSE CVE-2020-29567 at NVD CVE-2020-29570 at SUSE CVE-2020-29570 at NVD CVE-2020-29571 at SUSE CVE-2020-29571 at NVD CVE-2021-0089 at SUSE CVE-2021-0089 at NVD CVE-2021-28687 at SUSE CVE-2021-28687 at NVD CVE-2021-28690 at SUSE CVE-2021-28690 at NVD CVE-2021-28692 at SUSE CVE-2021-28692 at NVD CVE-2021-28693 at SUSE CVE-2021-28693 at NVD CVE-2021-28694 at SUSE CVE-2021-28694 at NVD CVE-2021-28695 at SUSE CVE-2021-28695 at NVD CVE-2021-28696 at SUSE CVE-2021-28696 at NVD CVE-2021-28697 at SUSE CVE-2021-28697 at NVD CVE-2021-28698 at SUSE CVE-2021-28698 at NVD CVE-2021-28699 at SUSE CVE-2021-28699 at NVD CVE-2021-28700 at SUSE CVE-2021-28700 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 These are all security issues fixed in the zypper-1.14.46-13.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. Moderate CVE-2017-7436 at SUSE CVE-2017-7436 at NVD CVE-2017-9269 at SUSE CVE-2017-9269 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 at SUSE CVE-2019-19977 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 at SUSE CVE-2021-3712 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libtpms fixes the following issues: - CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935). Important SUSE bug 1189935 CVE-2021-3746 at SUSE CVE-2021-3746 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the “Staat der Nederlanden Root CA - G3” root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008’. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. Moderate SUSE bug 1029961 SUSE bug 1174697 SUSE bug 1176206 SUSE bug 1176934 SUSE bug 1179382 SUSE bug 1188891 CVE-2020-12400 at SUSE CVE-2020-12400 at NVD CVE-2020-12401 at SUSE CVE-2020-12401 at NVD CVE-2020-12403 at SUSE CVE-2020-12403 at NVD CVE-2020-25648 at SUSE CVE-2020-25648 at NVD CVE-2020-6829 at SUSE CVE-2020-6829 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1189632 CVE-2021-28701 at SUSE CVE-2021-28701 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). Moderate SUSE bug 1189060 CVE-2021-3622 at SUSE CVE-2021-3622 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC&lt;n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Important SUSE bug 1040364 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1152489 SUSE bug 1160010 SUSE bug 1168202 SUSE bug 1171420 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175543 SUSE bug 1177399 SUSE bug 1180100 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181006 SUSE bug 1181148 SUSE bug 1181972 SUSE bug 1184180 SUSE bug 1185902 SUSE bug 1186264 SUSE bug 1186731 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187468 SUSE bug 1187483 SUSE bug 1187619 SUSE bug 1187959 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188231 SUSE bug 1188270 SUSE bug 1188412 SUSE bug 1188418 SUSE bug 1188616 SUSE bug 1188700 SUSE bug 1188780 SUSE bug 1188781 SUSE bug 1188782 SUSE bug 1188783 SUSE bug 1188784 SUSE bug 1188786 SUSE bug 1188787 SUSE bug 1188788 SUSE bug 1188790 SUSE bug 1188878 SUSE bug 1188885 SUSE bug 1188924 SUSE bug 1188982 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189021 SUSE bug 1189057 SUSE bug 1189077 SUSE bug 1189153 SUSE bug 1189197 SUSE bug 1189209 SUSE bug 1189210 SUSE bug 1189212 SUSE bug 1189213 SUSE bug 1189214 SUSE bug 1189215 SUSE bug 1189216 SUSE bug 1189217 SUSE bug 1189218 SUSE bug 1189219 SUSE bug 1189220 SUSE bug 1189221 SUSE bug 1189222 SUSE bug 1189225 SUSE bug 1189229 SUSE bug 1189233 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189292 SUSE bug 1189296 SUSE bug 1189298 SUSE bug 1189301 SUSE bug 1189305 SUSE bug 1189323 SUSE bug 1189384 SUSE bug 1189385 SUSE bug 1189392 SUSE bug 1189393 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189427 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189762 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189872 SUSE bug 1189883 SUSE bug 1190022 SUSE bug 1190025 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190412 SUSE bug 1190413 SUSE bug 1190428 CVE-2020-12770 at SUSE CVE-2020-12770 at NVD CVE-2021-34556 at SUSE CVE-2021-34556 at NVD CVE-2021-35477 at SUSE CVE-2021-35477 at NVD CVE-2021-3640 at SUSE CVE-2021-3640 at NVD CVE-2021-3653 at SUSE CVE-2021-3653 at NVD CVE-2021-3656 at SUSE CVE-2021-3656 at NVD CVE-2021-3679 at SUSE CVE-2021-3679 at NVD CVE-2021-3732 at SUSE CVE-2021-3732 at NVD CVE-2021-3739 at SUSE CVE-2021-3739 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-3753 at SUSE CVE-2021-3753 at NVD CVE-2021-3759 at SUSE CVE-2021-3759 at NVD CVE-2021-38160 at SUSE CVE-2021-38160 at NVD CVE-2021-38166 at SUSE CVE-2021-38166 at NVD CVE-2021-38198 at SUSE CVE-2021-38198 at NVD CVE-2021-38204 at SUSE CVE-2021-38204 at NVD CVE-2021-38205 at SUSE CVE-2021-38205 at NVD CVE-2021-38206 at SUSE CVE-2021-38206 at NVD CVE-2021-38207 at SUSE CVE-2021-38207 at NVD CVE-2021-38209 at SUSE CVE-2021-38209 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 at SUSE CVE-2021-33574 at NVD CVE-2021-35942 at SUSE CVE-2021-35942 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 at SUSE CVE-2021-22946 at NVD CVE-2021-22947 at SUSE CVE-2021-22947 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: rt5682: Implement remove callback (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649). - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes). - bpf: Fix ringbuf helper function compatibility (git-fixes). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - devlink: Clear whole devlink_flash_notify struct (bsc#1176447). - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/ast: Fix missing conversions to managed API (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/i915: Allow the sysadmin to override security mitigations (git-fixes). - drm/i915/rkl: Remove require_force_probe protection (bsc#1189257). - drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - enetc: Fix uninitialized struct dim_sample field usage (git-fixes). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - i40e: improve locking of mac_filter_hash (jsc#SLE-13701). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878). - ice: do not remove netdev->dev_addr from uc sync list (git-fixes). - ice: Prevent probing virtual functions (git-fixes). - igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ionic: drop useless check of PCI driver data validity (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes). - libbpf: Fix the possible memory leak on error (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes). - misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme-multipath: revalidate paths during rescan (bsc#1187211). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - optee: Fix memory leak when failing to register shm pages (git-fixes). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777). - RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sch_cake: fix srchost/dsthost hashing mode (bsc#1176447). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576). - selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes). - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes). - selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1171688 SUSE bug 1173746 SUSE bug 1174003 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185550 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187211 SUSE bug 1188067 SUSE bug 1188418 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189257 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190138 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190544 SUSE bug 1190561 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191292 CVE-2020-3702 at SUSE CVE-2020-3702 at NVD CVE-2021-3669 at SUSE CVE-2021-3669 at NVD CVE-2021-3744 at SUSE CVE-2021-3744 at NVD CVE-2021-3752 at SUSE CVE-2021-3752 at NVD CVE-2021-3759 at SUSE CVE-2021-3759 at NVD CVE-2021-3764 at SUSE CVE-2021-3764 at NVD CVE-2021-40490 at SUSE CVE-2021-40490 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (git-fixes). - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes). - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Implement remove callback (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649). - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes). - bpf: Fix ringbuf helper function compatibility (git-fixes). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: do not force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip out may_commit_transaction (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - cgroup: verify that source is a string (bsc#1190131). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - crypto: qat - use proper type for vf_mask (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - device-dax: Fix default return code of range_parse() (git-fixes). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - devlink: Clear whole devlink_flash_notify struct (bsc#1176447). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (git-fixes). - dmaengine: idxd: clear block on fault flag when clear wq (git-fixes). - dmaengine: idxd: fix wq slot allocation index check (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/ast: Fix missing conversions to managed API (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Allow the sysadmin to override security mitigations (git-fixes). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Introduce HPD_PORT_TC (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915/rkl: Remove require_force_probe protection (bsc#1189257). - drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/panfrost: Simplify lock_region calculation (git-fixes). - drm/panfrost: Use u64 for size in lock_region (git-fixes). - drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - enetc: Fix uninitialized struct dim_sample field usage (git-fixes). - erofs: fix up erofs_lookup tracepoint (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()' (git-fixes). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats (git-fixes). - gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as 'full' (git-fixes). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - i40e: improve locking of mac_filter_hash (jsc#SLE-13701). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878). - ice: do not remove netdev->dev_addr from uc sync list (git-fixes). - ice: Prevent probing virtual functions (git-fixes). - igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - Improved the warning message. - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ionic: drop useless check of PCI driver data validity (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 ('rpm: Define $certs as rpm macro (bsc#1189841).') - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs (git-fixes). - libata: fix ata_host_start() (git-fixes). - libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes). - libbpf: Fix the possible memory leak on error (git-fixes). - lockd: Fix invalid lockowner cast after vfs_test_lock (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md: revert io stats accounting (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - mfd: axp20x: Update AXP288 volatile ranges (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mfd: lpc_sch: Rename GPIOBASE to prevent build error (git-fixes). - mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (git-fixes). - misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes). - misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: do not update block size after device is started (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nfsd4: Fix forced-expiry locking (git-fixes). - NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-multipath: revalidate paths during rescan (bsc#1187211). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - optee: Fix memory leak when failing to register shm pages (git-fixes). - overflow: Correct check_shl_overflow() comment (git-fixes). - params: lift param_set_uint_minmax to common code (bsc#1181972). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: Call Max Payload Size-related fixup quirks early (git-fixes). - PCI: Fix pci_dev_str_match_path() alloc while atomic bug (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: iproc: Fix BCMA probe resource handling (git-fixes). - PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI/portdrv: Enable Bandwidth Notification only if port supports it (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - PM: sleep: core: Avoid setting power.must_resume to false (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: lpc32xx: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777). - RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - reset: reset-zynqmp: Fixed the argument data type (git-fixes). - rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used. - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate. - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately. - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sch_cake: fix srchost/dsthost hashing mode (bsc#1176447). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes). - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576). - selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes). - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes). - selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: Fix potential memory corruption (git-fixes). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: Simplify socket shutdown when not reusing TCP ports (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: Fix error path in gadget registration (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Important SUSE bug 1065729 SUSE bug 1124431 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167032 SUSE bug 1167773 SUSE bug 1168202 SUSE bug 1170774 SUSE bug 1171420 SUSE bug 1171688 SUSE bug 1173746 SUSE bug 1174003 SUSE bug 1175543 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1177028 SUSE bug 1177399 SUSE bug 1178134 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181006 SUSE bug 1181972 SUSE bug 1184114 SUSE bug 1184439 SUSE bug 1184611 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185550 SUSE bug 1185675 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1185898 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187591 SUSE bug 1187619 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188270 SUSE bug 1188412 SUSE bug 1188418 SUSE bug 1188439 SUSE bug 1188616 SUSE bug 1188651 SUSE bug 1188694 SUSE bug 1188700 SUSE bug 1188878 SUSE bug 1188924 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1188986 SUSE bug 1189153 SUSE bug 1189225 SUSE bug 1189257 SUSE bug 1189262 SUSE bug 1189297 SUSE bug 1189301 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189696 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189762 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189872 SUSE bug 1189883 SUSE bug 1189884 SUSE bug 1190022 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190131 SUSE bug 1190138 SUSE bug 1190159 SUSE bug 1190181 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190412 SUSE bug 1190413 SUSE bug 1190428 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190544 SUSE bug 1190561 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191292 SUSE bug 859220 CVE-2020-12770 at SUSE CVE-2020-12770 at NVD CVE-2020-3702 at SUSE CVE-2020-3702 at NVD CVE-2021-34556 at SUSE CVE-2021-34556 at NVD CVE-2021-35477 at SUSE CVE-2021-35477 at NVD CVE-2021-3653 at SUSE CVE-2021-3653 at NVD CVE-2021-3656 at SUSE CVE-2021-3656 at NVD CVE-2021-3669 at SUSE CVE-2021-3669 at NVD CVE-2021-3732 at SUSE CVE-2021-3732 at NVD CVE-2021-3739 at SUSE CVE-2021-3739 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-3744 at SUSE CVE-2021-3744 at NVD CVE-2021-3752 at SUSE CVE-2021-3752 at NVD CVE-2021-3753 at SUSE CVE-2021-3753 at NVD CVE-2021-3759 at SUSE CVE-2021-3759 at NVD CVE-2021-3764 at SUSE CVE-2021-3764 at NVD CVE-2021-38160 at SUSE CVE-2021-38160 at NVD CVE-2021-38198 at SUSE CVE-2021-38198 at NVD CVE-2021-40490 at SUSE CVE-2021-40490 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) Important SUSE bug 1183659 SUSE bug 1185299 SUSE bug 1187670 SUSE bug 1188548 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). Moderate SUSE bug 1189929 CVE-2021-37750 at SUSE CVE-2021-37750 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) Moderate SUSE bug 1178236 SUSE bug 1188921 CVE-2021-37600 at SUSE CVE-2021-37600 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) Moderate SUSE bug 1190793 CVE-2021-39537 at SUSE CVE-2021-39537 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups Important SUSE bug 1102408 SUSE bug 1185405 SUSE bug 1187704 SUSE bug 1188282 SUSE bug 1190826 SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191355 SUSE bug 1191434 CVE-2021-30465 at SUSE CVE-2021-30465 at NVD CVE-2021-32760 at SUSE CVE-2021-32760 at NVD CVE-2021-41089 at SUSE CVE-2021-41089 at NVD CVE-2021-41091 at SUSE CVE-2021-41091 at NVD CVE-2021-41092 at SUSE CVE-2021-41092 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) Moderate SUSE bug 1172973 SUSE bug 1172974 CVE-2019-20838 at SUSE CVE-2019-20838 at NVD CVE-2020-14155 at SUSE CVE-2020-14155 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709) - CVE-2020-14312: Set --local-service by default (bsc#1173646). - Open inotify socket only when used (bsc#1180914). Moderate SUSE bug 1173646 SUSE bug 1180914 SUSE bug 1183709 CVE-2020-14312 at SUSE CVE-2020-14312 at NVD CVE-2021-3448 at SUSE CVE-2021-3448 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265) Moderate SUSE bug 1190265 CVE-2021-21996 at SUSE CVE-2021-21996 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) Important SUSE bug 1189234 SUSE bug 1189702 SUSE bug 1189938 SUSE bug 1190425 CVE-2021-3713 at SUSE CVE-2021-3713 at NVD CVE-2021-3748 at SUSE CVE-2021-3748 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. (bsc#1183247) - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917) - spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693) - spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695) - libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493) - libxl: Fix driver reload. (bsc#1190420) - qemu: Set label on virtual host network device when hotplugging. (bsc#1186398) - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver-<hypervisor> package instead of libvirt-daemon-<hypervisor>. The latter are not required packages for a functioning hypervisor driver. Moderate SUSE bug 1177902 SUSE bug 1183247 SUSE bug 1186398 SUSE bug 1190420 SUSE bug 1190493 SUSE bug 1190693 SUSE bug 1190695 SUSE bug 1190917 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 Real Time kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176914 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1181147 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186063 SUSE bug 1186109 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190801 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191240 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191645 SUSE bug 1191663 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191867 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192074 SUSE bug 1192107 SUSE bug 1192145 CVE-2021-33033 at SUSE CVE-2021-33033 at NVD CVE-2021-34866 at SUSE CVE-2021-34866 at NVD CVE-2021-3542 at SUSE CVE-2021-3542 at NVD CVE-2021-3655 at SUSE CVE-2021-3655 at NVD CVE-2021-3715 at SUSE CVE-2021-3715 at NVD CVE-2021-3760 at SUSE CVE-2021-3760 at NVD CVE-2021-3772 at SUSE CVE-2021-3772 at NVD CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-41864 at SUSE CVE-2021-41864 at NVD CVE-2021-42008 at SUSE CVE-2021-42008 at NVD CVE-2021-42252 at SUSE CVE-2021-42252 at NVD CVE-2021-42739 at SUSE CVE-2021-42739 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). Important SUSE bug 1014440 SUSE bug 1192214 SUSE bug 1192215 SUSE bug 1192246 SUSE bug 1192247 SUSE bug 1192283 SUSE bug 1192284 SUSE bug 1192505 CVE-2016-2124 at SUSE CVE-2016-2124 at NVD CVE-2020-25717 at SUSE CVE-2020-25717 at NVD CVE-2020-25718 at SUSE CVE-2020-25718 at NVD CVE-2020-25719 at SUSE CVE-2020-25719 at NVD CVE-2020-25721 at SUSE CVE-2020-25721 at NVD CVE-2020-25722 at SUSE CVE-2020-25722 at NVD CVE-2021-23192 at SUSE CVE-2021-23192 at NVD CVE-2021-3738 at SUSE CVE-2021-3738 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1089118 SUSE bug 1094840 SUSE bug 1133021 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176914 SUSE bug 1176940 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1180749 SUSE bug 1181147 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186063 SUSE bug 1186109 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190801 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191240 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191645 SUSE bug 1191663 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191851 SUSE bug 1191867 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1191980 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192074 SUSE bug 1192107 SUSE bug 1192145 SUSE bug 1192229 SUSE bug 1192267 SUSE bug 1192288 SUSE bug 1192549 CVE-2021-33033 at SUSE CVE-2021-33033 at NVD CVE-2021-34866 at SUSE CVE-2021-34866 at NVD CVE-2021-3542 at SUSE CVE-2021-3542 at NVD CVE-2021-3655 at SUSE CVE-2021-3655 at NVD CVE-2021-3715 at SUSE CVE-2021-3715 at NVD CVE-2021-37159 at SUSE CVE-2021-37159 at NVD CVE-2021-3760 at SUSE CVE-2021-3760 at NVD CVE-2021-3772 at SUSE CVE-2021-3772 at NVD CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-41864 at SUSE CVE-2021-41864 at NVD CVE-2021-42008 at SUSE CVE-2021-42008 at NVD CVE-2021-42252 at SUSE CVE-2021-42252 at NVD CVE-2021-42739 at SUSE CVE-2021-42739 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD CVE-2021-43389 at SUSE CVE-2021-43389 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) Moderate SUSE bug 1162581 SUSE bug 1174504 SUSE bug 1191563 SUSE bug 1192248 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 at SUSE CVE-2021-43527 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Important SUSE bug 1152489 SUSE bug 1169263 SUSE bug 1170269 SUSE bug 1184924 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191790 SUSE bug 1191961 SUSE bug 1192045 SUSE bug 1192217 SUSE bug 1192273 SUSE bug 1192328 SUSE bug 1192375 SUSE bug 1192473 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192758 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 CVE-2021-0941 at SUSE CVE-2021-0941 at NVD CVE-2021-20322 at SUSE CVE-2021-20322 at NVD CVE-2021-31916 at SUSE CVE-2021-31916 at NVD CVE-2021-34981 at SUSE CVE-2021-34981 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 at SUSE CVE-2020-13645 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). Important SUSE bug 1185768 CVE-2021-42771 at SUSE CVE-2021-42771 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). Moderate SUSE bug 1192717 CVE-2021-43618 at SUSE CVE-2021-43618 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 at SUSE CVE-2021-41617 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). Moderate SUSE bug 1027519 SUSE bug 1191363 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28702 at SUSE CVE-2021-28702 at NVD CVE-2021-28704 at SUSE CVE-2021-28704 at NVD CVE-2021-28705 at SUSE CVE-2021-28705 at NVD CVE-2021-28706 at SUSE CVE-2021-28706 at NVD CVE-2021-28707 at SUSE CVE-2021-28707 at NVD CVE-2021-28708 at SUSE CVE-2021-28708 at NVD CVE-2021-28709 at SUSE CVE-2021-28709 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 and PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Important SUSE bug 1152489 SUSE bug 1169263 SUSE bug 1170269 SUSE bug 1184924 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191790 SUSE bug 1191961 SUSE bug 1192045 SUSE bug 1192217 SUSE bug 1192273 SUSE bug 1192328 SUSE bug 1192375 SUSE bug 1192473 SUSE bug 1192691 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192758 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192874 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 CVE-2021-0941 at SUSE CVE-2021-0941 at NVD CVE-2021-20322 at SUSE CVE-2021-20322 at NVD CVE-2021-31916 at SUSE CVE-2021-31916 at NVD CVE-2021-34981 at SUSE CVE-2021-34981 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). Moderate SUSE bug 1180125 SUSE bug 1183374 SUSE bug 1183858 SUSE bug 1185588 SUSE bug 1187338 SUSE bug 1187668 SUSE bug 1189241 SUSE bug 1189287 CVE-2021-3426 at SUSE CVE-2021-3426 at NVD CVE-2021-3733 at SUSE CVE-2021-3733 at NVD CVE-2021-3737 at SUSE CVE-2021-3737 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). Important SUSE bug 1183137 CVE-2021-28041 at SUSE CVE-2021-28041 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). Important SUSE bug 1180064 SUSE bug 1187993 CVE-2020-29361 at SUSE CVE-2020-29361 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). Moderate SUSE bug 1193436 CVE-2021-43784 at SUSE CVE-2021-43784 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) Moderate SUSE bug 1174504 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-27223: In drivers/usb/gadget/udc/udc-xilinx.c the endpoint index was not validated and could have been manipulated by the host for out-of-array access (bsc#1197245). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: Fix error handling for PM (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - README.BRANCH: Add Frederic Weisbecker as branch maintainer - README.BRANCH: Remove Davidlohr Bueso as a branch maintainer - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Important SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1178134 SUSE bug 1179439 SUSE bug 1181147 SUSE bug 1191428 SUSE bug 1192273 SUSE bug 1193787 SUSE bug 1194516 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195211 SUSE bug 1195353 SUSE bug 1195403 SUSE bug 1195516 SUSE bug 1195612 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195947 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196095 SUSE bug 1196130 SUSE bug 1196155 SUSE bug 1196299 SUSE bug 1196301 SUSE bug 1196403 SUSE bug 1196468 SUSE bug 1196472 SUSE bug 1196488 SUSE bug 1196627 SUSE bug 1196723 SUSE bug 1196776 SUSE bug 1196779 SUSE bug 1196830 SUSE bug 1196866 SUSE bug 1196868 SUSE bug 1197300 SUSE bug 922815 SUSE bug 998635 CVE-2021-0920 at SUSE CVE-2021-0920 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-44879 at SUSE CVE-2021-44879 at NVD CVE-2021-45402 at SUSE CVE-2021-45402 at NVD CVE-2022-0487 at SUSE CVE-2022-0487 at NVD CVE-2022-0492 at SUSE CVE-2022-0492 at NVD CVE-2022-0516 at SUSE CVE-2022-0516 at NVD CVE-2022-0617 at SUSE CVE-2022-0617 at NVD CVE-2022-0644 at SUSE CVE-2022-0644 at NVD CVE-2022-23036 at SUSE CVE-2022-23036 at NVD CVE-2022-23037 at SUSE CVE-2022-23037 at NVD CVE-2022-23038 at SUSE CVE-2022-23038 at NVD CVE-2022-23039 at SUSE CVE-2022-23039 at NVD CVE-2022-23040 at SUSE CVE-2022-23040 at NVD CVE-2022-23041 at SUSE CVE-2022-23041 at NVD CVE-2022-23042 at SUSE CVE-2022-23042 at NVD CVE-2022-24448 at SUSE CVE-2022-24448 at NVD CVE-2022-24958 at SUSE CVE-2022-24958 at NVD CVE-2022-24959 at SUSE CVE-2022-24959 at NVD CVE-2022-25258 at SUSE CVE-2022-25258 at NVD CVE-2022-25636 at SUSE CVE-2022-25636 at NVD CVE-2022-26490 at SUSE CVE-2022-26490 at NVD CVE-2022-26966 at SUSE CVE-2022-26966 at NVD CVE-2022-27223 at SUSE CVE-2022-27223 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.') - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - rpm/*.spec.in: Use https:// urls - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Important SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1178134 SUSE bug 1179439 SUSE bug 1181147 SUSE bug 1191428 SUSE bug 1192273 SUSE bug 1193731 SUSE bug 1193787 SUSE bug 1193864 SUSE bug 1194463 SUSE bug 1194516 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195211 SUSE bug 1195254 SUSE bug 1195353 SUSE bug 1195403 SUSE bug 1195612 SUSE bug 1195897 SUSE bug 1195905 SUSE bug 1195939 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196095 SUSE bug 1196130 SUSE bug 1196132 SUSE bug 1196155 SUSE bug 1196299 SUSE bug 1196301 SUSE bug 1196433 SUSE bug 1196468 SUSE bug 1196472 SUSE bug 1196488 SUSE bug 1196627 SUSE bug 1196723 SUSE bug 1196779 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196866 SUSE bug 1196868 SUSE bug 1196956 SUSE bug 1196959 CVE-2021-0920 at SUSE CVE-2021-0920 at NVD CVE-2021-39657 at SUSE CVE-2021-39657 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-44879 at SUSE CVE-2021-44879 at NVD CVE-2021-45402 at SUSE CVE-2021-45402 at NVD CVE-2022-0487 at SUSE CVE-2022-0487 at NVD CVE-2022-0617 at SUSE CVE-2022-0617 at NVD CVE-2022-0644 at SUSE CVE-2022-0644 at NVD CVE-2022-23036 at SUSE CVE-2022-23036 at NVD CVE-2022-23037 at SUSE CVE-2022-23037 at NVD CVE-2022-23038 at SUSE CVE-2022-23038 at NVD CVE-2022-23039 at SUSE CVE-2022-23039 at NVD CVE-2022-23040 at SUSE CVE-2022-23040 at NVD CVE-2022-23041 at SUSE CVE-2022-23041 at NVD CVE-2022-23042 at SUSE CVE-2022-23042 at NVD CVE-2022-24448 at SUSE CVE-2022-24448 at NVD CVE-2022-24958 at SUSE CVE-2022-24958 at NVD CVE-2022-24959 at SUSE CVE-2022-24959 at NVD CVE-2022-25258 at SUSE CVE-2022-25258 at NVD CVE-2022-25636 at SUSE CVE-2022-25636 at NVD CVE-2022-26490 at SUSE CVE-2022-26490 at NVD CVE-2022-26966 at SUSE CVE-2022-26966 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Moderate SUSE bug 1195258 CVE-2021-22570 at SUSE CVE-2021-22570 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417) - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417) - CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417) - CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417) Important SUSE bug 1197417 CVE-2022-22934 at SUSE CVE-2022-22934 at NVD CVE-2022-22935 at SUSE CVE-2022-22935 at NVD CVE-2022-22936 at SUSE CVE-2022-22936 at NVD CVE-2022-22941 at SUSE CVE-2022-22941 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 at SUSE CVE-2018-25032 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for kernel-firmware fixes the following issues: Update Intel Wireless firmware for 9xxx (INTEL-SA-00539, bsc#1196333): CVE-2021-0161: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0164: Improper access control in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access. CVE-2021-0165: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0066: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access. CVE-2021-0166: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0168: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0170: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an authenticated user to potentially enable information disclosure via local access. CVE-2021-0172: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0173: Improper Validation of Consistency within input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0174: Improper Use of Validation Framework in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0175: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0076: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access. CVE-2021-0176: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access. CVE-2021-0183: Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0072: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable information disclosure via local access. CVE-2021-0071: Improper input validation in firmware for some Intel PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Update Intel Bluetooth firmware (INTEL-SA-00604,bsc#1195786): - CVE-2021-33139: Improper conditions check in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access. - CVE-2021-33155: Improper input validation in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access. Bug fixes: - Updated the AMD SEV firmware (bsc#1186938) - Reduced the LZMA2 dictionary size (bsc#1188662) Important SUSE bug 1186938 SUSE bug 1188662 SUSE bug 1192953 SUSE bug 1195786 SUSE bug 1196333 CVE-2021-0066 at SUSE CVE-2021-0066 at NVD CVE-2021-0071 at SUSE CVE-2021-0071 at NVD CVE-2021-0072 at SUSE CVE-2021-0072 at NVD CVE-2021-0076 at SUSE CVE-2021-0076 at NVD CVE-2021-0161 at SUSE CVE-2021-0161 at NVD CVE-2021-0164 at SUSE CVE-2021-0164 at NVD CVE-2021-0165 at SUSE CVE-2021-0165 at NVD CVE-2021-0166 at SUSE CVE-2021-0166 at NVD CVE-2021-0168 at SUSE CVE-2021-0168 at NVD CVE-2021-0170 at SUSE CVE-2021-0170 at NVD CVE-2021-0172 at SUSE CVE-2021-0172 at NVD CVE-2021-0173 at SUSE CVE-2021-0173 at NVD CVE-2021-0174 at SUSE CVE-2021-0174 at NVD CVE-2021-0175 at SUSE CVE-2021-0175 at NVD CVE-2021-0176 at SUSE CVE-2021-0176 at NVD CVE-2021-0183 at SUSE CVE-2021-0183 at NVD CVE-2021-33139 at SUSE CVE-2021-33139 at NVD CVE-2021-33155 at SUSE CVE-2021-33155 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Moderate SUSE bug 1121227 SUSE bug 1121230 SUSE bug 1122004 SUSE bug 1122021 CVE-2018-20573 at SUSE CVE-2018-20573 at NVD CVE-2018-20574 at SUSE CVE-2018-20574 at NVD CVE-2019-6285 at SUSE CVE-2019-6285 at NVD CVE-2019-6292 at SUSE CVE-2019-6292 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 at SUSE CVE-2022-1097 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for opensc fixes the following issues: Security issues fixed: - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). Non-security issues fixed: - Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649) Important SUSE bug 1114649 SUSE bug 1191957 SUSE bug 1191992 SUSE bug 1192000 SUSE bug 1192005 CVE-2021-42779 at SUSE CVE-2021-42779 at NVD CVE-2021-42780 at SUSE CVE-2021-42780 at NVD CVE-2021-42781 at SUSE CVE-2021-42781 at NVD CVE-2021-42782 at SUSE CVE-2021-42782 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Important SUSE bug 1184501 SUSE bug 1194848 SUSE bug 1195999 SUSE bug 1196061 SUSE bug 1196317 SUSE bug 1196368 SUSE bug 1196514 SUSE bug 1196925 SUSE bug 1197134 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 at SUSE CVE-2022-1271 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1175667 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1179639 SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1194649 SUSE bug 1195640 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196196 SUSE bug 1196478 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197300 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197343 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197501 SUSE bug 1197534 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197702 SUSE bug 1197811 SUSE bug 1197812 SUSE bug 1197815 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1197914 SUSE bug 1198027 SUSE bug 1198028 SUSE bug 1198029 SUSE bug 1198030 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-45868 at SUSE CVE-2021-45868 at NVD CVE-2022-0850 at SUSE CVE-2022-0850 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-1011 at SUSE CVE-2022-1011 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1055 at SUSE CVE-2022-1055 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-1198 at SUSE CVE-2022-1198 at NVD CVE-2022-1199 at SUSE CVE-2022-1199 at NVD CVE-2022-1205 at SUSE CVE-2022-1205 at NVD CVE-2022-27666 at SUSE CVE-2022-27666 at NVD CVE-2022-28388 at SUSE CVE-2022-28388 at NVD CVE-2022-28389 at SUSE CVE-2022-28389 at NVD CVE-2022-28390 at SUSE CVE-2022-28390 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for swtpm fixes the following issues: - Update to version 0.5.3 - CVE-2022-23645: Check header size indicator against expected size (bsc#1196240). Low SUSE bug 1196240 CVE-2022-23645 at SUSE CVE-2022-23645 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1197872 CVE-2022-0934 at SUSE CVE-2022-0934 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) The following non-security bugs were fixed: - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - Add SMB 2 support for getting and setting SACLs (bsc#1192606). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: mt7623: add missing pause for switchport (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix 'no previous prototype' warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs use true,false for bool variable (bsc#1164565). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: Assign boolean values to a bool variable (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix atime update check vs mtime (bsc#1164565). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix gcc warning in sid_to_id (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix misspellings using codespell tool (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: Fix preauth hash corruption (git-fixes). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: Fix resource leak (bsc#1192606). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle 'guest' mount parameter (bsc#1192606). - cifs: handle 'nolease' option for vers=1.0 (bsc#1192606). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: Handle witness client move notification (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Initialize filesystem timestamp ranges (bsc#1164565). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: Make SMB2_notify_init static (bsc#1164565). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - cifs: New optype for session operations (bsc#1181507). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: Remove repeated struct declaration (bsc#1192606). - cifs: Remove set but not used variable 'capabilities' (bsc#1164565). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: Remove the superfluous break (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: Remove unnecessary struct declaration (bsc#1192606). - cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: Remove useless variable (bsc#1192606). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify bool comparison (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: Standardize logging output (bsc#1192606). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: use true,false for bool variable (bsc#1164565). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs`: handle ERRBaduid for SMB1 (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - config: refresh BPF configs (jsc#SLE-22574) The SUSE-commit 9a413cc7eb56 ('config: disable unprivileged BPF by default (jsc#SLE-22573)') inherited from SLE15-SP2 puts the BPF config into the wrong place due to SLE15-SP3 additionally backported b24abcff918a ('bpf, kconfig: Add consolidated menu entry for bpf with core options'), and leads to duplicate CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config. Also, disable unprivileged BPF for armv7hl, which did not inherit the config change from SLE15-SP2. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drop superfluous empty lines - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - kernel-source.spec: install-kernel-tools also required on 15.4 - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - md/raid10: extend r10bio devs to raid disks (bsc#1192320). - md/raid10: improve discard request for far layout (bsc#1192320). - md/raid10: improve raid10 discard request (bsc#1192320). - md/raid10: initialize r10_bio->read_slot before use (bsc#1192320). - md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390: mm: Fix secure storage access exception handling (git-fixes). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: Add new parm 'nodelete' (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: Fix regression in time handling (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - supported.conf: add pwm-rockchip References: jsc#SLE-22615 - swiotlb: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Important SUSE bug 1139944 SUSE bug 1151927 SUSE bug 1152489 SUSE bug 1153275 SUSE bug 1154353 SUSE bug 1154355 SUSE bug 1161907 SUSE bug 1164565 SUSE bug 1166780 SUSE bug 1169514 SUSE bug 1176242 SUSE bug 1176447 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176774 SUSE bug 1176940 SUSE bug 1176956 SUSE bug 1177440 SUSE bug 1178134 SUSE bug 1178270 SUSE bug 1179211 SUSE bug 1179424 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179599 SUSE bug 1181148 SUSE bug 1181507 SUSE bug 1181710 SUSE bug 1182404 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183897 SUSE bug 1184318 SUSE bug 1185726 SUSE bug 1185902 SUSE bug 1186332 SUSE bug 1187541 SUSE bug 1189126 SUSE bug 1189158 SUSE bug 1191793 SUSE bug 1191876 SUSE bug 1192267 SUSE bug 1192320 SUSE bug 1192507 SUSE bug 1192511 SUSE bug 1192569 SUSE bug 1192606 SUSE bug 1192691 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192874 SUSE bug 1192946 SUSE bug 1192969 SUSE bug 1192987 SUSE bug 1192990 SUSE bug 1192998 SUSE bug 1193002 SUSE bug 1193042 SUSE bug 1193139 SUSE bug 1193169 SUSE bug 1193306 SUSE bug 1193318 SUSE bug 1193349 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193655 SUSE bug 1193993 SUSE bug 1194087 SUSE bug 1194094 CVE-2020-24504 at SUSE CVE-2020-24504 at NVD CVE-2020-27820 at SUSE CVE-2020-27820 at NVD CVE-2021-28711 at SUSE CVE-2021-28711 at NVD CVE-2021-28712 at SUSE CVE-2021-28712 at NVD CVE-2021-28713 at SUSE CVE-2021-28713 at NVD CVE-2021-28714 at SUSE CVE-2021-28714 at NVD CVE-2021-28715 at SUSE CVE-2021-28715 at NVD CVE-2021-4001 at SUSE CVE-2021-4001 at NVD CVE-2021-4002 at SUSE CVE-2021-4002 at NVD CVE-2021-43975 at SUSE CVE-2021-43975 at NVD CVE-2021-43976 at SUSE CVE-2021-43976 at NVD CVE-2021-45485 at SUSE CVE-2021-45485 at NVD CVE-2021-45486 at SUSE CVE-2021-45486 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning. (bsc#1197637) - Clear network interfaces cache on grains request. (bsc#1196050) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) - Restrict 'state.orchestrate_single' to pass a pillar value if it exists. (bsc#1194632) Important SUSE bug 1182851 SUSE bug 1194632 SUSE bug 1196050 SUSE bug 1196432 SUSE bug 1197417 SUSE bug 1197533 SUSE bug 1197637 CVE-2022-22934 at SUSE CVE-2022-22934 at NVD CVE-2022-22935 at SUSE CVE-2022-22935 at NVD CVE-2022-22936 at SUSE CVE-2022-22936 at NVD CVE-2022-22941 at SUSE CVE-2022-22941 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - team: protect features update by RCU to avoid deadlock (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1175667 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1179639 SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1194625 SUSE bug 1194649 SUSE bug 1195640 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196196 SUSE bug 1196478 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197300 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197343 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197501 SUSE bug 1197534 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197677 SUSE bug 1197702 SUSE bug 1197811 SUSE bug 1197812 SUSE bug 1197815 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1198027 SUSE bug 1198028 SUSE bug 1198029 SUSE bug 1198030 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 SUSE bug 1198077 CVE-2021-45868 at SUSE CVE-2021-45868 at NVD CVE-2022-0850 at SUSE CVE-2022-0850 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-1011 at SUSE CVE-2022-1011 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1055 at SUSE CVE-2022-1055 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-1198 at SUSE CVE-2022-1198 at NVD CVE-2022-1199 at SUSE CVE-2022-1199 at NVD CVE-2022-1205 at SUSE CVE-2022-1205 at NVD CVE-2022-27666 at SUSE CVE-2022-27666 at NVD CVE-2022-28388 at SUSE CVE-2022-28388 at NVD CVE-2022-28389 at SUSE CVE-2022-28389 at NVD CVE-2022-28390 at SUSE CVE-2022-28390 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). Moderate SUSE bug 1169614 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) Important SUSE bug 1196338 SUSE bug 1197042 CVE-2022-21698 at SUSE CVE-2022-21698 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469). Moderate SUSE bug 1194469 CVE-2021-4122 at SUSE CVE-2021-4122 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 at SUSE CVE-2021-3592 at NVD CVE-2021-3594 at SUSE CVE-2021-3594 at NVD CVE-2021-3595 at SUSE CVE-2021-3595 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 at SUSE CVE-2021-45417 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). Moderate SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2022-26356 at SUSE CVE-2022-26356 at NVD CVE-2022-26357 at SUSE CVE-2022-26357 at NVD CVE-2022-26358 at SUSE CVE-2022-26358 at NVD CVE-2022-26359 at SUSE CVE-2022-26359 at NVD CVE-2022-26360 at SUSE CVE-2022-26360 at NVD CVE-2022-26361 at SUSE CVE-2022-26361 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Moderate SUSE bug 1029961 SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1181131 CVE-2018-20482 at SUSE CVE-2018-20482 at NVD CVE-2019-9923 at SUSE CVE-2019-9923 at NVD CVE-2021-20193 at SUSE CVE-2021-20193 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 Moderate SUSE bug 1193364 SUSE bug 1196625 SUSE bug 1197636 CVE-2022-0897 at SUSE CVE-2022-0897 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397). Low SUSE bug 1198397 CVE-2021-3670 at SUSE CVE-2021-3670 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Important SUSE bug 1198062 SUSE bug 1198922 CVE-2022-1271 at SUSE CVE-2022-1271 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) Moderate SUSE bug 1198614 SUSE bug 1198723 SUSE bug 1198766 CVE-2022-22576 at SUSE CVE-2022-22576 at NVD CVE-2022-27775 at SUSE CVE-2022-27775 at NVD CVE-2022-27776 at SUSE CVE-2022-27776 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1071995 SUSE bug 1137728 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1194625 SUSE bug 1195651 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197677 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198077 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198534 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1198989 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-0707 at SUSE CVE-2021-0707 at NVD CVE-2021-20292 at SUSE CVE-2021-20292 at NVD CVE-2021-20321 at SUSE CVE-2021-20321 at NVD CVE-2021-38208 at SUSE CVE-2021-38208 at NVD CVE-2021-4154 at SUSE CVE-2021-4154 at NVD CVE-2022-0812 at SUSE CVE-2022-0812 at NVD CVE-2022-1158 at SUSE CVE-2022-1158 at NVD CVE-2022-1280 at SUSE CVE-2022-1280 at NVD CVE-2022-1353 at SUSE CVE-2022-1353 at NVD CVE-2022-1419 at SUSE CVE-2022-1419 at NVD CVE-2022-1516 at SUSE CVE-2022-1516 at NVD CVE-2022-28356 at SUSE CVE-2022-28356 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-28893 at SUSE CVE-2022-28893 at NVD CVE-2022-29156 at SUSE CVE-2022-29156 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Important SUSE bug 1199240 CVE-2022-29155 at SUSE CVE-2022-29155 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1071995 SUSE bug 1137728 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1194625 SUSE bug 1195651 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197677 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198077 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198534 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1198989 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-0707 at SUSE CVE-2021-0707 at NVD CVE-2021-20292 at SUSE CVE-2021-20292 at NVD CVE-2021-20321 at SUSE CVE-2021-20321 at NVD CVE-2021-38208 at SUSE CVE-2021-38208 at NVD CVE-2021-4154 at SUSE CVE-2021-4154 at NVD CVE-2022-0812 at SUSE CVE-2022-0812 at NVD CVE-2022-1158 at SUSE CVE-2022-1158 at NVD CVE-2022-1280 at SUSE CVE-2022-1280 at NVD CVE-2022-1353 at SUSE CVE-2022-1353 at NVD CVE-2022-1419 at SUSE CVE-2022-1419 at NVD CVE-2022-1516 at SUSE CVE-2022-1516 at NVD CVE-2022-28356 at SUSE CVE-2022-28356 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-28893 at SUSE CVE-2022-28893 at NVD CVE-2022-29156 at SUSE CVE-2022-29156 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 at SUSE CVE-2022-1304 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Important SUSE bug 1193930 SUSE bug 1196441 SUSE bug 1197284 SUSE bug 1197517 CVE-2021-43565 at SUSE CVE-2021-43565 at NVD CVE-2022-23648 at SUSE CVE-2022-23648 at NVD CVE-2022-24769 at SUSE CVE-2022-24769 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 at SUSE CVE-2022-21151 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 at SUSE CVE-2021-3592 at NVD CVE-2021-3594 at SUSE CVE-2021-3594 at NVD CVE-2021-3595 at SUSE CVE-2021-3595 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Important SUSE bug 1196490 SUSE bug 1199132 CVE-2022-23308 at SUSE CVE-2022-23308 at NVD CVE-2022-29824 at SUSE CVE-2022-29824 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361). Low SUSE bug 1181361 CVE-2021-20196 at SUSE CVE-2021-20196 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 at SUSE CVE-2021-45960 at NVD CVE-2021-46143 at SUSE CVE-2021-46143 at NVD CVE-2022-22822 at SUSE CVE-2022-22822 at NVD CVE-2022-22823 at SUSE CVE-2022-22823 at NVD CVE-2022-22824 at SUSE CVE-2022-22824 at NVD CVE-2022-22825 at SUSE CVE-2022-22825 at NVD CVE-2022-22826 at SUSE CVE-2022-22826 at NVD CVE-2022-22827 at SUSE CVE-2022-22827 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) Important SUSE bug 1171479 CVE-2020-12762 at SUSE CVE-2020-12762 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) Moderate SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 at SUSE CVE-2021-26312 at NVD CVE-2021-26339 at SUSE CVE-2021-26339 at NVD CVE-2021-26342 at SUSE CVE-2021-26342 at NVD CVE-2021-26347 at SUSE CVE-2021-26347 at NVD CVE-2021-26348 at SUSE CVE-2021-26348 at NVD CVE-2021-26349 at SUSE CVE-2021-26349 at NVD CVE-2021-26350 at SUSE CVE-2021-26350 at NVD CVE-2021-26364 at SUSE CVE-2021-26364 at NVD CVE-2021-26372 at SUSE CVE-2021-26372 at NVD CVE-2021-26373 at SUSE CVE-2021-26373 at NVD CVE-2021-26375 at SUSE CVE-2021-26375 at NVD CVE-2021-26376 at SUSE CVE-2021-26376 at NVD CVE-2021-26378 at SUSE CVE-2021-26378 at NVD CVE-2021-26388 at SUSE CVE-2021-26388 at NVD CVE-2021-46744 at SUSE CVE-2021-46744 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) Important SUSE bug 1199223 SUSE bug 1199224 CVE-2022-27781 at SUSE CVE-2022-27781 at NVD CVE-2022-27782 at SUSE CVE-2022-27782 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). Important SUSE bug 1199232 CVE-2022-1586 at SUSE CVE-2022-1586 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 at SUSE CVE-2021-4034 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace (bnc#1194518). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529) - CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4 (bnc#1193727). - CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001). - CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094). - CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an information leak because the hash table is very small (bnc#1194087). The following non-security bugs were fixed: - ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - ACPI: Add stubs for wakeup handler functions (git-fixes). - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: ctl: Fix copy of updated id with element read/write (git-fixes). - ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes). - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: hda: Make proper use of timecounter (git-fixes). - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ALSA: jack: Check the return value of kstrdup() (git-fixes). - ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes). - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - ALSA: pcm: oss: Limit the period size to 16MB (git-fixes). - ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes). - ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - ASoC: cs42l42: Disable regulators if probe fails (git-fixes). - ASoC: cs42l42: Use device_property API instead of of_property (git-fixes). - ASoC: fsl_asrc: refine the check of available clock divider (git-fixes). - ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes). - ASoC: mediatek: Check for error clk pointer (git-fixes). - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - ASoC: samsung: idma: Check of ioremap return value (git-fixes). - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes). - ASoC: sunxi: fix a sound binding broken reference (git-fixes). - ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes). - ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes). - ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes). - ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes). - ASoC: tegra: Fix wrong value type in DMIC (git-fixes). - ASoC: tegra: Fix wrong value type in DSPK (git-fixes). - ASoC: tegra: Fix wrong value type in I2S (git-fixes). - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - Add cherry-picked IDs for qemu fw_cfg patches - Bluetooth: L2CAP: Fix using wrong mode (git-fixes). - Bluetooth: bfusb: fix division by zero in send path (git-fixes). - Bluetooth: btmtksdio: fix resume failure (git-fixes). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - Bluetooth: hci_bcm: Check for error irq (git-fixes). - Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - Bluetooth: stop proccessing malicious adv data (git-fixes). - Documentation: ACPI: Fix data node reference documentation (git-fixes). - Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - HID: add USB_HID dependancy to hid-chicony (git-fixes). - HID: add USB_HID dependancy to hid-prodikeys (git-fixes). - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes). - HID: bigbenff: prevent null pointer dereference (git-fixes). - HID: google: add eel USB id (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - Input: i8042 - add deferred probe support (bsc#1190256). - Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - Input: max8925_onkey - do not mark comment as kernel-doc (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Move upstreamed patches into sorted section - NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - PCI/MSI: Mask MSI-X vectors only on success (git-fixes). - PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - PCI: dwc: Do not remap invalid res (git-fixes). - PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - PCI: xgene: Fix IB window setup (git-fixes). - PM: runtime: Defer suspending suppliers (git-fixes). - PM: sleep: Do not assume that 'mem' is always present (git-fixes). - RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777). - Revert 'PM: sleep: Do not assume that 'mem' is always present' (git-fixes). - Revert 'USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set' (git-fixes). - Revert 'net/mlx5: Add retry mechanism to the command entry index allocation' (jsc#SLE-15172). - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (git-fixes). - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - USB: cdc-acm: fix break reporting (git-fixes). - USB: cdc-acm: fix racy tty buffer accesses (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - USB: gadget: bRequestType is a bitfield, not a enum (git-fixes). - USB: gadget: detect too-big endpoint 0 requests (git-fixes). - USB: gadget: zero allocate endpoint 0 buffers (git-fixes). - USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - USB: serial: option: add Telit FN990 compositions (git-fixes). - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634). - Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120) Moving this driver into the 'supported' package. - amd/display: downgrade validation failure log level (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - ax25: NPD bug when detaching AX25 device (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - clk: Do not parent clks until the parent is fully registered (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes). - crypto: qat - fix reuse of completion variable (git-fixes). - crypto: qat - handle both source of interrupt in VF ISR (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566). - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - dm crypt: document encrypted keyring key option (git-fixes). - dm writecache: add 'cleaner' and 'max_age' to Documentation (git-fixes). - dm writecache: advance the number of arguments when reporting max_age (git-fixes). - dm writecache: fix performance degradation in ssd mode (git-fixes). - dm writecache: flush origin device when writing and cache is full (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931). - dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - drm/amd/display: Update bounding box states (v2) (git-fixes). - drm/amd/display: Update number of DCN3 clock states (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes). - drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes). - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/amdgpu: Fix a printing message (git-fixes). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes). - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' (git-fixes). - drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/ast: potential dereference of null pointer (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes). - drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes). - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes). - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes). - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - firmware: Update Kconfig help text for Google firmware (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353). - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes). - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - i2c: validate user data in compat ioctl (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes). - i40e: Fix for displaying message regarding NVM version (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes). - i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes). - iavf: Fix limit of total number of queues to active queues of VF (git-fixes). - iavf: restore MSI state on reset (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes). - ieee802154: fix error return code in ieee802154_add_iface() (git-fixes). - ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes). - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes). - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes). - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes). - igb: Fix removal of unicast MAC filters of VFs (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igc: Fix typo in i225 LTR functions (jsc#SLE-13533). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: kxsd9: Do not return error code in trigger handler (git-fixes). - iio: ltr501: Do not return error code in trigger handler (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Do not return error code in interrupt handler (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773). - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - iwlwifi: fw: correctly limit to monitor dump (git-fixes). - iwlwifi: mvm: Fix scan channel flags settings (git-fixes). - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - iwlwifi: mvm: avoid static queue number aliasing (git-fixes). - iwlwifi: mvm: disable RX-diversity in powersave (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: mvm: fix access to BSS elements (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: pcie: free RBs during configure (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - kmod: make request_module() return an error when autoloading is disabled (git-fixes). - kobject: Restore old behaviour of kobject_del(NULL) (git-fixes). - kobject_uevent: remove warning in init_uevent_argv() (git-fixes). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - libata: add horkage for ASMedia 1092 (git-fixes). - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lockdown: Allow unprivileged users to see lockdown status (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes). - mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: dw2102: Fix use after free (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: si2157: Fix 'warm' tuner state detection (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes). - memory: emif: Remove bogus debugfs error handling (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - move to 'mainline soon' section: - patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch - moxart: fix potential use-after-free on remove path (bsc#1194516). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - mt76: mt7915: fix an off-by-one bound check (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - mwifiex: Try waking the firmware until we get an interrupt (git-fixes). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464). - net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172). - net/mlx5e: Fix wrong features assignment in case of error (git-fixes). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172). - net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172). - net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774). - net: create netdev->dev_addr assignment helpers (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (bsc#1154492). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447). - nvme-tcp: block BH in sk state_change sk callback (git-fixes). - nvme-tcp: can't set sk_user_data without write_lock (git-fixes). - nvme-tcp: check sgl supported by target (git-fixes). - nvme-tcp: do not update queue count when failing to set io queues (git-fixes). - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes). - nvme-tcp: fix crash triggered with a dataless request submission (git-fixes). - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes). - nvme-tcp: fix io_work priority inversion (git-fixes). - nvme-tcp: fix possible data corruption with bio merges (git-fixes). - nvme-tcp: fix possible req->offset corruption (git-fixes). - nvme-tcp: fix wrong setting of request iov_iter (git-fixes). - nvme-tcp: get rid of unused helper function (git-fixes). - nvme-tcp: pair send_mutex init with destroy (git-fixes). - nvme-tcp: pass multipage bvec to request iov_iter (git-fixes). - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes). - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes). - pipe: increase minimum default pipe size to 2 pages (bsc#1194587). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: tiecap: Drop .free() callback (git-fixes). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - quota: check block number when reading the block in quota file (bsc#1194589). - quota: correct error number in free_dqentry() (bsc#1194590). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - rtw88: use read_poll_timeout instead of fixed sleep (git-fixes). - rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes). - rtw88: wow: fix size access error of probe request (git-fixes). - sata: nv: fix debug format string mismatch (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes). - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - serial: tty: uartlite: fix console setup (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: The RX page_ring is optional (git-fixes). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc_ef100: potential dereference of null pointer (jsc#SLE-16683). - shmem: shmem_writepage() split unlikely i915 THP (git-fixes). - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes). - staging: fbtft: Do not spam logs when probe is deferred (git-fixes). - staging: fbtft: Rectify GPIO handling (git-fixes). - staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - tty: max310x: fix flexible_array.cocci warnings (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: synclink_gt: rename a conflicting function name (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usb: core: config: using bit mask instead of individual bits (git-fixes). - usb: dwc2: check return value after calling platform_get_resource() (git-fixes). - usb: dwc3: gadget: Continue to process pending requests (git-fixes). - usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes). - usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes). - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes). - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes). - usb: dwc3: ulpi: fix checkpatch warning (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - usermodehelper: reset umask to default before executing user process (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - watchdog: Fix OMAP watchdog early handling (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: handle connection loss indication (git-fixes). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - xhci: fix unsafe memory usage in xhci tracing (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1154353 SUSE bug 1154492 SUSE bug 1156395 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1177437 SUSE bug 1190256 SUSE bug 1191271 SUSE bug 1191929 SUSE bug 1192931 SUSE bug 1193255 SUSE bug 1193328 SUSE bug 1193660 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193901 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194027 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194266 SUSE bug 1194302 SUSE bug 1194493 SUSE bug 1194516 SUSE bug 1194517 SUSE bug 1194518 SUSE bug 1194529 SUSE bug 1194578 SUSE bug 1194580 SUSE bug 1194584 SUSE bug 1194586 SUSE bug 1194587 SUSE bug 1194589 SUSE bug 1194590 SUSE bug 1194591 SUSE bug 1194592 SUSE bug 1194888 SUSE bug 1194953 SUSE bug 1194985 CVE-2021-4083 at SUSE CVE-2021-4083 at NVD CVE-2021-4135 at SUSE CVE-2021-4135 at NVD CVE-2021-4149 at SUSE CVE-2021-4149 at NVD CVE-2021-4197 at SUSE CVE-2021-4197 at NVD CVE-2021-4202 at SUSE CVE-2021-4202 at NVD CVE-2021-45485 at SUSE CVE-2021-45485 at NVD CVE-2021-45486 at SUSE CVE-2021-45486 at NVD CVE-2021-46283 at SUSE CVE-2021-46283 at NVD CVE-2022-0185 at SUSE CVE-2022-0185 at NVD CVE-2022-0322 at SUSE CVE-2022-0322 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Important SUSE bug 1027519 SUSE bug 1197426 SUSE bug 1199965 SUSE bug 1199966 CVE-2022-26358 at SUSE CVE-2022-26358 at NVD CVE-2022-26359 at SUSE CVE-2022-26359 at NVD CVE-2022-26360 at SUSE CVE-2022-26360 at NVD CVE-2022-26361 at SUSE CVE-2022-26361 at NVD CVE-2022-26362 at SUSE CVE-2022-26362 at NVD CVE-2022-26363 at SUSE CVE-2022-26363 at NVD CVE-2022-26364 at SUSE CVE-2022-26364 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 Other bugs fixed: - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) - Fix wrong default entry when booting snapshot (bsc#1159205) - Add support for simplefb (boo#1193532). - Fix error lvmid disk cannot be found after second disk added to the root volume group (bsc#1189874) (bsc#1071559) - Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware (bsc#1191504) - Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522) Important SUSE bug 1071559 SUSE bug 1159205 SUSE bug 1179981 SUSE bug 1189769 SUSE bug 1189874 SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1191504 SUSE bug 1191974 SUSE bug 1192522 SUSE bug 1192622 SUSE bug 1193282 SUSE bug 1193532 SUSE bug 1195204 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198495 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 at SUSE CVE-2021-3695 at NVD CVE-2021-3696 at SUSE CVE-2021-3696 at NVD CVE-2021-3697 at SUSE CVE-2021-3697 at NVD CVE-2022-28733 at SUSE CVE-2022-28733 at NVD CVE-2022-28734 at SUSE CVE-2022-28734 at NVD CVE-2022-28735 at SUSE CVE-2022-28735 at NVD CVE-2022-28736 at SUSE CVE-2022-28736 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200192 SUSE bug 1200216 CVE-2019-19377 at SUSE CVE-2019-19377 at NVD CVE-2021-33061 at SUSE CVE-2021-33061 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-1652 at SUSE CVE-2022-1652 at NVD CVE-2022-1729 at SUSE CVE-2022-1729 at NVD CVE-2022-1972 at SUSE CVE-2022-1972 at NVD CVE-2022-20008 at SUSE CVE-2022-20008 at NVD CVE-2022-21123 at SUSE CVE-2022-21123 at NVD CVE-2022-21125 at SUSE CVE-2022-21125 at NVD CVE-2022-21127 at SUSE CVE-2022-21127 at NVD CVE-2022-21166 at SUSE CVE-2022-21166 at NVD CVE-2022-21180 at SUSE CVE-2022-21180 at NVD CVE-2022-30594 at SUSE CVE-2022-30594 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) Important SUSE bug 1191668 SUSE bug 1192017 SUSE bug 1193623 SUSE bug 1193719 SUSE bug 1193981 SUSE bug 1194041 CVE-2021-4147 at SUSE CVE-2021-4147 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). Important SUSE bug 1070955 SUSE bug 1191770 SUSE bug 1192167 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 CVE-2017-17087 at SUSE CVE-2017-17087 at NVD CVE-2021-3778 at SUSE CVE-2021-3778 at NVD CVE-2021-3796 at SUSE CVE-2021-3796 at NVD CVE-2021-3872 at SUSE CVE-2021-3872 at NVD CVE-2021-3875 at SUSE CVE-2021-3875 at NVD CVE-2021-3903 at SUSE CVE-2021-3903 at NVD CVE-2021-3927 at SUSE CVE-2021-3927 at NVD CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2021-3968 at SUSE CVE-2021-3968 at NVD CVE-2021-3973 at SUSE CVE-2021-3973 at NVD CVE-2021-3974 at SUSE CVE-2021-3974 at NVD CVE-2021-3984 at SUSE CVE-2021-3984 at NVD CVE-2021-4019 at SUSE CVE-2021-4019 at NVD CVE-2021-4069 at SUSE CVE-2021-4069 at NVD CVE-2021-4136 at SUSE CVE-2021-4136 at NVD CVE-2021-4166 at SUSE CVE-2021-4166 at NVD CVE-2021-4192 at SUSE CVE-2021-4192 at NVD CVE-2021-4193 at SUSE CVE-2021-4193 at NVD CVE-2021-46059 at SUSE CVE-2021-46059 at NVD CVE-2022-0128 at SUSE CVE-2022-0128 at NVD CVE-2022-0213 at SUSE CVE-2022-0213 at NVD CVE-2022-0261 at SUSE CVE-2022-0261 at NVD CVE-2022-0318 at SUSE CVE-2022-0318 at NVD CVE-2022-0319 at SUSE CVE-2022-0319 at NVD CVE-2022-0351 at SUSE CVE-2022-0351 at NVD CVE-2022-0359 at SUSE CVE-2022-0359 at NVD CVE-2022-0361 at SUSE CVE-2022-0361 at NVD CVE-2022-0392 at SUSE CVE-2022-0392 at NVD CVE-2022-0407 at SUSE CVE-2022-0407 at NVD CVE-2022-0413 at SUSE CVE-2022-0413 at NVD CVE-2022-0696 at SUSE CVE-2022-0696 at NVD CVE-2022-1381 at SUSE CVE-2022-1381 at NVD CVE-2022-1420 at SUSE CVE-2022-1420 at NVD CVE-2022-1616 at SUSE CVE-2022-1616 at NVD CVE-2022-1619 at SUSE CVE-2022-1619 at NVD CVE-2022-1620 at SUSE CVE-2022-1620 at NVD CVE-2022-1733 at SUSE CVE-2022-1733 at NVD CVE-2022-1735 at SUSE CVE-2022-1735 at NVD CVE-2022-1771 at SUSE CVE-2022-1771 at NVD CVE-2022-1785 at SUSE CVE-2022-1785 at NVD CVE-2022-1796 at SUSE CVE-2022-1796 at NVD CVE-2022-1851 at SUSE CVE-2022-1851 at NVD CVE-2022-1897 at SUSE CVE-2022-1897 at NVD CVE-2022-1898 at SUSE CVE-2022-1898 at NVD CVE-2022-1927 at SUSE CVE-2022-1927 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Important SUSE bug 1177282 SUSE bug 1199365 SUSE bug 1200015 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200268 SUSE bug 1200529 CVE-2020-26541 at SUSE CVE-2020-26541 at NVD CVE-2022-1966 at SUSE CVE-2022-1966 at NVD CVE-2022-1974 at SUSE CVE-2022-1974 at NVD CVE-2022-1975 at SUSE CVE-2022-1975 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-20141: Fixwed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - ARM: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: avoid fixmap race condition when create pud mapping (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver. - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - NFC: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - NFC: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1177282 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199365 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200015 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200192 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200216 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200529 SUSE bug 1200549 SUSE bug 1200604 CVE-2019-19377 at SUSE CVE-2019-19377 at NVD CVE-2020-26541 at SUSE CVE-2020-26541 at NVD CVE-2021-33061 at SUSE CVE-2021-33061 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-1652 at SUSE CVE-2022-1652 at NVD CVE-2022-1729 at SUSE CVE-2022-1729 at NVD CVE-2022-1966 at SUSE CVE-2022-1966 at NVD CVE-2022-1972 at SUSE CVE-2022-1972 at NVD CVE-2022-1974 at SUSE CVE-2022-1974 at NVD CVE-2022-1975 at SUSE CVE-2022-1975 at NVD CVE-2022-20008 at SUSE CVE-2022-20008 at NVD CVE-2022-20141 at SUSE CVE-2022-20141 at NVD CVE-2022-21123 at SUSE CVE-2022-21123 at NVD CVE-2022-21125 at SUSE CVE-2022-21125 at NVD CVE-2022-21127 at SUSE CVE-2022-21127 at NVD CVE-2022-21166 at SUSE CVE-2022-21166 at NVD CVE-2022-21180 at SUSE CVE-2022-21180 at NVD CVE-2022-30594 at SUSE CVE-2022-30594 at NVD CVE-2022-32250 at SUSE CVE-2022-32250 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566) Important SUSE bug 1200566 CVE-2022-22967 at SUSE CVE-2022-22967 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 at SUSE CVE-2022-1292 at NVD CVE-2022-2068 at SUSE CVE-2022-2068 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) Important SUSE bug 1197084 SUSE bug 1198035 SUSE bug 1198037 SUSE bug 1198712 SUSE bug 1199018 SUSE bug 1199924 CVE-2021-4206 at SUSE CVE-2021-4206 at NVD CVE-2021-4207 at SUSE CVE-2021-4207 at NVD CVE-2022-26354 at SUSE CVE-2022-26354 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common@v0.38.16 * vendor containers/buildah@v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common@v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common@v0.38.14 * vendor containers/common@v0.38.13 * [3.2] vendor containers/common@v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common@v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common@v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common@v0.38.7 * [v3.2] vendor containers/common@v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage@v1.31.3 * vendor containers/common@v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 Moderate SUSE bug 1176804 SUSE bug 1177598 SUSE bug 1181640 SUSE bug 1182998 SUSE bug 1188520 SUSE bug 1188914 SUSE bug 1193166 SUSE bug 1193273 CVE-2020-14370 at SUSE CVE-2020-14370 at NVD CVE-2020-15157 at SUSE CVE-2020-15157 at NVD CVE-2021-20199 at SUSE CVE-2021-20199 at NVD CVE-2021-20291 at SUSE CVE-2021-20291 at NVD CVE-2021-3602 at SUSE CVE-2021-3602 at NVD CVE-2021-4024 at SUSE CVE-2021-4024 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of s390-tools fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Important SUSE bug 1200735 SUSE bug 1200737 CVE-2022-32206 at SUSE CVE-2022-32206 at NVD CVE-2022-32208 at SUSE CVE-2022-32208 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1201099 CVE-2022-2097 at SUSE CVE-2022-2097 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. Important SUSE bug 1192051 SUSE bug 1199460 SUSE bug 1199565 SUSE bug 1200088 SUSE bug 1200145 CVE-2022-29162 at SUSE CVE-2022-29162 at NVD CVE-2022-31030 at SUSE CVE-2022-31030 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ignition fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). - Update to version 2.14.0 Moderate SUSE bug 1199524 CVE-2022-1706 at SUSE CVE-2022-1706 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: Security issues fixed: - CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819) - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Other bugs fixed: - Remove shebangs from from python-base libraries in _libdir (bsc#1193179, bsc#1192249). Important SUSE bug 1186819 SUSE bug 1190566 SUSE bug 1192249 SUSE bug 1193179 SUSE bug 1198511 CVE-2015-20107 at SUSE CVE-2015-20107 at NVD CVE-2021-3572 at SUSE CVE-2021-3572 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 at SUSE CVE-2022-1586 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) Moderate SUSE bug 1180065 CVE-2020-29362 at SUSE CVE-2020-29362 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Add various fsctl structs (bsc#1200217). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: fix snapshot mount option (bsc#1200217). - [smb3] improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - [smb3] move more common protocol header definitions to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1184924 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1198924 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 CVE-2021-26341 at SUSE CVE-2021-26341 at NVD CVE-2021-4157 at SUSE CVE-2021-4157 at NVD CVE-2022-1012 at SUSE CVE-2022-1012 at NVD CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-33981 at SUSE CVE-2022-33981 at NVD CVE-2022-34918 at SUSE CVE-2022-34918 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. Important SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1198486 SUSE bug 1200027 CVE-2022-31741 at SUSE CVE-2022-31741 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) Important SUSE bug 1196125 SUSE bug 1201225 CVE-2022-34903 at SUSE CVE-2022-34903 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). Important SUSE bug 1192449 SUSE bug 1200278 SUSE bug 1200802 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1184924 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1198924 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 CVE-2021-26341 at SUSE CVE-2021-26341 at NVD CVE-2021-4157 at SUSE CVE-2021-4157 at NVD CVE-2022-1012 at SUSE CVE-2022-1012 at NVD CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-20141 at SUSE CVE-2022-20141 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-33981 at SUSE CVE-2022-33981 at NVD CVE-2022-34918 at SUSE CVE-2022-34918 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 at SUSE CVE-2020-25657 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Important SUSE bug 1196224 SUSE bug 1198255 SUSE bug 1199247 SUSE bug 1199734 SUSE bug 1200556 SUSE bug 1200964 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 CVE-2022-2031 at SUSE CVE-2022-2031 at NVD CVE-2022-32742 at SUSE CVE-2022-32742 at NVD CVE-2022-32744 at SUSE CVE-2022-32744 at NVD CVE-2022-32745 at SUSE CVE-2022-32745 at NVD CVE-2022-32746 at SUSE CVE-2022-32746 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 at SUSE CVE-2022-21123 at NVD CVE-2022-21125 at SUSE CVE-2022-21125 at NVD CVE-2022-21166 at SUSE CVE-2022-21166 at NVD CVE-2022-23816 at SUSE CVE-2022-23816 at NVD CVE-2022-23825 at SUSE CVE-2022-23825 at NVD CVE-2022-26362 at SUSE CVE-2022-26362 at NVD CVE-2022-26363 at SUSE CVE-2022-26363 at NVD CVE-2022-26364 at SUSE CVE-2022-26364 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-33745 at SUSE CVE-2022-33745 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. Moderate SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033086 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1082318 SUSE bug 1104264 SUSE bug 1106390 SUSE bug 1107066 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2017-7607 at SUSE CVE-2017-7607 at NVD CVE-2017-7608 at SUSE CVE-2017-7608 at NVD CVE-2017-7609 at SUSE CVE-2017-7609 at NVD CVE-2017-7610 at SUSE CVE-2017-7610 at NVD CVE-2017-7611 at SUSE CVE-2017-7611 at NVD CVE-2017-7612 at SUSE CVE-2017-7612 at NVD CVE-2017-7613 at SUSE CVE-2017-7613 at NVD CVE-2018-16062 at SUSE CVE-2018-16062 at NVD CVE-2018-16402 at SUSE CVE-2018-16402 at NVD CVE-2018-16403 at SUSE CVE-2018-16403 at NVD CVE-2018-18310 at SUSE CVE-2018-18310 at NVD CVE-2018-18520 at SUSE CVE-2018-18520 at NVD CVE-2018-18521 at SUSE CVE-2018-18521 at NVD CVE-2019-7146 at SUSE CVE-2019-7146 at NVD CVE-2019-7148 at SUSE CVE-2019-7148 at NVD CVE-2019-7149 at SUSE CVE-2019-7149 at NVD CVE-2019-7150 at SUSE CVE-2019-7150 at NVD CVE-2019-7664 at SUSE CVE-2019-7664 at NVD CVE-2019-7665 at SUSE CVE-2019-7665 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1164384 SUSE bug 1199235 CVE-2019-20454 at SUSE CVE-2019-20454 at NVD CVE-2022-1587 at SUSE CVE-2022-1587 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). Moderate SUSE bug 1198627 CVE-2022-29458 at SUSE CVE-2022-29458 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). Critical SUSE bug 1139519 SUSE bug 1183572 SUSE bug 1183574 SUSE bug 1188571 SUSE bug 1191227 SUSE bug 1191532 SUSE bug 1192684 SUSE bug 1193690 SUSE bug 1194859 SUSE bug 1195048 CVE-2020-27840 at SUSE CVE-2020-27840 at NVD CVE-2021-20277 at SUSE CVE-2021-20277 at NVD CVE-2021-20316 at SUSE CVE-2021-20316 at NVD CVE-2021-36222 at SUSE CVE-2021-36222 at NVD CVE-2021-43566 at SUSE CVE-2021-43566 at NVD CVE-2021-44141 at SUSE CVE-2021-44141 at NVD CVE-2021-44142 at SUSE CVE-2021-44142 at NVD CVE-2022-0336 at SUSE CVE-2022-0336 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs Moderate SUSE bug 1195916 SUSE bug 1196696 CVE-2020-29651 at SUSE CVE-2020-29651 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). Important SUSE bug 1182428 SUSE bug 1196338 SUSE bug 1197284 CVE-2022-1227 at SUSE CVE-2022-1227 at NVD CVE-2022-21698 at SUSE CVE-2022-21698 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) Moderate SUSE bug 1199524 SUSE bug 1200485 CVE-2022-1706 at SUSE CVE-2022-1706 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Important SUSE bug 1178134 SUSE bug 1196616 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1200015 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201442 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201645 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202154 CVE-2020-36516 at SUSE CVE-2020-36516 at NVD CVE-2020-36557 at SUSE CVE-2020-36557 at NVD CVE-2020-36558 at SUSE CVE-2020-36558 at NVD CVE-2021-33655 at SUSE CVE-2021-33655 at NVD CVE-2021-33656 at SUSE CVE-2021-33656 at NVD CVE-2022-1116 at SUSE CVE-2022-1116 at NVD CVE-2022-1462 at SUSE CVE-2022-1462 at NVD CVE-2022-20166 at SUSE CVE-2022-20166 at NVD CVE-2022-21505 at SUSE CVE-2022-21505 at NVD CVE-2022-2318 at SUSE CVE-2022-2318 at NVD CVE-2022-26365 at SUSE CVE-2022-26365 at NVD CVE-2022-2639 at SUSE CVE-2022-2639 at NVD CVE-2022-29581 at SUSE CVE-2022-29581 at NVD CVE-2022-32250 at SUSE CVE-2022-32250 at NVD CVE-2022-33740 at SUSE CVE-2022-33740 at NVD CVE-2022-33741 at SUSE CVE-2022-33741 at NVD CVE-2022-33742 at SUSE CVE-2022-33742 at NVD CVE-2022-36946 at SUSE CVE-2022-36946 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-46283: Fixed missing initialization in nf_tables_newset in net/netfilter/nf_tables_api.c that could cause a denial of service (bnc#1194518). - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). The following non-security bugs were fixed: - acpi: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes). - acpi: Add stubs for wakeup handler functions (git-fixes). - acpi: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes). - alsa: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - alsa: ctl: Fix copy of updated id with element read/write (git-fixes). - alsa: drivers: opl3: Fix incorrect use of vp->state (git-fixes). - alsa: hda/hdmi: Disable silent stream on GLK (git-fixes). - alsa: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes). - alsa: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes). - alsa: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes). - alsa: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes). - alsa: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes). - alsa: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes). - alsa: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes). - alsa: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes). - alsa: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - alsa: hda: Make proper use of timecounter (git-fixes). - alsa: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - alsa: jack: Check the return value of kstrdup() (git-fixes). - alsa: oss: fix compile error when OSS_DEBUG is enabled (git-fixes). - alsa: pcm: oss: Fix negative period/buffer sizes (git-fixes). - alsa: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes). - alsa: pcm: oss: Limit the period size to 16MB (git-fixes). - alsa: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes). - alsa: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes). - amd/display: downgrade validation failure log level (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asoc: codecs: wcd934x: handle channel mappping list correctly (git-fixes). - asoc: codecs: wcd934x: return correct value from mixer put (git-fixes). - asoc: codecs: wcd934x: return error code correctly from hw_params (git-fixes). - asoc: codecs: wsa881x: fix return values from kcontrol put (git-fixes). - asoc: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes). - asoc: cs42l42: Disable regulators if probe fails (git-fixes). - asoc: cs42l42: Use device_property API instead of of_property (git-fixes). - asoc: fsl_asrc: refine the check of available clock divider (git-fixes). - asoc: fsl_mqs: fix MODULE_ALIAS (git-fixes). - asoc: mediatek: Check for error clk pointer (git-fixes). - asoc: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes). - asoc: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes). - asoc: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes). - asoc: rt5663: Handle device_property_read_u32_array error codes (git-fixes). - asoc: samsung: idma: Check of ioremap return value (git-fixes). - asoc: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes). - asoc: sunxi: fix a sound binding broken reference (git-fixes). - asoc: tegra: Fix kcontrol put callback in ADMAIF (git-fixes). - asoc: tegra: Fix kcontrol put callback in AHUB (git-fixes). - asoc: tegra: Fix kcontrol put callback in DMIC (git-fixes). - asoc: tegra: Fix kcontrol put callback in DSPK (git-fixes). - asoc: tegra: Fix kcontrol put callback in I2S (git-fixes). - asoc: tegra: Fix wrong value type in ADMAIF (git-fixes). - asoc: tegra: Fix wrong value type in DMIC (git-fixes). - asoc: tegra: Fix wrong value type in DSPK (git-fixes). - asoc: tegra: Fix wrong value type in I2S (git-fixes). - asoc: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes). - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes). - atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes). - ax25: NPD bug when detaching AX25 device (git-fixes). - backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes). - backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes). - backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes). - backlight: qcom-wled: Validate enabled string indices in DT (git-fixes). - batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - bluetooth: L2CAP: Fix using wrong mode (git-fixes). - bluetooth: bfusb: fix division by zero in send path (git-fixes). - bluetooth: btmtksdio: fix resume failure (git-fixes). - bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes). - bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes). - bluetooth: hci_bcm: Check for error irq (git-fixes). - bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes). - bluetooth: stop proccessing malicious adv data (git-fixes). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes). - can: kvaser_usb: get CAN clock frequency from device (git-fixes). - can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes). - can: softing: softing_startstop(): fix set but not used variable warning (git-fixes). - can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes). - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes). - can: xilinx_can: xcan_probe(): check for error irq (git-fixes). - char/mwave: Adjust io port register size (git-fixes). - clk: Do not parent clks until the parent is fully registered (git-fixes). - clk: Gemini: fix struct name in kernel-doc (git-fixes). - clk: bcm-2835: Pick the closest clock rate (git-fixes). - clk: bcm-2835: Remove rounding up the dividers (git-fixes). - clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes). - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes). - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes). - clk: qcom: regmap-mux: fix parent clock lookup (git-fixes). - clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes). - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes). - crypto: qat - fix reuse of completion variable (git-fixes). - crypto: qat - handle both source of interrupt in VF ISR (git-fixes). - crypto: qce - fix uaf on qce_ahash_register_one (git-fixes). - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes). - crypto: stm32/cryp - fix double pm exit (git-fixes). - crypto: stm32/cryp - fix lrw chaining mode (git-fixes). - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes). - debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328). - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes). - dm crypt: document encrypted keyring key option (git-fixes). - dm writecache: add 'cleaner' and 'max_age' to Documentation (git-fixes). - dm writecache: advance the number of arguments when reporting max_age (git-fixes). - dm writecache: fix performance degradation in ssd mode (git-fixes). - dm writecache: flush origin device when writing and cache is full (git-fixes). - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes). - dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes). - dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes). - dmaengine: at_xdmac: Fix lld view setting (git-fixes). - dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes). - dmaengine: bestcomm: fix system boot lockups (git-fixes). - dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931). - dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931). - dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes). - dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes). - documentation: ACPI: Fix data node reference documentation (git-fixes). - documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes). - documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes). - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes). - drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes). - drm/amd/display: Update bounding box states (v2) (git-fixes). - drm/amd/display: Update number of DCN3 clock states (git-fixes). - drm/amd/display: add connector type check for CRC source set (git-fixes). - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes). - drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes). - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes). - drm/amdgpu: Fix a printing message (git-fixes). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes). - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes). - drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' (git-fixes). - drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes). - drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes). - drm/ast: potential dereference of null pointer (git-fixes). - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes). - drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes). - drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes). - drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes). - drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: fix safe status debugfs file (git-fixes). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes). - drm/msm/dsi: set default num_data_lanes (git-fixes). - drm/msm/mdp5: fix cursor-related warnings (git-fixes). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes). - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes). - drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes). - drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes). - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes). - drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes). - drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes). - drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes). - drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes). - drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes). - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes). - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes). - drm/tegra: vic: Fix DMA API misuse (git-fixes). - drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes). - drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes). - drm/vc4: hdmi: Set a default HSM rate (git-fixes). - drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes). - eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes). - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - firmware: Update Kconfig help text for Google firmware (git-fixes). - firmware: arm_scmi: pm: Propagate return value to caller (git-fixes). - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes). - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes). - firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes). - firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes). - firmware: tegra: Fix error application of sizeof() to pointer (git-fixes). - firmware: tegra: Reduce stack usage (git-fixes). - firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353). - fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953). - gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes). - gpu: host1x: Add back arm_iommu_detach_device() (git-fixes). - hid: add USB_HID dependancy to hid-chicony (git-fixes). - hid: add USB_HID dependancy to hid-prodikeys (git-fixes). - hid: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes). - hid: bigbenff: prevent null pointer dereference (git-fixes). - hid: google: add eel USB id (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes). - hid: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes). - hid: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes). - hwmon: (lm90) Add basic support for TI TMP461 (git-fixes). - hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes). - hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes). - hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes). - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes). - hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes). - i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes). - i2c: validate user data in compat ioctl (git-fixes). - i3c: fix incorrect address slot lookup on 64-bit (git-fixes). - i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes). - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes). - i40e: Fix for displaying message regarding NVM version (git-fixes). - i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes). - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes). - i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes). - iavf: Fix limit of total number of queues to active queues of VF (git-fixes). - iavf: restore MSI state on reset (git-fixes). - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes). - ieee802154: fix error return code in ieee802154_add_iface() (git-fixes). - ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes). - ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes). - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes). - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes). - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes). - igb: Fix removal of unicast MAC filters of VFs (git-fixes). - igbvf: fix double free in `igbvf_probe` (git-fixes). - igc: Fix typo in i225 LTR functions (jsc#SLE-13533). - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes). - iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes). - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes). - iio: at91-sama5d2: Fix incorrect sign extension (git-fixes). - iio: dln2-adc: Fix lockdep complaint (git-fixes). - iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes). - iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes). - iio: kxsd9: Do not return error code in trigger handler (git-fixes). - iio: ltr501: Do not return error code in trigger handler (git-fixes). - iio: mma8452: Fix trigger reference couting (git-fixes). - iio: stk3310: Do not return error code in interrupt handler (git-fixes). - iio: trigger: Fix reference counting (git-fixes). - iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes). - input: appletouch - initialize work before device registration (git-fixes). - input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). - input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes). - input: i8042 - add deferred probe support (bsc#1190256). - input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256). - input: max8925_onkey - do not mark comment as kernel-doc (git-fixes). - input: spaceball - fix parsing of movement data packets (git-fixes). - input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773). - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - iwlwifi: fw: correctly limit to monitor dump (git-fixes). - iwlwifi: mvm: Fix scan channel flags settings (git-fixes). - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes). - iwlwifi: mvm: avoid static queue number aliasing (git-fixes). - iwlwifi: mvm: disable RX-diversity in powersave (git-fixes). - iwlwifi: mvm: fix 32-bit build in FTM (git-fixes). - iwlwifi: mvm: fix access to BSS elements (git-fixes). - iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes). - iwlwifi: pcie: free RBs during configure (git-fixes). - ixgbe: set X550 MDIO speed before talking to PHY (git-fixes). - kabi/severities: Add a kabi exception for drivers/tee/tee - kmod: make request_module() return an error when autoloading is disabled (git-fixes). - kobject: Restore old behaviour of kobject_del(NULL) (git-fixes). - kobject_uevent: remove warning in init_uevent_argv() (git-fixes). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - libata: add horkage for ASMedia 1092 (git-fixes). - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lockdown: Allow unprivileged users to see lockdown status (git-fixes). - mISDN: change function names to avoid conflicts (git-fixes). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes). - mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes). - mac80211: do not access the IV when it was stripped (git-fixes). - mac80211: fix lookup when adding AddBA extension element (git-fixes). - mac80211: fix regression in SSN handling of addba tx (git-fixes). - mac80211: initialize variable have_higher_than_11mbit (git-fixes). - mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes). - mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes). - mac80211: track only QoS data frames for admission control (git-fixes). - mac80211: validate extended element ID is present (git-fixes). - mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes). - media: aspeed: fix mode-detect always time out at 2nd run (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: dw2102: Fix use after free (git-fixes). - media: em28xx: fix control-message timeouts (git-fixes). - media: em28xx: fix memory leak in em28xx_init_dev (git-fixes). - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: hantro: Fix probe func error path (git-fixes). - media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes). - media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes). - media: imx-pxp: Initialize the spinlock prior to using it (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes). - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes). - media: rcar-csi2: Optimize the selection PHTW register (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: si2157: Fix 'warm' tuner state detection (git-fixes). - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes). - memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes). - memory: emif: Remove bogus debugfs error handling (git-fixes). - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes). - misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes). - misc: fastrpc: fix improper packet size calculation (git-fixes). - misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes). - mmc: meson-mx-sdio: add IRQ check (git-fixes). - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes). - mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes). - mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes). - mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes). - moxart: fix potential use-after-free on remove path (bsc#1194516). - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes). - mt76: mt7915: fix an off-by-one bound check (git-fixes). - mtd: rawnand: fsmc: Fix timing computation (git-fixes). - mtd: rawnand: fsmc: Take instruction delay into account (git-fixes). - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes). - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes). - mwifiex: Fix possible ABBA deadlock (git-fixes). - mwifiex: Try waking the firmware until we get an interrupt (git-fixes). - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464). - net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172). - net/mlx5e: Fix wrong features assignment in case of error (git-fixes). - net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172). - net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172). - net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774). - net: create netdev->dev_addr assignment helpers (git-fixes). - net: ena: Fix error handling when calculating max IO queues number (bsc#1154492). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492). - net: ena: Fix wrong rx request id by resetting device (git-fixes). - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777). - net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes). - net: usb: pegasus: Do not drop long Ethernet frames (git-fixes). - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447). - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes). - nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes). - nfc: st21nfca: Fix memory leak in device probe and remove (git-fixes). - nfs: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - nfs: Fix pagecache invalidation after COPY/CLONE (git-fixes). - nfsd: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix zero-length NFSv3 WRITEs (git-fixes). - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447). - nvme-tcp: block BH in sk state_change sk callback (git-fixes). - nvme-tcp: can't set sk_user_data without write_lock (git-fixes). - nvme-tcp: check sgl supported by target (git-fixes). - nvme-tcp: do not update queue count when failing to set io queues (git-fixes). - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes). - nvme-tcp: fix crash triggered with a dataless request submission (git-fixes). - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes). - nvme-tcp: fix io_work priority inversion (git-fixes). - nvme-tcp: fix possible data corruption with bio merges (git-fixes). - nvme-tcp: fix possible req->offset corruption (git-fixes). - nvme-tcp: fix wrong setting of request iov_iter (git-fixes). - nvme-tcp: get rid of unused helper function (git-fixes). - nvme-tcp: pair send_mutex init with destroy (git-fixes). - nvme-tcp: pass multipage bvec to request iov_iter (git-fixes). - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes). - pci/acpi: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes). - pci/msi: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes). - pci/msi: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes). - pci/msi: Mask MSI-X vectors only on success (git-fixes). - pci: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes). - pci: dwc: Do not remap invalid res (git-fixes). - pci: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes). - pci: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes). - pci: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes). - pci: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes). - pci: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes). - pci: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes). - pci: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes). - pci: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes). - pci: xgene: Fix IB window setup (git-fixes). - pcmcia: fix setting of kthread task states (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes). - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes). - pcnet32: Use pci_resource_len to validate PCI resource (git-fixes). - pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes). - pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes). - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes). - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes). - pipe: increase minimum default pipe size to 2 pages (bsc#1194587). - platform/x86: apple-gmux: use resource_size() with res (git-fixes). - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes). - pm: runtime: Defer suspending suppliers (git-fixes). - pm: sleep: Do not assume that 'mem' is always present (git-fixes). - power: reset: ltc2952: Fix use of floating point literals (git-fixes). - power: supply: core: Break capacity loop (git-fixes). - power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes). - powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901). - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395). - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729). - powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729). - powerpc/pseries/cpuhp: cache node corrections (bsc#1065729). - powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729). - powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729). - powerpc/traps: do not enable irqs in _exception (bsc#1065729). - powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 jsc#SLE-13294 git-fixes). - powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901). - pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes). - pwm: tiecap: Drop .free() callback (git-fixes). - qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes). - quota: check block number when reading the block in quota file (bsc#1194589). - quota: correct error number in free_dqentry() (bsc#1194590). - random: fix data race on crng init time (git-fixes). - random: fix data race on crng_node_pool (git-fixes). - rdma/hns: Replace kfree() with kvfree() (jsc#SLE-14777). - regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes). - rndis_host: support Hytera digital radios (git-fixes). - rpmsg: core: Clean up resources on announce_create failure (git-fixes). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes). - rtw88: use read_poll_timeout instead of fixed sleep (git-fixes). - rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes). - rtw88: wow: fix size access error of probe request (git-fixes). - sata: nv: fix debug format string mismatch (git-fixes). - select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027). - selftests: KVM: Explicitly use movq to read xmm registers (git-fixes). - selinux: fix potential memleak in selinux_add_opt() (git-fixes). - seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes). - seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes). - serial: pl011: Add ACPI SBSA UART match id (git-fixes). - serial: tty: uartlite: fix console setup (git-fixes). - sfc: Check null pointer of rx_queue->page_ring (git-fixes). - sfc: The RX page_ring is optional (git-fixes). - sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes). - sfc_ef100: potential dereference of null pointer (jsc#SLE-16683). - shmem: shmem_writepage() split unlikely i915 THP (git-fixes). - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes). - soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes). - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes). - soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes). - soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes). - spi: change clk_disable_unprepare to clk_unprepare (git-fixes). - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes). - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes). - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes). - staging: fbtft: Do not spam logs when probe is deferred (git-fixes). - staging: fbtft: Rectify GPIO handling (git-fixes). - staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes). - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes). - staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes). - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes). - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes). - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes). - thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes). - thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes). - thermal: core: Reset previous low and high trip during thermal zone init (git-fixes). - tpm: add request_locality before write TPM_INT_ENABLE (git-fixes). - tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes). - tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes). - tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes). - tracing: Add test for user space strings when filtering on string pointers (git-fixes). - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes). - tty: max310x: fix flexible_array.cocci warnings (git-fixes). - tty: serial: atmel: Call dma_async_issue_pending() (git-fixes). - tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes). - tty: serial: earlycon dependency (git-fixes). - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes). - tty: serial: uartlite: allow 64 bit address (git-fixes). - tty: synclink_gt: rename a conflicting function name (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - uio: uio_dmem_genirq: Catch the Exception (git-fixes). - usb: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (git-fixes). - usb: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes). - usb: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes). - usb: cdc-acm: fix break reporting (git-fixes). - usb: cdc-acm: fix racy tty buffer accesses (git-fixes). - usb: chipidea: fix interrupt deadlock (git-fixes). - usb: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes). - usb: core: config: fix validation of wMaxPacketValue entries (git-fixes). - usb: core: config: using bit mask instead of individual bits (git-fixes). - usb: dwc2: check return value after calling platform_get_resource() (git-fixes). - usb: dwc3: gadget: Continue to process pending requests (git-fixes). - usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes). - usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes). - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes). - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes). - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes). - usb: dwc3: ulpi: fix checkpatch warning (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: gadget: bRequestType is a bitfield, not a enum (git-fixes). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes). - usb: gadget: detect too-big endpoint 0 requests (git-fixes). - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes). - usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes). - usb: gadget: zero allocate endpoint 0 buffers (git-fixes). - usb: mtu3: add memory barrier before set GPD's HWO (git-fixes). - usb: mtu3: fix interval value for intr and isoc (git-fixes). - usb: mtu3: fix list_head check warning (git-fixes). - usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes). - usb: serial: cp210x: fix CP2105 GPIO registration (git-fixes). - usb: serial: option: add Telit FN990 compositions (git-fixes). - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes). - usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes). - usermodehelper: reset umask to default before executing user process (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - video: backlight: Drop maximum brightness override for brightness zero (git-fixes). - watchdog: Fix OMAP watchdog early handling (git-fixes). - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes). - wcn36xx: Release DMA channel descriptor allocations (git-fixes). - wcn36xx: handle connection loss indication (git-fixes). - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes). - xhci: avoid race between disable slot command and host runtime suspend (git-fixes). - xhci: fix unsafe memory usage in xhci tracing (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1154353 SUSE bug 1154492 SUSE bug 1156395 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1177437 SUSE bug 1190256 SUSE bug 1191271 SUSE bug 1192931 SUSE bug 1193255 SUSE bug 1193328 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193767 SUSE bug 1193901 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194027 SUSE bug 1194302 SUSE bug 1194493 SUSE bug 1194516 SUSE bug 1194517 SUSE bug 1194518 SUSE bug 1194529 SUSE bug 1194580 SUSE bug 1194584 SUSE bug 1194586 SUSE bug 1194587 SUSE bug 1194589 SUSE bug 1194590 SUSE bug 1194591 SUSE bug 1194592 SUSE bug 1194888 SUSE bug 1194953 SUSE bug 1194985 SUSE bug 1195062 CVE-2021-4083 at SUSE CVE-2021-4083 at NVD CVE-2021-4135 at SUSE CVE-2021-4135 at NVD CVE-2021-4149 at SUSE CVE-2021-4149 at NVD CVE-2021-4197 at SUSE CVE-2021-4197 at NVD CVE-2021-4202 at SUSE CVE-2021-4202 at NVD CVE-2021-44733 at SUSE CVE-2021-44733 at NVD CVE-2021-46283 at SUSE CVE-2021-46283 at NVD CVE-2022-0185 at SUSE CVE-2022-0185 at NVD CVE-2022-0322 at SUSE CVE-2022-0322 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Important SUSE bug 1202020 CVE-2022-2509 at SUSE CVE-2022-2509 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too. - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Fixed a regression where smart batteries would not be detected on Mac (bsc#1201206). - Fixed an issue where qla2xxx would prevent nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too. - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Important SUSE bug 1178134 SUSE bug 1196616 SUSE bug 1196867 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199648 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1199695 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201442 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201645 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201742 SUSE bug 1201752 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201941 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202087 SUSE bug 1202154 SUSE bug 1202312 CVE-2020-36516 at SUSE CVE-2020-36516 at NVD CVE-2020-36557 at SUSE CVE-2020-36557 at NVD CVE-2020-36558 at SUSE CVE-2020-36558 at NVD CVE-2021-33655 at SUSE CVE-2021-33655 at NVD CVE-2021-33656 at SUSE CVE-2021-33656 at NVD CVE-2022-1116 at SUSE CVE-2022-1116 at NVD CVE-2022-1462 at SUSE CVE-2022-1462 at NVD CVE-2022-20166 at SUSE CVE-2022-20166 at NVD CVE-2022-21505 at SUSE CVE-2022-21505 at NVD CVE-2022-2318 at SUSE CVE-2022-2318 at NVD CVE-2022-26365 at SUSE CVE-2022-26365 at NVD CVE-2022-2639 at SUSE CVE-2022-2639 at NVD CVE-2022-29581 at SUSE CVE-2022-29581 at NVD CVE-2022-33740 at SUSE CVE-2022-33740 at NVD CVE-2022-33741 at SUSE CVE-2022-33741 at NVD CVE-2022-33742 at SUSE CVE-2022-33742 at NVD CVE-2022-36946 at SUSE CVE-2022-36946 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 at SUSE CVE-2022-31676 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Moderate SUSE bug 1187365 SUSE bug 1201551 CVE-2021-3593 at SUSE CVE-2021-3593 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 at SUSE CVE-2022-37434 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 at SUSE CVE-2022-29154 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 at SUSE CVE-2022-21233 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). Low SUSE bug 1202593 CVE-2022-35252 at SUSE CVE-2022-35252 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). Moderate SUSE bug 1193951 CVE-2020-21913 at SUSE CVE-2020-21913 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). Moderate SUSE bug 1198405 CVE-2022-24795 at SUSE CVE-2022-24795 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). Important SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 CVE-2022-1720 at SUSE CVE-2022-1720 at NVD CVE-2022-1968 at SUSE CVE-2022-1968 at NVD CVE-2022-2124 at SUSE CVE-2022-2124 at NVD CVE-2022-2125 at SUSE CVE-2022-2125 at NVD CVE-2022-2126 at SUSE CVE-2022-2126 at NVD CVE-2022-2129 at SUSE CVE-2022-2129 at NVD CVE-2022-2175 at SUSE CVE-2022-2175 at NVD CVE-2022-2182 at SUSE CVE-2022-2182 at NVD CVE-2022-2183 at SUSE CVE-2022-2183 at NVD CVE-2022-2206 at SUSE CVE-2022-2206 at NVD CVE-2022-2207 at SUSE CVE-2022-2207 at NVD CVE-2022-2208 at SUSE CVE-2022-2208 at NVD CVE-2022-2210 at SUSE CVE-2022-2210 at NVD CVE-2022-2231 at SUSE CVE-2022-2231 at NVD CVE-2022-2257 at SUSE CVE-2022-2257 at NVD CVE-2022-2264 at SUSE CVE-2022-2264 at NVD CVE-2022-2284 at SUSE CVE-2022-2284 at NVD CVE-2022-2285 at SUSE CVE-2022-2285 at NVD CVE-2022-2286 at SUSE CVE-2022-2286 at NVD CVE-2022-2287 at SUSE CVE-2022-2287 at NVD CVE-2022-2304 at SUSE CVE-2022-2304 at NVD CVE-2022-2343 at SUSE CVE-2022-2343 at NVD CVE-2022-2344 at SUSE CVE-2022-2344 at NVD CVE-2022-2345 at SUSE CVE-2022-2345 at NVD CVE-2022-2522 at SUSE CVE-2022-2522 at NVD CVE-2022-2571 at SUSE CVE-2022-2571 at NVD CVE-2022-2580 at SUSE CVE-2022-2580 at NVD CVE-2022-2581 at SUSE CVE-2022-2581 at NVD CVE-2022-2598 at SUSE CVE-2022-2598 at NVD CVE-2022-2816 at SUSE CVE-2022-2816 at NVD CVE-2022-2817 at SUSE CVE-2022-2817 at NVD CVE-2022-2819 at SUSE CVE-2022-2819 at NVD CVE-2022-2845 at SUSE CVE-2022-2845 at NVD CVE-2022-2849 at SUSE CVE-2022-2849 at NVD CVE-2022-2862 at SUSE CVE-2022-2862 at NVD CVE-2022-2874 at SUSE CVE-2022-2874 at NVD CVE-2022-2889 at SUSE CVE-2022-2889 at NVD CVE-2022-2923 at SUSE CVE-2022-2923 at NVD CVE-2022-2946 at SUSE CVE-2022-2946 at NVD CVE-2022-3016 at SUSE CVE-2022-3016 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 Moderate SUSE bug 1198823 SUSE bug 1198830 SUSE bug 1198832 CVE-2022-27404 at SUSE CVE-2022-27404 at NVD CVE-2022-27405 at SUSE CVE-2022-27405 at NVD CVE-2022-27406 at SUSE CVE-2022-27406 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). The following non-security bugs were fixed: - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kabi/severities: add stmmac driver local sumbols - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfsd: fix use-after-free due to delegation race (git-fixes). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - profiling: fix shift too large makes kernel panic (git-fixes). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1192968 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1197158 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199291 SUSE bug 1200431 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201610 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202564 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203116 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 CVE-2016-3695 at SUSE CVE-2016-3695 at NVD CVE-2020-27784 at SUSE CVE-2020-27784 at NVD CVE-2021-4155 at SUSE CVE-2021-4155 at NVD CVE-2021-4203 at SUSE CVE-2021-4203 at NVD CVE-2022-20368 at SUSE CVE-2022-20368 at NVD CVE-2022-20369 at SUSE CVE-2022-20369 at NVD CVE-2022-2588 at SUSE CVE-2022-2588 at NVD CVE-2022-26373 at SUSE CVE-2022-26373 at NVD CVE-2022-2663 at SUSE CVE-2022-2663 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-3028 at SUSE CVE-2022-3028 at NVD CVE-2022-36879 at SUSE CVE-2022-36879 at NVD CVE-2022-39188 at SUSE CVE-2022-39188 at NVD CVE-2022-39190 at SUSE CVE-2022-39190 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). Moderate SUSE bug 1047178 CVE-2017-6512 at SUSE CVE-2017-6512 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) Important SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 SUSE bug 1194785 CVE-2021-3999 at SUSE CVE-2021-3999 at NVD CVE-2022-23218 at SUSE CVE-2022-23218 at NVD CVE-2022-23219 at SUSE CVE-2022-23219 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). Important SUSE bug 1201680 CVE-2021-46828 at SUSE CVE-2021-46828 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite was updated to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Updated to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 at SUSE CVE-2021-36690 at NVD CVE-2022-35737 at SUSE CVE-2022-35737 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). Important SUSE bug 1142847 SUSE bug 1150130 SUSE bug 1157805 SUSE bug 1164550 SUSE bug 1164569 SUSE bug 1177179 CVE-2019-13224 at SUSE CVE-2019-13224 at NVD CVE-2019-16163 at SUSE CVE-2019-16163 at NVD CVE-2019-19203 at SUSE CVE-2019-19203 at NVD CVE-2019-19204 at SUSE CVE-2019-19204 at NVD CVE-2019-19246 at SUSE CVE-2019-19246 at NVD CVE-2020-26159 at SUSE CVE-2020-26159 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194576 SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23033 at SUSE CVE-2022-23033 at NVD CVE-2022-23034 at SUSE CVE-2022-23034 at NVD CVE-2022-23035 at SUSE CVE-2022-23035 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). Moderate SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191434 SUSE bug 1193273 CVE-2021-41089 at SUSE CVE-2021-41089 at NVD CVE-2021-41091 at SUSE CVE-2021-41091 at NVD CVE-2021-41092 at SUSE CVE-2021-41092 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). Moderate SUSE bug 1203018 CVE-2022-31252 at SUSE CVE-2022-31252 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libjpeg-turbo fixes the following issues: - CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915). Moderate SUSE bug 1202915 CVE-2020-35538 at SUSE CVE-2020-35538 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 at SUSE CVE-2021-28861 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 at SUSE CVE-2022-40674 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Moderate SUSE bug 1192115 SUSE bug 1198038 SUSE bug 1201367 CVE-2022-0216 at SUSE CVE-2022-0216 at NVD CVE-2022-35414 at SUSE CVE-2022-35414 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1167608 SUSE bug 1185104 SUSE bug 1197081 SUSE bug 1200762 SUSE bug 1201394 SUSE bug 1201631 SUSE bug 1203806 SUSE bug 1203807 CVE-2021-28689 at SUSE CVE-2021-28689 at NVD CVE-2022-26365 at SUSE CVE-2022-26365 at NVD CVE-2022-33740 at SUSE CVE-2022-33740 at NVD CVE-2022-33741 at SUSE CVE-2022-33741 at NVD CVE-2022-33742 at SUSE CVE-2022-33742 at NVD CVE-2022-33745 at SUSE CVE-2022-33745 at NVD CVE-2022-33746 at SUSE CVE-2022-33746 at NVD CVE-2022-33748 at SUSE CVE-2022-33748 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 at SUSE CVE-2022-3515 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - arm64: Kconfig: add a choice for endianness (jsc#SLE-23432). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Critical SUSE bug 1154353 SUSE bug 1154488 SUSE bug 1156395 SUSE bug 1160634 SUSE bug 1176447 SUSE bug 1177599 SUSE bug 1183405 SUSE bug 1185377 SUSE bug 1187428 SUSE bug 1187723 SUSE bug 1188605 SUSE bug 1191881 SUSE bug 1193096 SUSE bug 1193506 SUSE bug 1193767 SUSE bug 1193802 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194048 SUSE bug 1194227 SUSE bug 1194291 SUSE bug 1194880 SUSE bug 1195009 SUSE bug 1195062 SUSE bug 1195065 SUSE bug 1195073 SUSE bug 1195183 SUSE bug 1195184 SUSE bug 1195254 SUSE bug 1195267 SUSE bug 1195293 SUSE bug 1195371 SUSE bug 1195476 SUSE bug 1195477 SUSE bug 1195478 SUSE bug 1195479 SUSE bug 1195480 SUSE bug 1195481 SUSE bug 1195482 CVE-2020-28097 at SUSE CVE-2020-28097 at NVD CVE-2021-22600 at SUSE CVE-2021-22600 at NVD CVE-2021-39648 at SUSE CVE-2021-39648 at NVD CVE-2021-39657 at SUSE CVE-2021-39657 at NVD CVE-2021-39685 at SUSE CVE-2021-39685 at NVD CVE-2021-44733 at SUSE CVE-2021-44733 at NVD CVE-2021-45095 at SUSE CVE-2021-45095 at NVD CVE-2022-0286 at SUSE CVE-2022-0286 at NVD CVE-2022-0330 at SUSE CVE-2022-0330 at NVD CVE-2022-0435 at SUSE CVE-2022-0435 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - multipathd: add 'force_reconfigure' option (bsc#1189551) The command 'multipathd -kreconfigure' changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting 'force_reconfigure yes' in multipath.conf (not recommended). Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and beyond, which provide the command 'multipathd -k'reconfigure all'' - multipathd: avoid stalled clients during reconfigure (bsc#1189551) - multipathd: handle client disconnect correctly (bsc#1189551) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570) - multipathd: disallow changing to/from fpin marginal paths on reconfig - multipathd handle fpin events (bsc#1195506,jsc#PED-1448) - multipath: fix exit status of multipath -T (bsc#1191900) Important SUSE bug 1189551 SUSE bug 1191900 SUSE bug 1195506 SUSE bug 1197570 SUSE bug 1202616 SUSE bug 1202739 CVE-2022-41973 at SUSE CVE-2022-41973 at NVD CVE-2022-41974 at SUSE CVE-2022-41974 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop (bsc#1194166) - CVE-2021-4184: BitTorrent DHT dissector infinite loop (bsc#1194167) - CVE-2021-4183: pcapng file parser crash (bsc#1194168) - CVE-2021-4182: RFC 7468 file parser infinite loop (bsc#1194169) - CVE-2021-4181: Sysdig Event dissector crash (bsc#1194170) - CVE-2021-4190: Kafka dissector infinite loop (bsc#1194171) - Support for Shared Memory Communications (SMC) (jsc#SLE-18727) Moderate SUSE bug 1194166 SUSE bug 1194167 SUSE bug 1194168 SUSE bug 1194169 SUSE bug 1194170 SUSE bug 1194171 SUSE bug 1194780 CVE-2021-4181 at SUSE CVE-2021-4181 at NVD CVE-2021-4182 at SUSE CVE-2021-4182 at NVD CVE-2021-4183 at SUSE CVE-2021-4183 at NVD CVE-2021-4184 at SUSE CVE-2021-4184 at NVD CVE-2021-4185 at SUSE CVE-2021-4185 at NVD CVE-2021-4190 at SUSE CVE-2021-4190 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common@87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master@4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common@7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM Important SUSE bug 1167864 SUSE bug 1181961 SUSE bug 1202812 CVE-2020-10696 at SUSE CVE-2020-10696 at NVD CVE-2021-20206 at SUSE CVE-2021-20206 at NVD CVE-2022-2990 at SUSE CVE-2022-2990 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Important SUSE bug 1204383 CVE-2022-32221 at SUSE CVE-2022-32221 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Important SUSE bug 1177471 SUSE bug 1185032 SUSE bug 1194023 SUSE bug 1196444 SUSE bug 1197659 SUSE bug 1199564 SUSE bug 1200313 SUSE bug 1200622 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201489 SUSE bug 1201645 SUSE bug 1201865 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202341 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203159 SUSE bug 1203290 SUSE bug 1203313 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 SUSE bug 1204289 SUSE bug 1204290 SUSE bug 1204291 SUSE bug 1204292 CVE-2020-16119 at SUSE CVE-2020-16119 at NVD CVE-2022-20008 at SUSE CVE-2022-20008 at NVD CVE-2022-2503 at SUSE CVE-2022-2503 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-3169 at SUSE CVE-2022-3169 at NVD CVE-2022-3239 at SUSE CVE-2022-3239 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-40768 at SUSE CVE-2022-40768 at NVD CVE-2022-41218 at SUSE CVE-2022-41218 at NVD CVE-2022-41222 at SUSE CVE-2022-41222 at NVD CVE-2022-41674 at SUSE CVE-2022-41674 at NVD CVE-2022-41848 at SUSE CVE-2022-41848 at NVD CVE-2022-41849 at SUSE CVE-2022-41849 at NVD CVE-2022-42719 at SUSE CVE-2022-42719 at NVD CVE-2022-42720 at SUSE CVE-2022-42720 at NVD CVE-2022-42721 at SUSE CVE-2022-42721 at NVD CVE-2022-42722 at SUSE CVE-2022-42722 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Critical SUSE bug 1204690 CVE-2021-46848 at SUSE CVE-2021-46848 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 at SUSE CVE-2022-42010 at NVD CVE-2022-42011 at SUSE CVE-2022-42011 at NVD CVE-2022-42012 at SUSE CVE-2022-42012 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (bnc#1177471). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677). - CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer to another table (bsc#1202095). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link disconnect (bnc#1203290). - CVE-2022-32296: Fixed issue where TCP servers were able to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed a use-after-free in the video4linux driver (bnc#1203552). - CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case (bnc#1203514). - CVE-2022-41218: Fixed a use-after-free due to refcount races at releasing (bsc#1202960). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987). - CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992). - CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051). - CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059). - CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device (bsc#1204125). The following non-security bugs were fixed: - Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - acpi: LPSS: Fix missing check in register_device_clock() (git-fixes). - acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes). - acpi: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - acpi: processor: Remove freq Qos request for all CPUs (git-fixes). - acpi: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - acpi: video: Force backlight native for some TongFang devices (git-fixes). - alsa: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - alsa: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - alsa: hda/cirrus - support for iMac 12,1 model (git-fixes). - alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - alsa: hda/realtek: Add quirk for HP Dev One (git-fixes). - alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - alsa: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - alsa: hda/realtek: Re-arrange quirk table entries (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - alsa: info: Fix llseek return value when using callback (git-fixes). - alsa: seq: Fix data-race at module auto-loading (git-fixes). - alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - alsa: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - alsa: usb-audio: Inform the delayed registration more properly (git-fixes). - alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - alsa: usb-audio: Register card again for iface over delayed_register option (git-fixes). - alsa: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - alsa: usb-audio: fix spelling mistakes (git-fixes). - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - asoc: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes). - asoc: codecs: da7210: add check for i2c_add_driver (git-fixes). - asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes). - asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - asoc: tas2770: Allow mono streams (git-fixes). - asoc: tas2770: Reinit regcache on reset (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - hid: wacom: Do not register pad_input for touch switch (git-fixes). - hid: wacom: Only report rotation for art pen (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - input: rk805-pwrkey - fix module autoloading (git-fixes). - input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - jfs: fix GPF in diFree (bsc#1203389). - jfs: fix memleak in jfs_mount (git-fixes). - jfs: more checks for invalid superblock (git-fixes). - jfs: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kabi: cgroup: Restore KABI of css_set (bsc#1201610). - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from functions (bsc#1196444). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec_file: drop weak attribute from functions (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - kvm: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - kvm: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - kvm: x86: accept userspace interrupt only if no event is injected (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - mmap locking API: add mmap_lock_is_contended() (bsc#1201990). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfs: fix nfs_path in case of a rename retry (git-fixes). - nfsd: Add missing NFSv2 .pc_func methods (git-fixes). - nfsd: Clamp WRITE offsets (git-fixes). - nfsd: Fix offset type in I/O trace points (git-fixes). - nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nfsd: prevent integer overflow on 32 bit systems (git-fixes). - nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes). - nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - nfsv4: Fix races in the legacy idmapper upcall (git-fixes). - nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489). - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes). - pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - pci: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - pci: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - pci: qcom: Fix pipe clock imbalance (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - profiling: fix shift too large makes kernel panic (git-fixes). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - sunrpc: Clean up scheduling of autoclose (git-fixes). - sunrpc: Do not call connect() more than once on a TCP socket (git-fixes). - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - sunrpc: Do not leak sockets in xs_local_connect() (git-fixes). - sunrpc: Fix READ_PLUS crasher (git-fixes). - sunrpc: Fix misplaced barrier in call_decode (git-fixes). - sunrpc: Prevent immediate close+reconnect (git-fixes). - sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes). - sunrpc: Reinitialise the backchannel request buffers before reuse (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - usb.h: struct usb_device: hide new member (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - usb: core: Fix RST error in hub.c (git-fixes). - usb: core: Prevent nested device-reset calls (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: disable USB core PHY management (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: otg-fsm: Fix hrtimer list corruption (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: serial: ch341: fix disabled rx timer on older devices (git-fixes). - usb: serial: ch341: fix lost character on LCR updates (git-fixes). - usb: serial: ch341: name prescaler, divisor registers (git-fixes). - usb: serial: cp210x: add Decagon UCA device id (git-fixes). - usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel EM060K modem (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - usb: serial: option: add support for OPPO R11 diag port (git-fixes). - usb: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - vmci: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - vmci: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1177471 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1185032 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1194023 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1196444 SUSE bug 1197158 SUSE bug 1197659 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199291 SUSE bug 1200288 SUSE bug 1200313 SUSE bug 1200431 SUSE bug 1200622 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201420 SUSE bug 1201489 SUSE bug 1201610 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201865 SUSE bug 1201948 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202341 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202385 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202638 SUSE bug 1202672 SUSE bug 1202677 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 SUSE bug 1203159 SUSE bug 1203290 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203802 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 CVE-2016-3695 at SUSE CVE-2016-3695 at NVD CVE-2020-16119 at SUSE CVE-2020-16119 at NVD CVE-2020-27784 at SUSE CVE-2020-27784 at NVD CVE-2021-4155 at SUSE CVE-2021-4155 at NVD CVE-2021-4203 at SUSE CVE-2021-4203 at NVD CVE-2022-20368 at SUSE CVE-2022-20368 at NVD CVE-2022-20369 at SUSE CVE-2022-20369 at NVD CVE-2022-2503 at SUSE CVE-2022-2503 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-2588 at SUSE CVE-2022-2588 at NVD CVE-2022-26373 at SUSE CVE-2022-26373 at NVD CVE-2022-2663 at SUSE CVE-2022-2663 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-3028 at SUSE CVE-2022-3028 at NVD CVE-2022-3169 at SUSE CVE-2022-3169 at NVD CVE-2022-32296 at SUSE CVE-2022-32296 at NVD CVE-2022-3239 at SUSE CVE-2022-3239 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-36879 at SUSE CVE-2022-36879 at NVD CVE-2022-39188 at SUSE CVE-2022-39188 at NVD CVE-2022-39190 at SUSE CVE-2022-39190 at NVD CVE-2022-40768 at SUSE CVE-2022-40768 at NVD CVE-2022-41218 at SUSE CVE-2022-41218 at NVD CVE-2022-41222 at SUSE CVE-2022-41222 at NVD CVE-2022-41674 at SUSE CVE-2022-41674 at NVD CVE-2022-41848 at SUSE CVE-2022-41848 at NVD CVE-2022-41849 at SUSE CVE-2022-41849 at NVD CVE-2022-42719 at SUSE CVE-2022-42719 at NVD CVE-2022-42720 at SUSE CVE-2022-42720 at NVD CVE-2022-42721 at SUSE CVE-2022-42721 at NVD CVE-2022-42722 at SUSE CVE-2022-42722 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). Moderate SUSE bug 1202809 CVE-2022-2989 at SUSE CVE-2022-2989 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 at SUSE CVE-2016-3709 at NVD CVE-2022-40303 at SUSE CVE-2022-40303 at NVD CVE-2022-40304 at SUSE CVE-2022-40304 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 at SUSE CVE-2022-43680 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) Important SUSE bug 1194530 SUSE bug 1203681 SUSE bug 1204256 CVE-2021-22569 at SUSE CVE-2021-22569 at NVD CVE-2022-1941 at SUSE CVE-2022-1941 at NVD CVE-2022-3171 at SUSE CVE-2022-3171 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) Important SUSE bug 1203125 SUSE bug 1204577 CVE-2020-10735 at SUSE CVE-2020-10735 at NVD CVE-2022-37454 at SUSE CVE-2022-37454 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15-SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1204053 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 at SUSE CVE-2021-4037 at NVD CVE-2022-2153 at SUSE CVE-2022-2153 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-2964 at SUSE CVE-2022-2964 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-3176 at SUSE CVE-2022-3176 at NVD CVE-2022-3424 at SUSE CVE-2022-3424 at NVD CVE-2022-3521 at SUSE CVE-2022-3521 at NVD CVE-2022-3524 at SUSE CVE-2022-3524 at NVD CVE-2022-3535 at SUSE CVE-2022-3535 at NVD CVE-2022-3542 at SUSE CVE-2022-3542 at NVD CVE-2022-3545 at SUSE CVE-2022-3545 at NVD CVE-2022-3565 at SUSE CVE-2022-3565 at NVD CVE-2022-3577 at SUSE CVE-2022-3577 at NVD CVE-2022-3586 at SUSE CVE-2022-3586 at NVD CVE-2022-3594 at SUSE CVE-2022-3594 at NVD CVE-2022-3621 at SUSE CVE-2022-3621 at NVD CVE-2022-3625 at SUSE CVE-2022-3625 at NVD CVE-2022-3629 at SUSE CVE-2022-3629 at NVD CVE-2022-3640 at SUSE CVE-2022-3640 at NVD CVE-2022-3646 at SUSE CVE-2022-3646 at NVD CVE-2022-3649 at SUSE CVE-2022-3649 at NVD CVE-2022-39189 at SUSE CVE-2022-39189 at NVD CVE-2022-42703 at SUSE CVE-2022-42703 at NVD CVE-2022-43750 at SUSE CVE-2022-43750 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Important SUSE bug 1027519 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2022-33746 at SUSE CVE-2022-33746 at NVD CVE-2022-33747 at SUSE CVE-2022-33747 at NVD CVE-2022-33748 at SUSE CVE-2022-33748 at NVD CVE-2022-42309 at SUSE CVE-2022-42309 at NVD CVE-2022-42310 at SUSE CVE-2022-42310 at NVD CVE-2022-42311 at SUSE CVE-2022-42311 at NVD CVE-2022-42312 at SUSE CVE-2022-42312 at NVD CVE-2022-42313 at SUSE CVE-2022-42313 at NVD CVE-2022-42314 at SUSE CVE-2022-42314 at NVD CVE-2022-42315 at SUSE CVE-2022-42315 at NVD CVE-2022-42316 at SUSE CVE-2022-42316 at NVD CVE-2022-42317 at SUSE CVE-2022-42317 at NVD CVE-2022-42318 at SUSE CVE-2022-42318 at NVD CVE-2022-42319 at SUSE CVE-2022-42319 at NVD CVE-2022-42320 at SUSE CVE-2022-42320 at NVD CVE-2022-42321 at SUSE CVE-2022-42321 at NVD CVE-2022-42322 at SUSE CVE-2022-42322 at NVD CVE-2022-42323 at SUSE CVE-2022-42323 at NVD CVE-2022-42325 at SUSE CVE-2022-42325 at NVD CVE-2022-42326 at SUSE CVE-2022-42326 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing Important SUSE bug 1101820 SUSE bug 1149792 SUSE bug 1176785 SUSE bug 1177083 CVE-2018-10903 at SUSE CVE-2018-10903 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202638 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1203802 SUSE bug 1204053 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 at SUSE CVE-2021-4037 at NVD CVE-2022-2153 at SUSE CVE-2022-2153 at NVD CVE-2022-2964 at SUSE CVE-2022-2964 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-3176 at SUSE CVE-2022-3176 at NVD CVE-2022-3424 at SUSE CVE-2022-3424 at NVD CVE-2022-3521 at SUSE CVE-2022-3521 at NVD CVE-2022-3524 at SUSE CVE-2022-3524 at NVD CVE-2022-3535 at SUSE CVE-2022-3535 at NVD CVE-2022-3542 at SUSE CVE-2022-3542 at NVD CVE-2022-3545 at SUSE CVE-2022-3545 at NVD CVE-2022-3565 at SUSE CVE-2022-3565 at NVD CVE-2022-3577 at SUSE CVE-2022-3577 at NVD CVE-2022-3586 at SUSE CVE-2022-3586 at NVD CVE-2022-3594 at SUSE CVE-2022-3594 at NVD CVE-2022-3621 at SUSE CVE-2022-3621 at NVD CVE-2022-3625 at SUSE CVE-2022-3625 at NVD CVE-2022-3629 at SUSE CVE-2022-3629 at NVD CVE-2022-3640 at SUSE CVE-2022-3640 at NVD CVE-2022-3646 at SUSE CVE-2022-3646 at NVD CVE-2022-3649 at SUSE CVE-2022-3649 at NVD CVE-2022-39189 at SUSE CVE-2022-39189 at NVD CVE-2022-42703 at SUSE CVE-2022-42703 at NVD CVE-2022-43750 at SUSE CVE-2022-43750 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). Moderate SUSE bug 1204179 SUSE bug 1204968 CVE-2022-3821 at SUSE CVE-2022-3821 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). Important SUSE bug 1190818 SUSE bug 1203201 SUSE bug 1204986 CVE-2022-43995 at SUSE CVE-2022-43995 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). Low SUSE bug 1199944 CVE-2022-1664 at SUSE CVE-2022-1664 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 at SUSE CVE-2022-44638 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 at SUSE CVE-2022-42898 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for opensc fixes the following issues: - CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c (bsc#1122756). Moderate SUSE bug 1122756 CVE-2019-6502 at SUSE CVE-2019-6502 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). Low SUSE bug 1174414 CVE-2019-2708 at SUSE CVE-2019-2708 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244). Important SUSE bug 1205244 CVE-2022-45061 at SUSE CVE-2022-45061 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Moderate SUSE bug 1184689 SUSE bug 1188086 SUSE bug 1192252 SUSE bug 1192648 SUSE bug 1197428 SUSE bug 1200330 SUSE bug 1202269 SUSE bug 1202337 SUSE bug 1202417 SUSE bug 1203818 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). Important SUSE bug 1192478 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2022-2980 at SUSE CVE-2022-2980 at NVD CVE-2022-2982 at SUSE CVE-2022-2982 at NVD CVE-2022-3037 at SUSE CVE-2022-3037 at NVD CVE-2022-3099 at SUSE CVE-2022-3099 at NVD CVE-2022-3134 at SUSE CVE-2022-3134 at NVD CVE-2022-3153 at SUSE CVE-2022-3153 at NVD CVE-2022-3234 at SUSE CVE-2022-3234 at NVD CVE-2022-3235 at SUSE CVE-2022-3235 at NVD CVE-2022-3278 at SUSE CVE-2022-3278 at NVD CVE-2022-3296 at SUSE CVE-2022-3296 at NVD CVE-2022-3297 at SUSE CVE-2022-3297 at NVD CVE-2022-3324 at SUSE CVE-2022-3324 at NVD CVE-2022-3352 at SUSE CVE-2022-3352 at NVD CVE-2022-3705 at SUSE CVE-2022-3705 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) Moderate SUSE bug 1178561 SUSE bug 1190515 SUSE bug 1194178 CVE-2021-3997 at SUSE CVE-2021-3997 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) Moderate SUSE bug 1187767 SUSE bug 1204556 CVE-2021-3623 at SUSE CVE-2021-3623 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Important SUSE bug 1197284 SUSE bug 1206065 SUSE bug 1206235 CVE-2022-23471 at SUSE CVE-2022-23471 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ceph fixes the following issues: ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573): + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) + (bsc#1200064,) Remove last vestiges of docker.io image paths + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit + (jsc#SES-2515) High-availability NFS export + (bsc#1194875) [SES7P] include/buffer: include <memory> + cephadm: update image paths to registry.suse.com + cephadm: use snmp-notifier image from registry.suse.de + cephadm: infer the default container image during pull + mgr/cephadm: try to get FQDN for inventory address + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + Update prometheus-server version + (bsc#1194353) Downstream branding breaks dashboard npm build + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links Important SUSE bug 1178073 SUSE bug 1194131 SUSE bug 1194353 SUSE bug 1194875 SUSE bug 1195359 SUSE bug 1196044 SUSE bug 1196785 SUSE bug 1196938 SUSE bug 1200064 SUSE bug 1200553 CVE-2021-3979 at SUSE CVE-2021-3979 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 at SUSE CVE-2021-20206 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 at SUSE CVE-2021-20206 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Moderate SUSE bug 1200285 CVE-2022-1708 at SUSE CVE-2022-1708 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204446 SUSE bug 1204631 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205186 SUSE bug 1205220 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-28693 at SUSE CVE-2022-28693 at NVD CVE-2022-3567 at SUSE CVE-2022-3567 at NVD CVE-2022-3628 at SUSE CVE-2022-3628 at NVD CVE-2022-3635 at SUSE CVE-2022-3635 at NVD CVE-2022-3707 at SUSE CVE-2022-3707 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4129 at SUSE CVE-2022-4129 at NVD CVE-2022-4139 at SUSE CVE-2022-4139 at NVD CVE-2022-41850 at SUSE CVE-2022-41850 at NVD CVE-2022-41858 at SUSE CVE-2022-41858 at NVD CVE-2022-42895 at SUSE CVE-2022-42895 at NVD CVE-2022-42896 at SUSE CVE-2022-42896 at NVD CVE-2022-4378 at SUSE CVE-2022-4378 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1199657 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1201469 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204228 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204414 SUSE bug 1204446 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205264 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205567 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-28693 at SUSE CVE-2022-28693 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-3567 at SUSE CVE-2022-3567 at NVD CVE-2022-3628 at SUSE CVE-2022-3628 at NVD CVE-2022-3635 at SUSE CVE-2022-3635 at NVD CVE-2022-3707 at SUSE CVE-2022-3707 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4129 at SUSE CVE-2022-4129 at NVD CVE-2022-4139 at SUSE CVE-2022-4139 at NVD CVE-2022-41850 at SUSE CVE-2022-41850 at NVD CVE-2022-41858 at SUSE CVE-2022-41858 at NVD CVE-2022-42895 at SUSE CVE-2022-42895 at NVD CVE-2022-42896 at SUSE CVE-2022-42896 at NVD CVE-2022-4378 at SUSE CVE-2022-4378 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 at SUSE CVE-2022-46908 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). Important SUSE bug 1200723 SUSE bug 1203857 SUSE bug 1204423 SUSE bug 1205000 CVE-2022-4415 at SUSE CVE-2022-4415 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 CVE-2022-3491 at SUSE CVE-2022-3491 at NVD CVE-2022-3520 at SUSE CVE-2022-3520 at NVD CVE-2022-3591 at SUSE CVE-2022-3591 at NVD CVE-2022-3705 at SUSE CVE-2022-3705 at NVD CVE-2022-4141 at SUSE CVE-2022-4141 at NVD CVE-2022-4292 at SUSE CVE-2022-4292 at NVD CVE-2022-4293 at SUSE CVE-2022-4293 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). Moderate SUSE bug 1206309 CVE-2022-43552 at SUSE CVE-2022-43552 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 at SUSE CVE-2022-23852 at NVD CVE-2022-23990 at SUSE CVE-2022-23990 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). Moderate SUSE bug 1195542 CVE-2021-4115 at SUSE CVE-2021-4115 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) Moderate SUSE bug 1191826 SUSE bug 1192637 SUSE bug 1194178 CVE-2021-3997 at SUSE CVE-2021-3997 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371). - CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes). - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes). - ACPICA: Fix wrong interpretation of PCC address (git-fixes). - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes). - ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes). - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes). - ALSA: seq: Set upper limit of processed events (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: mediatek: mt8173: fix device_node leak (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes). - Bluetooth: refactor malicious adv data check (git-fixes). - Documentation: fix firewire.rst ABI file path error (git-fixes). - HID: apple: Do not reset quirks when the Fn key is not found (git-fixes). - HID: quirks: Allow inverting the absolute X/Y values (git-fixes). - HID: uhid: Fix worker destroying device without any protection (git-fixes). - HID: wacom: Reset expected and received contact counts at the same time (git-fixes). - IB/cm: Avoid a loop when device has 255 ports (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/isert: Fix a use after free in isert_connect_request (git-fixes) - IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes) - IB/mlx5: Add missing error code (git-fixes) - IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes) - IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes) - IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - Input: wm97xx: Simplify resource management (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFSv4: Handle case where the lookup of a directory fails (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/core: Always release restrack object (git-fixes) - RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176). - RDMA/core: Do not access cm_id after its destruction (git-fixes) - RDMA/core: Do not indicate device ready when device enablement fails (git-fixes) - RDMA/core: Fix corrupted SL on passive side (git-fixes) - RDMA/core: Unify RoCE check and re-factor code (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes) - RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes) - RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix query DCT via DEVX (git-fixes) - RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes) - RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes) - RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes) - RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes) - RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes) - RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176). - RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes) - RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes) - RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes) - RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes) - RDMA/siw: Properly check send and receive CQ pointers (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: serial: mos7840: fix probe error handling (git-fixes). - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes). - ath10k: Fix tx hanging (git-fixes). - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes). - batman-adv: allow netlink usage in unprivileged containers (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481). - blk-mq: introduce blk_mq_set_request_complete (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291). - clk: si5341: Fix clock HW provider cleanup (git-fixes). - crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes). - drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes). - drm/etnaviv: limit submit sizes (git-fixes). - drm/etnaviv: relax submit size limits (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes). - drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes). - drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes). - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes). - drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes). - drm/msm: Fix wrong size calculation (git-fixes). - drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes). - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267). - floppy: Add max size check for user space request (git-fixes). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). - gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes). - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes). - hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes). - hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes). - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes). - i2c: i801: Do not silently correct invalid transfer size (git-fixes). - i2c: mpc: Correct I2C reset procedure (git-fixes). - i40iw: Add support to make destroy QP synchronous (git-fixes) - ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713). - ibmvnic: Update driver return codes (bsc#1195293 ltc#196198). - ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713). - ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713). - ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713). - ibmvnic: remove unused defines (bsc#1195293 ltc#196198). - igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634). - iwlwifi: fix leaks/bad data after failed firmware load (git-fixes). - iwlwifi: mvm: Fix calculation of frame length (git-fixes). - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes). - iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes). - iwlwifi: remove module loading failure message (git-fixes). - lib82596: Fix IRQ check in sni_82596_probe (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881). - mac80211: allow non-standard VHT MCS-10/11 (git-fixes). - media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes). - media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes). - media: igorplugusb: receiver overflow should be reported (git-fixes). - media: m920x: do not use stack on USB reads (git-fixes). - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes). - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes). - mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488). - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes). - mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes). - mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes). - mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464). - net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172). - net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447). - net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447). - net: bridge: vlan: fix single net device option dumping (bsc#1176447). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353). - netdevsim: set .owner to THIS_MODULE (bsc#1154353). - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes). - nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes). - nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes). - nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes). - nvme-tcp: fix data digest pointer calculation (git-fixes). - nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes). - nvme-tcp: fix memory leak when freeing a queue (git-fixes). - nvme-tcp: fix possible use-after-completion (git-fixes). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes). - nvme: introduce a nvme_host_path_error helper (git-fixes). - nvme: refactor ns->ctrl by request (git-fixes). - phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes). - phylib: fix potential use-after-free (git-fixes). - pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes). - pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes). - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes). - rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes). - sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)). - sched/numa: Fix is_core_idle() (git fixes (sched/numa)). - scripts/dtc: dtx_diff: remove broken example from help text (git-fixes). - scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes). - serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes). - serial: Fix incorrect rs485 polarity on uart open (git-fixes). - serial: amba-pl011: do not request memory region twice (git-fixes). - serial: core: Keep mctrl register state and cached copy in sync (git-fixes). - serial: pl010: Drop CR register reset on set_termios (git-fixes). - serial: stm32: fix software flow control transfer (git-fixes). - spi: bcm-qspi: check for valid cs before applying chip select (git-fixes). - spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes). - spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes). - supported.conf: mark rtw88 modules as supported (jsc#SLE-22690) - tty: Add support for Brainboxes UC cards (git-fixes). - tty: n_gsm: fix SW flow control encoding/handling (git-fixes). - ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes). - udf: Fix NULL ptr deref when converting from inline format (bsc#1195476). - udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: common: ulpi: Fix crash in ulpi_match() (git-fixes). - usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes). - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes). - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes). - usb: roles: fix include/linux/usb/role.h compile issue (git-fixes). - usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes). - usb: uhci: add aspeed ast2600 uhci support (git-fixes). - vfio/iommu_type1: replace kfree with kvfree (git-fixes). - video: hyperv_fb: Fix validation of screen resolution (git-fixes). - vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353). - x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Critical SUSE bug 1154353 SUSE bug 1154488 SUSE bug 1156395 SUSE bug 1160634 SUSE bug 1176447 SUSE bug 1177599 SUSE bug 1183405 SUSE bug 1185377 SUSE bug 1187428 SUSE bug 1187723 SUSE bug 1188605 SUSE bug 1191881 SUSE bug 1193096 SUSE bug 1193506 SUSE bug 1193802 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194048 SUSE bug 1194227 SUSE bug 1194291 SUSE bug 1194880 SUSE bug 1195009 SUSE bug 1195065 SUSE bug 1195073 SUSE bug 1195183 SUSE bug 1195184 SUSE bug 1195254 SUSE bug 1195267 SUSE bug 1195293 SUSE bug 1195371 SUSE bug 1195476 SUSE bug 1195477 SUSE bug 1195478 SUSE bug 1195479 SUSE bug 1195480 SUSE bug 1195481 SUSE bug 1195482 CVE-2020-28097 at SUSE CVE-2020-28097 at NVD CVE-2021-22600 at SUSE CVE-2021-22600 at NVD CVE-2021-39648 at SUSE CVE-2021-39648 at NVD CVE-2021-39657 at SUSE CVE-2021-39657 at NVD CVE-2021-39685 at SUSE CVE-2021-39685 at NVD CVE-2021-45095 at SUSE CVE-2021-45095 at NVD CVE-2022-0286 at SUSE CVE-2022-0286 at NVD CVE-2022-0330 at SUSE CVE-2022-0330 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 at SUSE CVE-2021-0127 at NVD CVE-2021-0145 at SUSE CVE-2021-0145 at NVD CVE-2021-0146 at SUSE CVE-2021-0146 at NVD CVE-2021-33120 at SUSE CVE-2021-33120 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040). Low SUSE bug 1113040 CVE-2018-18586 at SUSE CVE-2018-18586 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 at SUSE CVE-2022-25235 at NVD CVE-2022-25236 at SUSE CVE-2022-25236 at NVD CVE-2022-25313 at SUSE CVE-2022-25313 at NVD CVE-2022-25314 at SUSE CVE-2022-25314 at NVD CVE-2022-25315 at SUSE CVE-2022-25315 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Important SUSE bug 1194732 SUSE bug 1194733 CVE-2022-23303 at SUSE CVE-2022-23303 at NVD CVE-2022-23304 at SUSE CVE-2022-23304 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Moderate SUSE bug 1196167 CVE-2021-4209 at SUSE CVE-2021-4209 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Moderate SUSE bug 1196441 CVE-2022-23648 at SUSE CVE-2022-23648 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) Moderate SUSE bug 1188507 SUSE bug 1192954 SUSE bug 1193632 SUSE bug 1194976 CVE-2021-3995 at SUSE CVE-2021-3995 at NVD CVE-2021-3996 at SUSE CVE-2021-3996 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). Important SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191893 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1194216 SUSE bug 1194556 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195356 CVE-2021-3778 at SUSE CVE-2021-3778 at NVD CVE-2021-3796 at SUSE CVE-2021-3796 at NVD CVE-2021-3872 at SUSE CVE-2021-3872 at NVD CVE-2021-3927 at SUSE CVE-2021-3927 at NVD CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2021-3984 at SUSE CVE-2021-3984 at NVD CVE-2021-4019 at SUSE CVE-2021-4019 at NVD CVE-2021-4193 at SUSE CVE-2021-4193 at NVD CVE-2021-46059 at SUSE CVE-2021-46059 at NVD CVE-2022-0318 at SUSE CVE-2022-0318 at NVD CVE-2022-0319 at SUSE CVE-2022-0319 at NVD CVE-2022-0351 at SUSE CVE-2022-0351 at NVD CVE-2022-0361 at SUSE CVE-2022-0361 at NVD CVE-2022-0413 at SUSE CVE-2022-0413 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). Important SUSE bug 1194265 SUSE bug 1196036 CVE-2022-24407 at SUSE CVE-2022-24407 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). - Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/core: Always release restrack object (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/siw: Release xarray entry (git-fixes) - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Adjust BTF log size limit (git-fixes). - bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). Important SUSE bug 1089644 SUSE bug 1154353 SUSE bug 1157038 SUSE bug 1157923 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1181588 SUSE bug 1183872 SUSE bug 1187716 SUSE bug 1188404 SUSE bug 1189126 SUSE bug 1190812 SUSE bug 1190972 SUSE bug 1191580 SUSE bug 1191655 SUSE bug 1191741 SUSE bug 1192210 SUSE bug 1192483 SUSE bug 1193096 SUSE bug 1193233 SUSE bug 1193243 SUSE bug 1193787 SUSE bug 1194163 SUSE bug 1194967 SUSE bug 1195012 SUSE bug 1195081 SUSE bug 1195286 SUSE bug 1195352 SUSE bug 1195378 SUSE bug 1195506 SUSE bug 1195516 SUSE bug 1195543 SUSE bug 1195668 SUSE bug 1195701 SUSE bug 1195798 SUSE bug 1195799 SUSE bug 1195823 SUSE bug 1195908 SUSE bug 1195928 SUSE bug 1195947 SUSE bug 1195957 SUSE bug 1195995 SUSE bug 1196195 SUSE bug 1196235 SUSE bug 1196339 SUSE bug 1196373 SUSE bug 1196400 SUSE bug 1196403 SUSE bug 1196516 SUSE bug 1196584 SUSE bug 1196585 SUSE bug 1196601 SUSE bug 1196612 SUSE bug 1196776 CVE-2022-0001 at SUSE CVE-2022-0001 at NVD CVE-2022-0002 at SUSE CVE-2022-0002 at NVD CVE-2022-0492 at SUSE CVE-2022-0492 at NVD CVE-2022-0516 at SUSE CVE-2022-0516 at NVD CVE-2022-0847 at SUSE CVE-2022-0847 at NVD CVE-2022-25375 at SUSE CVE-2022-25375 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ). The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m - EDAC/xgene: Fix deferred probing (bsc#1178134). - HID:Add support for UGTABLET WP5540 (git-fixes). - IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes). - IB/hfi1: Fix AIP early init panic (jsc#SLE-13208). - KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (bsc#1181147). - RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: cp210x: add NCR Retail IO box id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787). - blk-mq: clearing flush request reference in tags->rqs (bsc#1193787). - blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787). - blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787). - blk-tag: Hide spin_lock (bsc#1193787). - block: avoid double io accounting for flush request (bsc#1193787). - block: do not send a rezise udev event for hidden block device (bsc#1193096). - block: mark flush request as IDLE when it is really finished (bsc#1193787). - bonding: pair enable_port with slave_arr_updates (git-fixes). - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - btrfs: check worker before need_preemptive_reclaim (bsc#1196195). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195). - btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195). - btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195). - btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210). - btrfs: only clamp the first time we have to start flushing (bsc#1196195). - btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195). - btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195). - btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195). - ceph: properly put ceph_string reference after async create attempt (bsc#1195798). - ceph: set pool_ns in new inode layout for async creates (bsc#1195799). - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - gve: Add RX context (bsc#1191655). - gve: Add a jumbo-frame device option (bsc#1191655). - gve: Add consumed counts to ethtool stats (bsc#1191655). - gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655). - gve: Correct order of processing device options (bsc#1191655). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: Fix off by one in gve_tx_timeout() (bsc#1191655). - gve: Implement packet continuation for RX (bsc#1191655). - gve: Implement suspend/resume/shutdown (bsc#1191655). - gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655). - gve: Recording rx queue before sending to napi (bsc#1191655). - gve: Recover from queue stall due to missed IRQ (bsc#1191655). - gve: Update gve_free_queue_page_list signature (bsc#1191655). - gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655). - gve: fix for null pointer dereference (bsc#1191655). - gve: fix the wrong AdminQ buffer queue index check (bsc#1176940). - gve: fix unmatched u64_stats_update_end() (bsc#1191655). - gve: remove memory barrier around seqno (bsc#1191655). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - integrity: Make function integrity_add_key() static (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - integrity: double check iint_cache was initialized (git-fixes). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674). - kABI: Fix kABI for AMD IOMMU driver (git-fixes). - kabi: Hide changes to s390/AP structures (jsc#SLE-20807). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - md/raid5: fix oops during stripe resizing (bsc#1181588). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - nfp: flower: fix ida_idx not being released (bsc#1154353). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes). - s390/bpf: Fix optimizing out zero-extensions (git-fixes). - s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549). - s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028). - s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135). - s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816). - s390/uv: add prot virt guest/host indication files (jsc#SLE-22135). - s390/uv: fix prot virt host indication compilation (jsc#SLE-22135). - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506). - scsi: core: Add limitless cmd retry support (bsc#1195506). - scsi: core: No retries on abort success (bsc#1195506). - scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506). - scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add marginal path handling support (bsc#1195506). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506). - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244). - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506). - staging/fbtft: Fix backlight (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: do not set gadget->is_otg flag (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: s3c: remove unused 'udc' variable (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). Important SUSE bug 1089644 SUSE bug 1154353 SUSE bug 1157038 SUSE bug 1157923 SUSE bug 1176447 SUSE bug 1176940 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1181588 SUSE bug 1183872 SUSE bug 1187716 SUSE bug 1188404 SUSE bug 1189126 SUSE bug 1190812 SUSE bug 1190972 SUSE bug 1191580 SUSE bug 1191655 SUSE bug 1191741 SUSE bug 1192210 SUSE bug 1192483 SUSE bug 1193096 SUSE bug 1193233 SUSE bug 1193243 SUSE bug 1193787 SUSE bug 1194163 SUSE bug 1194967 SUSE bug 1195012 SUSE bug 1195081 SUSE bug 1195286 SUSE bug 1195352 SUSE bug 1195378 SUSE bug 1195506 SUSE bug 1195668 SUSE bug 1195701 SUSE bug 1195798 SUSE bug 1195799 SUSE bug 1195823 SUSE bug 1195928 SUSE bug 1195957 SUSE bug 1195995 SUSE bug 1196195 SUSE bug 1196235 SUSE bug 1196339 SUSE bug 1196400 SUSE bug 1196516 SUSE bug 1196584 CVE-2022-0001 at SUSE CVE-2022-0001 at NVD CVE-2022-0002 at SUSE CVE-2022-0002 at NVD CVE-2022-0847 at SUSE CVE-2022-0847 at NVD CVE-2022-25375 at SUSE CVE-2022-25375 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that could allow an authenticate user to cause a denial of service (bnc#1192877). - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). The following non-security bugs were fixed: - acpi: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - acpi: battery: Accept charges over the design capacity as full (git-fixes). - acpica: Avoid evaluating methods too early during system resume (git-fixes). - alsa: ISA: not for M68K (git-fixes). - alsa: ctxfi: Fix out-of-range access (git-fixes). - alsa: gus: fix null pointer dereference on pointer block (git-fixes). - alsa: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - alsa: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - alsa: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - alsa: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - alsa: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - alsa: timer: Fix use-after-free problem (git-fixes). - alsa: timer: Unconditionally unlink slave instances, too (git-fixes). - alsa: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - arm: 8970/1: decompressor: increase tag size (git-fixes). - arm: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - arm: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - arm: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - arm: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - arm: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - arm: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - arm: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - arm: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - arm: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes) - arm: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - arm: 9134/1: remove duplicate memcpy() definition (git-fixes) - arm: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - arm: 9141/1: only warn about XIP address when not compile testing (git-fixes) - arm: 9155/1: fix early early_iounmap() (git-fixes) - arm: OMAP2+: Fix legacy mode dss_reset (git-fixes) - arm: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - arm: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - arm: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - arm: at91: pm: of_node_put() after its usage (git-fixes) - arm: at91: pm: use proper master clock register offset (git-fixes) - arm: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - arm: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - arm: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - arm: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - arm: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - arm: dts: Configure missing thermal interrupt for 4430 (git-fixes) - arm: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - arm: dts: Fix duovero smsc interrupt for suspend (git-fixes) - arm: dts: N900: fix onenand timings (git-fixes). - arm: dts: NSP: Correct FA2 mailbox node (git-fixes) - arm: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - arm: dts: NSP: Fixed QSPI compatible string (git-fixes) - arm: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - arm: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - arm: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - arm: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - arm: dts: am437x-l4: fix typo in can@0 node (git-fixes) - arm: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - arm: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - arm: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - arm: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - arm: dts: aspeed: tiogapass: Remove vuart (git-fixes) - arm: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - arm: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - arm: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - arm: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - arm: dts: at91: sama5d2: map securam as device (git-fixes) - arm: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - arm: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - arm: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - arm: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - arm: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - arm: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - arm: dts: at91: tse850: the emac&lt;->phy interface is rmii (git-fixes) - arm: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - arm: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - arm: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - arm: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - arm: dts: dra76x: m_can: fix order of clocks (git-fixes) - arm: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - arm: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - arm: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - arm: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - arm: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - arm: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - arm: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - arm: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - arm: dts: gose: Fix ports node name for adv7180 (git-fixes) - arm: dts: gose: Fix ports node name for adv7612 (git-fixes) - arm: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - arm: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - arm: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - arm: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - arm: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - arm: dts: imx6: phycore-som: fix emmc supply (git-fixes) - arm: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - arm: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - arm: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - arm: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - arm: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - arm: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - arm: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - arm: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - arm: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - arm: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - arm: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - arm: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - arm: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - arm: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - arm: dts: imx6sl: fix rng node (git-fixes) - arm: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - arm: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - arm: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - arm: dts: imx6sx: Improve UART pins macro defines (git-fixes) - arm: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - arm: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - arm: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - arm: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - arm: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - arm: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - arm: dts: imx7d: Correct speed grading fuse settings (git-fixes) - arm: dts: imx7d: fix opp-supported-hw (git-fixes) - arm: dts: imx7ulp: Correct gpio ranges (git-fixes) - arm: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - arm: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - arm: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - arm: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - arm: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - arm: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - arm: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - arm: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - arm: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - arm: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - arm: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - arm: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson: fix PHY deassert timing requirements (git-fixes) - arm: dts: mt7623: add missing pause for switchport (git-fixes) - arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - arm: dts: omap3430-sdp: Fix NAND device node (git-fixes) - arm: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - arm: dts: oxnas: Fix clear-mask property (git-fixes) - arm: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - arm: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - arm: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - arm: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - arm: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - arm: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - arm: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - arm: dts: renesas: Fix IOMMU device node names (git-fixes) - arm: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - arm: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - arm: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - arm: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - arm: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - arm: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - arm: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - arm: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - arm: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - arm: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - arm: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sunxi: Fix DE2 clocks register range (git-fixes) - arm: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - arm: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: turris-omnia: add SFP node (git-fixes) - arm: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - arm: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - arm: dts: turris-omnia: describe switch interrupt (git-fixes) - arm: dts: turris-omnia: enable HW buffer management (git-fixes) - arm: dts: turris-omnia: fix hardware buffer management (git-fixes) - arm: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - arm: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - arm: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - arm: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - arm: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - arm: exynos: add missing of_node_put for loop iteration (git-fixes) - arm: footbridge: fix PCI interrupt mapping (git-fixes) - arm: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - arm: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - arm: imx: add missing clk_disable_unprepare() (git-fixes) - arm: imx: add missing iounmap() (git-fixes) - arm: imx: build suspend-imx6.S with arm instruction set (git-fixes) - arm: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - arm: mvebu: drop pointless check for coherency_base (git-fixes) - arm: p2v: fix handling of LPAE translation in BE mode (git-fixes) - arm: s3c24xx: fix missing system reset (git-fixes) - arm: s3c24xx: fix mmc gpio lookup tables (git-fixes) - arm: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - arm: samsung: do not build plat/pm-common for Exynos (git-fixes) - arm: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - arm: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - asoc: DAPM: Cover regression by kctl change notification fix (git-fixes). - asoc: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - asoc: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - asoc: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - asoc: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - blacklist scsi commit that breaks kabi (git-fixes) - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - bluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix 'no previous prototype' warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: Handle witness client move notification (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: New optype for session operations (bsc#1181507). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: Remove the superfluous break (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: Remove useless variable (bsc#1192606). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: Standardize logging output (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb 2 support for getting and setting SACLs (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs: cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs: cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle 'guest' mount parameter (bsc#1192606). - cifs: handle 'nolease' option for vers=1.0 (bsc#1192606). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle ERRBaduid for SMB1 (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: replace http links with https ones (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs: smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm: panel-orientation-quirks: add Valve Steam Deck (git-fixes). - edac/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fix memory leak in large read decrypt offload (bsc#1164565). - fs: cifs: Assign boolean values to a bool variable (bsc#1192606). - fs: cifs: Fix atime update check vs mtime (bsc#1164565). - fs: cifs: Fix resource leak (bsc#1192606). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565). - fs: cifs: Remove repeated struct declaration (bsc#1192606). - fs: cifs: Remove unnecessary struct declaration (bsc#1192606). - fs: cifs: Simplify bool comparison (bsc#1192606). - fs: cifs: cifssmb.c: use true,false for bool variable (bsc#1164565). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - fs: cifs: fix gcc warning in sid_to_id (bsc#1192606). - fs: cifs: fix misspellings using codespell tool (bsc#1192606). - fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - fs: cifs: sess.c: Remove set but not used variable 'capabilities' (bsc#1164565). - fs: cifs: smb2ops.c: use true,false for bool variable (bsc#1164565). - fs: cifs: smb2pdu.c: Make SMB2_notify_init static (bsc#1164565). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - handle status_io_timeout gracefully (bsc#1192606). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - input: iforce - fix control-message timeout (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kabi: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - kernel-source.spec: install-kernel-tools also required on 15.4 - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - mark commit as not needed (git-fixes) - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - md/raid10: extend r10bio devs to raid disks (bsc#1192320). - md/raid10: improve discard request for far layout (bsc#1192320). - md/raid10: improve raid10 discard request (bsc#1192320). - md/raid10: initialize r10_bio->read_slot before use (bsc#1192320). - md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - mm: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - move upstreamed usb fix into sorted section - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net: mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net: mlx5: Update error handler for UCTX and UMEM (git-fixes). - net: mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - nfc: add NCI_UNREG flag to eliminate the race (git-fixes). - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - nfc: reorder the logic in nfc_{un,}register_device (git-fixes). - nfc: reorganize the functions in nci_request (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfs: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - nfs: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nfs: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - nfs: Fix up commit deadlocks (git-fixes). - nfs: do not take i_rwsem for swap IO (bsc#1191876). - nfs: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - pci/msi: Deal with devices lying about their MSI mask capability (git-fixes). - pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - pci: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - pm: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - pm: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - rdma/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - s390: mm: Fix secure storage access exception handling (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: Add new parm 'nodelete' (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: Fix regression in time handling (bsc#1164565). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - sunrpc/auth: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - sunrpc: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876). - swiotlb: Fix the type of index (git-fixes). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Important SUSE bug 1139944 SUSE bug 1151927 SUSE bug 1152489 SUSE bug 1153275 SUSE bug 1154353 SUSE bug 1154355 SUSE bug 1161907 SUSE bug 1164565 SUSE bug 1166780 SUSE bug 1169514 SUSE bug 1176242 SUSE bug 1176447 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176774 SUSE bug 1176940 SUSE bug 1176956 SUSE bug 1177440 SUSE bug 1178134 SUSE bug 1178270 SUSE bug 1179211 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179599 SUSE bug 1181148 SUSE bug 1181507 SUSE bug 1181710 SUSE bug 1182404 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183897 SUSE bug 1184318 SUSE bug 1185726 SUSE bug 1185902 SUSE bug 1186332 SUSE bug 1187541 SUSE bug 1189126 SUSE bug 1191793 SUSE bug 1191876 SUSE bug 1192267 SUSE bug 1192320 SUSE bug 1192507 SUSE bug 1192511 SUSE bug 1192569 SUSE bug 1192606 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1192969 SUSE bug 1192987 SUSE bug 1192990 SUSE bug 1192998 SUSE bug 1193002 SUSE bug 1193042 SUSE bug 1193139 SUSE bug 1193169 SUSE bug 1193306 SUSE bug 1193318 SUSE bug 1193349 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193655 SUSE bug 1193993 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194266 CVE-2020-24504 at SUSE CVE-2020-24504 at NVD CVE-2020-27820 at SUSE CVE-2020-27820 at NVD CVE-2021-28711 at SUSE CVE-2021-28711 at NVD CVE-2021-28712 at SUSE CVE-2021-28712 at NVD CVE-2021-28713 at SUSE CVE-2021-28713 at NVD CVE-2021-28714 at SUSE CVE-2021-28714 at NVD CVE-2021-28715 at SUSE CVE-2021-28715 at NVD CVE-2021-33098 at SUSE CVE-2021-33098 at NVD CVE-2021-4001 at SUSE CVE-2021-4001 at NVD CVE-2021-4002 at SUSE CVE-2021-4002 at NVD CVE-2021-43975 at SUSE CVE-2021-43975 at NVD CVE-2021-43976 at SUSE CVE-2021-43976 at NVD CVE-2021-45485 at SUSE CVE-2021-45485 at NVD CVE-2021-45486 at SUSE CVE-2021-45486 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 at SUSE CVE-2022-25236 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Moderate SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1162964 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1187906 SUSE bug 1190926 SUSE bug 1194229 CVE-2020-14367 at SUSE CVE-2020-14367 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: openssl-1_1: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 at SUSE CVE-2022-0778 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161). - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525). Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737). - Included vmxcap in the qemu-tools package (bsc#1193364). - Fixed package dependencies (bsc#1196087). - Fixed an issue were PowerPC firmwares would not be built for non-PowerPC builds (bsc#1193545). - Fixed multiple issues in I/O (bsc#1178049 bsc#1194938). Important SUSE bug 1178049 SUSE bug 1192525 SUSE bug 1193364 SUSE bug 1193545 SUSE bug 1194938 SUSE bug 1195161 SUSE bug 1196087 SUSE bug 1196737 CVE-2021-3930 at SUSE CVE-2021-3930 at NVD CVE-2022-0358 at SUSE CVE-2022-0358 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: Update Xen to version 4.14.4 (bsc#1027519) Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). Non-security issues fixed: - Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668). Important SUSE bug 1027519 SUSE bug 1191668 SUSE bug 1194267 SUSE bug 1196915 CVE-2021-26401 at SUSE CVE-2021-26401 at NVD CVE-2022-0001 at SUSE CVE-2022-0001 at NVD CVE-2022-0002 at SUSE CVE-2022-0002 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). Moderate SUSE bug 1179467 CVE-2020-29130 at SUSE CVE-2020-29130 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Important SUSE bug 1207082 CVE-2023-22809 at SUSE CVE-2023-22809 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Important SUSE bug 1204272 SUSE bug 1207038 CVE-2022-23491 at SUSE CVE-2022-23491 at NVD CVE-2022-3479 at SUSE CVE-2022-3479 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - cuse: prevent clone (bsc#1206177). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Delete all matched events (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). Important SUSE bug 1151927 SUSE bug 1157049 SUSE bug 1190969 SUSE bug 1203183 SUSE bug 1204171 SUSE bug 1204250 SUSE bug 1204693 SUSE bug 1205256 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206174 SUSE bug 1206175 SUSE bug 1206176 SUSE bug 1206177 SUSE bug 1206178 SUSE bug 1206179 SUSE bug 1206389 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206664 CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2022-3105 at SUSE CVE-2022-3105 at NVD CVE-2022-3106 at SUSE CVE-2022-3106 at NVD CVE-2022-3107 at SUSE CVE-2022-3107 at NVD CVE-2022-3108 at SUSE CVE-2022-3108 at NVD CVE-2022-3111 at SUSE CVE-2022-3111 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-3643 at SUSE CVE-2022-3643 at NVD CVE-2022-42328 at SUSE CVE-2022-42328 at NVD CVE-2022-42329 at SUSE CVE-2022-42329 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch Important SUSE bug 1206212 CVE-2022-23491 at SUSE CVE-2022-23491 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1156395 SUSE bug 1157049 SUSE bug 1190969 SUSE bug 1203183 SUSE bug 1203693 SUSE bug 1203740 SUSE bug 1204171 SUSE bug 1204250 SUSE bug 1204614 SUSE bug 1204693 SUSE bug 1204760 SUSE bug 1204989 SUSE bug 1205149 SUSE bug 1205256 SUSE bug 1205495 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206174 SUSE bug 1206175 SUSE bug 1206176 SUSE bug 1206177 SUSE bug 1206178 SUSE bug 1206179 SUSE bug 1206344 SUSE bug 1206389 SUSE bug 1206393 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206399 SUSE bug 1206515 SUSE bug 1206602 SUSE bug 1206634 SUSE bug 1206635 SUSE bug 1206636 SUSE bug 1206637 SUSE bug 1206640 SUSE bug 1206641 SUSE bug 1206642 SUSE bug 1206643 SUSE bug 1206644 SUSE bug 1206645 SUSE bug 1206646 SUSE bug 1206647 SUSE bug 1206648 SUSE bug 1206649 SUSE bug 1206663 SUSE bug 1206664 SUSE bug 1206784 SUSE bug 1206841 SUSE bug 1206854 SUSE bug 1206855 SUSE bug 1206857 SUSE bug 1206858 SUSE bug 1206859 SUSE bug 1206860 SUSE bug 1206873 SUSE bug 1206875 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1206888 SUSE bug 1206889 SUSE bug 1206890 SUSE bug 1206891 SUSE bug 1206893 SUSE bug 1206896 SUSE bug 1206904 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207134 SUSE bug 1207186 SUSE bug 1207198 SUSE bug 1207218 SUSE bug 1207237 CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2022-3105 at SUSE CVE-2022-3105 at NVD CVE-2022-3106 at SUSE CVE-2022-3106 at NVD CVE-2022-3107 at SUSE CVE-2022-3107 at NVD CVE-2022-3108 at SUSE CVE-2022-3108 at NVD CVE-2022-3111 at SUSE CVE-2022-3111 at NVD CVE-2022-3112 at SUSE CVE-2022-3112 at NVD CVE-2022-3115 at SUSE CVE-2022-3115 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-3643 at SUSE CVE-2022-3643 at NVD CVE-2022-42328 at SUSE CVE-2022-42328 at NVD CVE-2022-42329 at SUSE CVE-2022-42329 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD CVE-2022-47520 at SUSE CVE-2022-47520 at NVD CVE-2022-47929 at SUSE CVE-2022-47929 at NVD CVE-2023-0266 at SUSE CVE-2023-0266 at NVD CVE-2023-23454 at SUSE CVE-2023-23454 at NVD CVE-2023-23455 at SUSE CVE-2023-23455 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). Important SUSE bug 1187748 SUSE bug 1188911 SUSE bug 1192838 SUSE bug 1192840 SUSE bug 1196046 SUSE bug 1199183 SUSE bug 1200262 SUSE bug 1200317 SUSE bug 1200501 SUSE bug 1200978 SUSE bug 1201604 SUSE bug 1201797 SUSE bug 1201837 SUSE bug 1201976 SUSE bug 1202077 SUSE bug 1202292 SUSE bug 1203375 SUSE bug 1204430 SUSE bug 1205025 SUSE bug 1205436 SUSE bug 1206158 CVE-2022-0670 at SUSE CVE-2022-0670 at NVD CVE-2022-3650 at SUSE CVE-2022-3650 at NVD CVE-2022-3854 at SUSE CVE-2022-3854 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). Moderate SUSE bug 1204364 CVE-2022-42969 at SUSE CVE-2022-42969 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 Important SUSE bug 1206235 CVE-2022-23471 at SUSE CVE-2022-23471 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). Moderate SUSE bug 1208745 CVE-2023-27371 at SUSE CVE-2023-27371 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug was fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). Important SUSE bug 1201490 SUSE bug 1207416 SUSE bug 1209481 SUSE bug 1209483 SUSE bug 1209485 CVE-2022-32746 at SUSE CVE-2022-32746 at NVD CVE-2023-0225 at SUSE CVE-2023-0225 at NVD CVE-2023-0614 at SUSE CVE-2023-0614 at NVD CVE-2023-0922 at SUSE CVE-2023-0922 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). Moderate SUSE bug 1203201 SUSE bug 1206483 SUSE bug 1209361 SUSE bug 1209362 CVE-2023-28486 at SUSE CVE-2023-28486 at NVD CVE-2023-28487 at SUSE CVE-2023-28487 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). Important SUSE bug 1027519 SUSE bug 1205209 CVE-2022-23824 at SUSE CVE-2022-23824 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This security update of grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). - Bump upstream SBAT generation to 3 - rebuild the package with the new secure boot key (bsc#1209188). Other: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) Important SUSE bug 1205178 SUSE bug 1205182 SUSE bug 1205200 SUSE bug 1205554 SUSE bug 1209188 SUSE bug 1209829 CVE-2022-2601 at SUSE CVE-2022-2601 at NVD CVE-2022-3775 at SUSE CVE-2022-3775 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Important SUSE bug 1185232 SUSE bug 1185261 SUSE bug 1185441 SUSE bug 1185621 SUSE bug 1187071 SUSE bug 1187260 SUSE bug 1193282 SUSE bug 1198458 SUSE bug 1201066 SUSE bug 1202120 SUSE bug 1205588 CVE-2022-28737 at SUSE CVE-2022-28737 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Moderate SUSE bug 1207992 SUSE bug 1209209 SUSE bug 1209210 SUSE bug 1209211 SUSE bug 1209212 SUSE bug 1209214 CVE-2023-23916 at SUSE CVE-2023-23916 at NVD CVE-2023-27533 at SUSE CVE-2023-27533 at NVD CVE-2023-27534 at SUSE CVE-2023-27534 at NVD CVE-2023-27535 at SUSE CVE-2023-27535 at NVD CVE-2023-27536 at SUSE CVE-2023-27536 at NVD CVE-2023-27538 at SUSE CVE-2023-27538 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) Moderate SUSE bug 1207571 SUSE bug 1207957 SUSE bug 1207975 SUSE bug 1208358 CVE-2023-0687 at SUSE CVE-2023-0687 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 at SUSE CVE-2021-28153 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). Moderate SUSE bug 1208036 CVE-2023-23931 at SUSE CVE-2023-23931 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. Moderate SUSE bug 1209307 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209624 SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0464 at SUSE CVE-2023-0464 at NVD CVE-2023-0465 at SUSE CVE-2023-0465 at NVD CVE-2023-0466 at SUSE CVE-2023-0466 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). Important SUSE bug 1207168 SUSE bug 1207560 SUSE bug 1208137 SUSE bug 1208179 SUSE bug 1208598 SUSE bug 1208599 SUSE bug 1208601 SUSE bug 1208777 SUSE bug 1208787 SUSE bug 1208843 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209288 SUSE bug 1209289 SUSE bug 1209290 SUSE bug 1209291 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209672 SUSE bug 1209683 SUSE bug 1209778 SUSE bug 1209785 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2021-3923 at SUSE CVE-2021-3923 at NVD CVE-2022-4744 at SUSE CVE-2022-4744 at NVD CVE-2023-0394 at SUSE CVE-2023-0394 at NVD CVE-2023-0461 at SUSE CVE-2023-0461 at NVD CVE-2023-1075 at SUSE CVE-2023-1075 at NVD CVE-2023-1076 at SUSE CVE-2023-1076 at NVD CVE-2023-1078 at SUSE CVE-2023-1078 at NVD CVE-2023-1095 at SUSE CVE-2023-1095 at NVD CVE-2023-1281 at SUSE CVE-2023-1281 at NVD CVE-2023-1382 at SUSE CVE-2023-1382 at NVD CVE-2023-1390 at SUSE CVE-2023-1390 at NVD CVE-2023-1513 at SUSE CVE-2023-1513 at NVD CVE-2023-1582 at SUSE CVE-2023-1582 at NVD CVE-2023-23004 at SUSE CVE-2023-23004 at NVD CVE-2023-25012 at SUSE CVE-2023-25012 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-28464 at SUSE CVE-2023-28464 at NVD CVE-2023-28466 at SUSE CVE-2023-28466 at NVD CVE-2023-28772 at SUSE CVE-2023-28772 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common@v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix 'podman logs --since --follow' flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update podman to version 4.4.2: * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes - Add `crun` requirement for quadlet - Set PREFIX at build stage (bsc#1208510) - CVE-2023-0778: fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output 'ago' when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip 'Local forwarder, IPv4' test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support 'die' filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable 'podman run with ipam none driver' for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support '-o parent=XXX' for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of '--pids-limit' option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with '.' suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5@4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo@v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage@main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert 'Add checkpoint image tests' * Revert 'cmd/podman: add support for checkpoint images' * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods Important SUSE bug 1197093 SUSE bug 1208364 SUSE bug 1208510 SUSE bug 1209495 CVE-2023-0778 at SUSE CVE-2023-0778 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). Moderate SUSE bug 1208423 SUSE bug 1208426 CVE-2023-25153 at SUSE CVE-2023-25153 at NVD CVE-2023-25173 at SUSE CVE-2023-25173 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-28464: Fixed use-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). The following non-security bugs were fixed: - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - net: ena: optimize data access in fast-path code (bsc#1208137). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). Important SUSE bug 1207168 SUSE bug 1208137 SUSE bug 1208598 SUSE bug 1208601 SUSE bug 1208787 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209288 SUSE bug 1209289 SUSE bug 1209290 SUSE bug 1209291 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209778 SUSE bug 1209785 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2021-3923 at SUSE CVE-2021-3923 at NVD CVE-2022-4744 at SUSE CVE-2022-4744 at NVD CVE-2023-0394 at SUSE CVE-2023-0394 at NVD CVE-2023-0461 at SUSE CVE-2023-0461 at NVD CVE-2023-1075 at SUSE CVE-2023-1075 at NVD CVE-2023-1078 at SUSE CVE-2023-1078 at NVD CVE-2023-1281 at SUSE CVE-2023-1281 at NVD CVE-2023-1382 at SUSE CVE-2023-1382 at NVD CVE-2023-1390 at SUSE CVE-2023-1390 at NVD CVE-2023-1513 at SUSE CVE-2023-1513 at NVD CVE-2023-1582 at SUSE CVE-2023-1582 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-28464 at SUSE CVE-2023-28464 at NVD CVE-2023-28466 at SUSE CVE-2023-28466 at NVD CVE-2023-28772 at SUSE CVE-2023-28772 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dnsmasq fixes the following issues: - CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358). Moderate SUSE bug 1209358 CVE-2023-28450 at SUSE CVE-2023-28450 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ovmf fixes the following issues: - CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). - CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). Important SUSE bug 1174246 SUSE bug 1196741 CVE-2019-14560 at SUSE CVE-2019-14560 at NVD CVE-2021-38578 at SUSE CVE-2021-38578 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of s390-tools fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 at SUSE CVE-2022-42898 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. Important SUSE bug 1168481 SUSE bug 1208962 SUSE bug 1209884 SUSE bug 1209888 CVE-2023-25809 at SUSE CVE-2023-25809 at NVD CVE-2023-27561 at SUSE CVE-2023-27561 at NVD CVE-2023-28642 at SUSE CVE-2023-28642 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Important SUSE bug 1207474 CVE-2022-4254 at SUSE CVE-2022-4254 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . Important SUSE bug 1065270 SUSE bug 1199132 SUSE bug 1204585 SUSE bug 1210411 SUSE bug 1210412 CVE-2021-3541 at SUSE CVE-2021-3541 at NVD CVE-2022-29824 at SUSE CVE-2022-29824 at NVD CVE-2023-28484 at SUSE CVE-2023-28484 at NVD CVE-2023-29469 at SUSE CVE-2023-29469 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). Important SUSE bug 1206022 SUSE bug 1206023 CVE-2023-1017 at SUSE CVE-2023-1017 at NVD CVE-2023-1018 at SUSE CVE-2023-1018 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). Moderate SUSE bug 1210507 CVE-2023-29383 at SUSE CVE-2023-29383 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). Moderate SUSE bug 1209533 CVE-2022-4899 at SUSE CVE-2022-4899 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). Moderate SUSE bug 1209713 SUSE bug 1209714 SUSE bug 1210135 CVE-2023-24593 at SUSE CVE-2023-24593 at NVD CVE-2023-25180 at SUSE CVE-2023-25180 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of installation-images fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. Important SUSE bug 1210382 CVE-2022-28737 at SUSE CVE-2022-28737 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Moderate SUSE bug 1208828 SUSE bug 1209042 SUSE bug 1209187 CVE-2023-1127 at SUSE CVE-2023-1127 at NVD CVE-2023-1264 at SUSE CVE-2023-1264 at NVD CVE-2023-1355 at SUSE CVE-2023-1355 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). Moderate SUSE bug 1206866 SUSE bug 1206867 SUSE bug 1206868 SUSE bug 1207162 SUSE bug 1207396 CVE-2023-0049 at SUSE CVE-2023-0049 at NVD CVE-2023-0051 at SUSE CVE-2023-0051 at NVD CVE-2023-0054 at SUSE CVE-2023-0054 at NVD CVE-2023-0288 at SUSE CVE-2023-0288 at NVD CVE-2023-0433 at SUSE CVE-2023-0433 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). Moderate SUSE bug 1210434 CVE-2023-29491 at SUSE CVE-2023-29491 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). Important SUSE bug 1202353 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1209687 SUSE bug 1209739 SUSE bug 1209777 SUSE bug 1209871 SUSE bug 1210202 SUSE bug 1210203 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210414 SUSE bug 1210453 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210647 CVE-2020-36691 at SUSE CVE-2020-36691 at NVD CVE-2022-2196 at SUSE CVE-2022-2196 at NVD CVE-2023-1611 at SUSE CVE-2023-1611 at NVD CVE-2023-1670 at SUSE CVE-2023-1670 at NVD CVE-2023-1838 at SUSE CVE-2023-1838 at NVD CVE-2023-1855 at SUSE CVE-2023-1855 at NVD CVE-2023-1872 at SUSE CVE-2023-1872 at NVD CVE-2023-1989 at SUSE CVE-2023-1989 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-1998 at SUSE CVE-2023-1998 at NVD CVE-2023-2008 at SUSE CVE-2023-2008 at NVD CVE-2023-2124 at SUSE CVE-2023-2124 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-30772 at SUSE CVE-2023-30772 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). Important SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1209687 SUSE bug 1209739 SUSE bug 1209777 SUSE bug 1209871 SUSE bug 1210202 SUSE bug 1210203 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210414 SUSE bug 1210453 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210647 CVE-2020-36691 at SUSE CVE-2020-36691 at NVD CVE-2022-2196 at SUSE CVE-2022-2196 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2023-1611 at SUSE CVE-2023-1611 at NVD CVE-2023-1670 at SUSE CVE-2023-1670 at NVD CVE-2023-1838 at SUSE CVE-2023-1838 at NVD CVE-2023-1855 at SUSE CVE-2023-1855 at NVD CVE-2023-1872 at SUSE CVE-2023-1872 at NVD CVE-2023-1989 at SUSE CVE-2023-1989 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-1998 at SUSE CVE-2023-1998 at NVD CVE-2023-2008 at SUSE CVE-2023-2008 at NVD CVE-2023-2124 at SUSE CVE-2023-2124 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-30772 at SUSE CVE-2023-30772 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). Moderate SUSE bug 1210418 CVE-2023-30630 at SUSE CVE-2023-30630 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). Important SUSE bug 1211231 SUSE bug 1211232 SUSE bug 1211233 SUSE bug 1211339 CVE-2023-28320 at SUSE CVE-2023-28320 at NVD CVE-2023-28321 at SUSE CVE-2023-28321 at NVD CVE-2023-28322 at SUSE CVE-2023-28322 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Moderate SUSE bug 1206667 CVE-2022-40897 at SUSE CVE-2022-40897 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile Important SUSE bug 1208479 SUSE bug 1211382 CVE-2022-33972 at SUSE CVE-2022-33972 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) Important SUSE bug 1210298 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support Important SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 CVE-2023-31124 at SUSE CVE-2023-31124 at NVD CVE-2023-31130 at SUSE CVE-2023-31130 at NVD CVE-2023-31147 at SUSE CVE-2023-31147 at NVD CVE-2023-32067 at SUSE CVE-2023-32067 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 at SUSE CVE-2023-2650 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). Moderate SUSE bug 1211795 CVE-2023-2953 at SUSE CVE-2023-2953 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). Important SUSE bug 1199636 SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1208474 SUSE bug 1208604 SUSE bug 1209287 SUSE bug 1209779 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211105 SUSE bug 1211131 SUSE bug 1211186 SUSE bug 1211203 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211596 SUSE bug 1211622 CVE-2020-36694 at SUSE CVE-2020-36694 at NVD CVE-2022-3566 at SUSE CVE-2022-3566 at NVD CVE-2022-4269 at SUSE CVE-2022-4269 at NVD CVE-2022-45884 at SUSE CVE-2022-45884 at NVD CVE-2022-45885 at SUSE CVE-2022-45885 at NVD CVE-2022-45886 at SUSE CVE-2022-45886 at NVD CVE-2022-45887 at SUSE CVE-2022-45887 at NVD CVE-2022-45919 at SUSE CVE-2022-45919 at NVD CVE-2023-1079 at SUSE CVE-2023-1079 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-1637 at SUSE CVE-2023-1637 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2194 at SUSE CVE-2023-2194 at NVD CVE-2023-23586 at SUSE CVE-2023-23586 at NVD CVE-2023-2483 at SUSE CVE-2023-2483 at NVD CVE-2023-2513 at SUSE CVE-2023-2513 at NVD CVE-2023-31084 at SUSE CVE-2023-31084 at NVD CVE-2023-31436 at SUSE CVE-2023-31436 at NVD CVE-2023-32233 at SUSE CVE-2023-32233 at NVD CVE-2023-32269 at SUSE CVE-2023-32269 at NVD CVE-2023-33288 at SUSE CVE-2023-33288 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). Moderate SUSE bug 1211894 CVE-2023-2977 at SUSE CVE-2023-2977 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). Moderate SUSE bug 1203750 SUSE bug 1211158 CVE-2007-4559 at SUSE CVE-2007-4559 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) Moderate SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) Moderate SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) Moderate SUSE bug 1186945 SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: - Fixed build problem with grpc 1.54 (bsc#1210695). Moderate SUSE bug 1210695 SUSE bug 1212143 CVE-2023-20867 at SUSE CVE-2023-20867 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). Important SUSE bug 1184208 SUSE bug 1199636 SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1208474 SUSE bug 1208604 SUSE bug 1209287 SUSE bug 1209779 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211105 SUSE bug 1211131 SUSE bug 1211186 SUSE bug 1211203 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211596 SUSE bug 1211622 CVE-2020-36694 at SUSE CVE-2020-36694 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD CVE-2022-3566 at SUSE CVE-2022-3566 at NVD CVE-2022-4269 at SUSE CVE-2022-4269 at NVD CVE-2022-45884 at SUSE CVE-2022-45884 at NVD CVE-2022-45885 at SUSE CVE-2022-45885 at NVD CVE-2022-45886 at SUSE CVE-2022-45886 at NVD CVE-2022-45887 at SUSE CVE-2022-45887 at NVD CVE-2022-45919 at SUSE CVE-2022-45919 at NVD CVE-2023-1079 at SUSE CVE-2023-1079 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-1637 at SUSE CVE-2023-1637 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2194 at SUSE CVE-2023-2194 at NVD CVE-2023-23586 at SUSE CVE-2023-23586 at NVD CVE-2023-2483 at SUSE CVE-2023-2483 at NVD CVE-2023-2513 at SUSE CVE-2023-2513 at NVD CVE-2023-31084 at SUSE CVE-2023-31084 at NVD CVE-2023-31436 at SUSE CVE-2023-31436 at NVD CVE-2023-32233 at SUSE CVE-2023-32233 at NVD CVE-2023-32269 at SUSE CVE-2023-32269 at NVD CVE-2023-33288 at SUSE CVE-2023-33288 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). Important SUSE bug 1210996 SUSE bug 1211256 SUSE bug 1211257 CVE-2023-2426 at SUSE CVE-2023-2426 at NVD CVE-2023-2609 at SUSE CVE-2023-2609 at NVD CVE-2023-2610 at SUSE CVE-2023-2610 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - Drop dvb-core fix patch due to bug (bsc#1205758). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - k-m-s: Drop Linux 2.6 support - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). - sunrpc: Ensure the transport backchannel association (bsc#1211203). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). Important SUSE bug 1160435 SUSE bug 1172073 SUSE bug 1187829 SUSE bug 1191731 SUSE bug 1199046 SUSE bug 1199636 SUSE bug 1200217 SUSE bug 1202353 SUSE bug 1205758 SUSE bug 1207088 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209342 SUSE bug 1209739 SUSE bug 1210301 SUSE bug 1210469 SUSE bug 1210533 SUSE bug 1210791 SUSE bug 1211089 SUSE bug 1211203 SUSE bug 1211519 SUSE bug 1211592 SUSE bug 1211622 SUSE bug 1211796 SUSE bug 1212128 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212158 SUSE bug 1212494 SUSE bug 1212501 SUSE bug 1212502 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212606 SUSE bug 1212842 CVE-2023-1077 at SUSE CVE-2023-1077 at NVD CVE-2023-1249 at SUSE CVE-2023-1249 at NVD CVE-2023-2002 at SUSE CVE-2023-2002 at NVD CVE-2023-3090 at SUSE CVE-2023-3090 at NVD CVE-2023-3141 at SUSE CVE-2023-3141 at NVD CVE-2023-3159 at SUSE CVE-2023-3159 at NVD CVE-2023-3161 at SUSE CVE-2023-3161 at NVD CVE-2023-3268 at SUSE CVE-2023-3268 at NVD CVE-2023-3358 at SUSE CVE-2023-3358 at NVD CVE-2023-35788 at SUSE CVE-2023-35788 at NVD CVE-2023-35823 at SUSE CVE-2023-35823 at NVD CVE-2023-35824 at SUSE CVE-2023-35824 at NVD CVE-2023-35828 at SUSE CVE-2023-35828 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - Remove usrmerge compatibility symlink in buildroot (boo#1211796). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - usrmerge: Compatibility with earlier rpm (boo#1211796) - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). Important SUSE bug 1160435 SUSE bug 1172073 SUSE bug 1187829 SUSE bug 1191731 SUSE bug 1199046 SUSE bug 1200217 SUSE bug 1205758 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209342 SUSE bug 1210533 SUSE bug 1210791 SUSE bug 1211089 SUSE bug 1211519 SUSE bug 1211796 SUSE bug 1212128 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212158 SUSE bug 1212494 SUSE bug 1212501 SUSE bug 1212502 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212606 SUSE bug 1212842 CVE-2023-1077 at SUSE CVE-2023-1077 at NVD CVE-2023-1249 at SUSE CVE-2023-1249 at NVD CVE-2023-2002 at SUSE CVE-2023-2002 at NVD CVE-2023-3090 at SUSE CVE-2023-3090 at NVD CVE-2023-3141 at SUSE CVE-2023-3141 at NVD CVE-2023-3159 at SUSE CVE-2023-3159 at NVD CVE-2023-3161 at SUSE CVE-2023-3161 at NVD CVE-2023-3268 at SUSE CVE-2023-3268 at NVD CVE-2023-3358 at SUSE CVE-2023-3358 at NVD CVE-2023-35788 at SUSE CVE-2023-35788 at NVD CVE-2023-35823 at SUSE CVE-2023-35823 at NVD CVE-2023-35824 at SUSE CVE-2023-35824 at NVD CVE-2023-35828 at SUSE CVE-2023-35828 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). Moderate SUSE bug 1211674 CVE-2023-32681 at SUSE CVE-2023-32681 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). Moderate SUSE bug 1212126 CVE-2023-34969 at SUSE CVE-2023-34969 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). Important SUSE bug 1210999 CVE-2023-31484 at SUSE CVE-2023-31484 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] Important SUSE bug 1186673 SUSE bug 1209536 SUSE bug 1213004 SUSE bug 1213008 SUSE bug 1213504 CVE-2023-38408 at SUSE CVE-2023-38408 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). Moderate SUSE bug 1211419 CVE-2023-2603 at SUSE CVE-2023-2603 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) Important SUSE bug 1121365 SUSE bug 1198472 SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 SUSE bug 1207538 CVE-2022-4304 at SUSE CVE-2022-4304 at NVD CVE-2022-4450 at SUSE CVE-2022-4450 at NVD CVE-2023-0215 at SUSE CVE-2023-0215 at NVD CVE-2023-0286 at SUSE CVE-2023-0286 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: Security fixes: - CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: - Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) - Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) Moderate SUSE bug 1210994 SUSE bug 1211591 SUSE bug 1211741 CVE-2023-28370 at SUSE CVE-2023-28370 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] Moderate SUSE bug 1201627 SUSE bug 1207534 SUSE bug 1213487 CVE-2022-4304 at SUSE CVE-2022-4304 at NVD CVE-2023-3446 at SUSE CVE-2023-3446 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). Moderate SUSE bug 1213286 CVE-2023-20593 at SUSE CVE-2023-20593 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). Moderate SUSE bug 1213514 CVE-2022-41409 at SUSE CVE-2022-41409 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. Important SUSE bug 1181640 SUSE bug 1181961 SUSE bug 1193166 SUSE bug 1193273 SUSE bug 1197672 SUSE bug 1199790 SUSE bug 1202809 CVE-2021-20199 at SUSE CVE-2021-20199 at NVD CVE-2021-20206 at SUSE CVE-2021-20206 at NVD CVE-2021-4024 at SUSE CVE-2021-4024 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD CVE-2022-27649 at SUSE CVE-2022-27649 at NVD CVE-2022-2989 at SUSE CVE-2022-2989 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) Moderate SUSE bug 1213517 SUSE bug 1213853 CVE-2023-3817 at SUSE CVE-2023-3817 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). Moderate SUSE bug 1212928 CVE-2023-33460 at SUSE CVE-2023-33460 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) Moderate SUSE bug 1213287 CVE-2023-20569 at SUSE CVE-2023-20569 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) Important SUSE bug 1214054 CVE-2023-36054 at SUSE CVE-2023-36054 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for rsync fixes the following issues: - Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146) - Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145) - Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service). - Fix --delay-updates never updates after interruption (bsc#1204538) - Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154) - rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387) Moderate SUSE bug 1176160 SUSE bug 1201840 SUSE bug 1204538 CVE-2020-14387 at SUSE CVE-2020-14387 at NVD CVE-2022-29154 at SUSE CVE-2022-29154 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) - CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. - CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. - CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. Important SUSE bug 1206418 SUSE bug 1214099 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2022-41804 at SUSE CVE-2022-41804 at NVD CVE-2023-23908 at SUSE CVE-2023-23908 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - get module prefix from kmod (bsc#1212835). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - remove more packaging cruft for sle &lt; 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). Important SUSE bug 1199304 SUSE bug 1206418 SUSE bug 1207270 SUSE bug 1210584 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212846 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213167 SUSE bug 1213245 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213354 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213653 SUSE bug 1213868 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2023-0459 at SUSE CVE-2023-0459 at NVD CVE-2023-20569 at SUSE CVE-2023-20569 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2985 at SUSE CVE-2023-2985 at NVD CVE-2023-3117 at SUSE CVE-2023-3117 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3390 at SUSE CVE-2023-3390 at NVD CVE-2023-35001 at SUSE CVE-2023-35001 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-3609 at SUSE CVE-2023-3609 at NVD CVE-2023-3611 at SUSE CVE-2023-3611 at NVD CVE-2023-3776 at SUSE CVE-2023-3776 at NVD CVE-2023-3812 at SUSE CVE-2023-3812 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131). - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - get module prefix from kmod (bsc#1212835). - remove more packaging cruft for sle &lt; 12 sp3 - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension). - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). Important SUSE bug 1199304 SUSE bug 1206418 SUSE bug 1207270 SUSE bug 1210584 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212846 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213167 SUSE bug 1213245 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213354 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213653 SUSE bug 1213868 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2023-0459 at SUSE CVE-2023-0459 at NVD CVE-2023-20569 at SUSE CVE-2023-20569 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2985 at SUSE CVE-2023-2985 at NVD CVE-2023-3117 at SUSE CVE-2023-3117 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3390 at SUSE CVE-2023-3390 at NVD CVE-2023-35001 at SUSE CVE-2023-35001 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-3609 at SUSE CVE-2023-3609 at NVD CVE-2023-3611 at SUSE CVE-2023-3611 at NVD CVE-2023-3776 at SUSE CVE-2023-3776 at NVD CVE-2023-3812 at SUSE CVE-2023-3812 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) Low SUSE bug 1214025 CVE-2023-4156 at SUSE CVE-2023-4156 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205) - CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850) - CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925) - CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609) - CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414) - CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011) Important SUSE bug 1188609 SUSE bug 1190011 SUSE bug 1207205 SUSE bug 1212850 SUSE bug 1213414 SUSE bug 1213925 CVE-2021-3638 at SUSE CVE-2021-3638 at NVD CVE-2021-3750 at SUSE CVE-2021-3750 at NVD CVE-2023-0330 at SUSE CVE-2023-0330 at NVD CVE-2023-3180 at SUSE CVE-2023-3180 at NVD CVE-2023-3301 at SUSE CVE-2023-3301 at NVD CVE-2023-3354 at SUSE CVE-2023-3354 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) Moderate SUSE bug 1027519 SUSE bug 1204489 SUSE bug 1213616 SUSE bug 1214082 SUSE bug 1214083 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2023-20569 at SUSE CVE-2023-20569 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 Important SUSE bug 1214248 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). Moderate SUSE bug 1210419 CVE-2023-2004 at SUSE CVE-2023-2004 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). Low SUSE bug 1214290 CVE-2023-4016 at SUSE CVE-2023-4016 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: - CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421) Important SUSE bug 1214566 CVE-2023-20900 at SUSE CVE-2023-20900 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at <https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. Moderate SUSE bug 1210797 SUSE bug 1212368 SUSE bug 1213120 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1214107 SUSE bug 1214108 SUSE bug 1214109 CVE-2023-28840 at SUSE CVE-2023-28840 at NVD CVE-2023-28841 at SUSE CVE-2023-28841 at NVD CVE-2023-28842 at SUSE CVE-2023-28842 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh2_org fixes the following issues: - CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527) Important SUSE bug 1214527 CVE-2020-22218 at SUSE CVE-2020-22218 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as “Hinglish”. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 Update to release 68.1: * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) Update to version 67.1: * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). Update to version 66.1: * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. Update to release 65.1 (jsc#SLE-11118): * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. Moderate SUSE bug 1030253 SUSE bug 1095425 SUSE bug 1103893 SUSE bug 1112183 SUSE bug 1146907 SUSE bug 1158955 SUSE bug 1159131 SUSE bug 1161007 SUSE bug 1162882 SUSE bug 1166844 SUSE bug 1167603 SUSE bug 1182252 SUSE bug 1182645 SUSE bug 1192935 SUSE bug 1193951 SUSE bug 354372 SUSE bug 437293 SUSE bug 824262 CVE-2020-10531 at SUSE CVE-2020-10531 at NVD CVE-2020-21913 at SUSE CVE-2020-21913 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371). Important SUSE bug 1188371 CVE-2019-11098 at SUSE CVE-2019-11098 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). Moderate SUSE bug 1198165 SUSE bug 1211078 CVE-2023-22652 at SUSE CVE-2023-22652 at NVD CVE-2023-30078 at SUSE CVE-2023-30078 at NVD CVE-2023-30079 at SUSE CVE-2023-30079 at NVD CVE-2023-32181 at SUSE CVE-2023-32181 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Important SUSE bug 1214052 CVE-2023-4039 at SUSE CVE-2023-4039 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). Important SUSE bug 1023051 SUSE bug 1203517 SUSE bug 1210448 SUSE bug 1213272 SUSE bug 1213546 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213916 SUSE bug 1213927 SUSE bug 1213968 SUSE bug 1213969 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214275 SUSE bug 1214297 SUSE bug 1214348 SUSE bug 1214350 SUSE bug 1214451 CVE-2022-36402 at SUSE CVE-2022-36402 at NVD CVE-2023-2007 at SUSE CVE-2023-2007 at NVD CVE-2023-20588 at SUSE CVE-2023-20588 at NVD CVE-2023-21400 at SUSE CVE-2023-21400 at NVD CVE-2023-34319 at SUSE CVE-2023-34319 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-3863 at SUSE CVE-2023-3863 at NVD CVE-2023-4128 at SUSE CVE-2023-4128 at NVD CVE-2023-4132 at SUSE CVE-2023-4132 at NVD CVE-2023-4133 at SUSE CVE-2023-4133 at NVD CVE-2023-4134 at SUSE CVE-2023-4134 at NVD CVE-2023-4147 at SUSE CVE-2023-4147 at NVD CVE-2023-4194 at SUSE CVE-2023-4194 at NVD CVE-2023-4273 at SUSE CVE-2023-4273 at NVD CVE-2023-4385 at SUSE CVE-2023-4385 at NVD CVE-2023-4387 at SUSE CVE-2023-4387 at NVD CVE-2023-4459 at SUSE CVE-2023-4459 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). Important SUSE bug 1214768 CVE-2023-39615 at SUSE CVE-2023-39615 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Important SUSE bug 1206212 SUSE bug 1206622 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). Important SUSE bug 1023051 SUSE bug 1203517 SUSE bug 1210448 SUSE bug 1213272 SUSE bug 1213546 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213916 SUSE bug 1213927 SUSE bug 1213968 SUSE bug 1213969 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214275 SUSE bug 1214297 SUSE bug 1214348 SUSE bug 1214350 SUSE bug 1214451 CVE-2022-36402 at SUSE CVE-2022-36402 at NVD CVE-2023-2007 at SUSE CVE-2023-2007 at NVD CVE-2023-20588 at SUSE CVE-2023-20588 at NVD CVE-2023-21400 at SUSE CVE-2023-21400 at NVD CVE-2023-34319 at SUSE CVE-2023-34319 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-3863 at SUSE CVE-2023-3863 at NVD CVE-2023-4128 at SUSE CVE-2023-4128 at NVD CVE-2023-4132 at SUSE CVE-2023-4132 at NVD CVE-2023-4133 at SUSE CVE-2023-4133 at NVD CVE-2023-4134 at SUSE CVE-2023-4134 at NVD CVE-2023-4147 at SUSE CVE-2023-4147 at NVD CVE-2023-4194 at SUSE CVE-2023-4194 at NVD CVE-2023-4273 at SUSE CVE-2023-4273 at NVD CVE-2023-4385 at SUSE CVE-2023-4385 at NVD CVE-2023-4387 at SUSE CVE-2023-4387 at NVD CVE-2023-4459 at SUSE CVE-2023-4459 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). Important SUSE bug 1214692 CVE-2023-40217 at SUSE CVE-2023-40217 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) Moderate SUSE bug 1181477 SUSE bug 1196933 SUSE bug 1204942 SUSE bug 1205533 SUSE bug 1206402 SUSE bug 1206608 SUSE bug 1207543 SUSE bug 1207598 SUSE bug 1208928 SUSE bug 1209979 SUSE bug 1210015 SUSE bug 1210950 SUSE bug 1211598 SUSE bug 1211599 SUSE bug 1213127 CVE-2022-45154 at SUSE CVE-2022-45154 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: Update to 12.3.0 (build 22234872) (bsc#1214850) - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. - A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. - Building of the VMware Guest Authentication Service (VGAuth) using 'xml-security-c' and 'xerces-c' is being deprecated. - A number of Coverity reported issues have been addressed. - A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. - For issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md - The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests - jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. Important SUSE bug 1205927 SUSE bug 1214850 CVE-2023-20900 at SUSE CVE-2023-20900 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441) - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. (bsc#1214797, bsc#1193948) Bugs fixed: - Create minion_id with reproducible mtime - Fix broken tests to make them running in the testsuite - Fix detection of Salt codename by 'salt_version' execution module - Fix inconsistency in reported version by egg-info metadata (bsc#1215489) - Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844) - Fix the regression of user.present state when group is unset (bsc#1212855) - Fix utf8 handling in 'pass' renderer and make it more robust - Fix zypper repositories always being reconfigured - Make sure configured user is properly set by Salt (bsc#1210994) - Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794) - Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses (bsc#1213960, bsc#1213630, bsc#1213257) Moderate SUSE bug 1193948 SUSE bug 1210994 SUSE bug 1212794 SUSE bug 1212844 SUSE bug 1212855 SUSE bug 1213257 SUSE bug 1213441 SUSE bug 1213630 SUSE bug 1213960 SUSE bug 1214796 SUSE bug 1214797 SUSE bug 1215489 CVE-2023-20897 at SUSE CVE-2023-20897 at NVD CVE-2023-20898 at SUSE CVE-2023-20898 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616). Important SUSE bug 1213616 SUSE bug 1215145 SUSE bug 1215474 CVE-2023-20588 at SUSE CVE-2023-20588 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD CVE-2023-34322 at SUSE CVE-2023-34322 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.8>. - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mdadm fixes the following issues: - CVE-2023-28736: Fixed a buffer overflow (bsc#1214244). - CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245). Moderate SUSE bug 1214244 SUSE bug 1214245 CVE-2023-28736 at SUSE CVE-2023-28736 at NVD CVE-2023-28938 at SUSE CVE-2023-28938 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources Important SUSE bug 1214922 SUSE bug 1214924 SUSE bug 1214925 SUSE bug 1215004 SUSE bug 1215006 SUSE bug 1215033 CVE-2023-4733 at SUSE CVE-2023-4733 at NVD CVE-2023-4734 at SUSE CVE-2023-4734 at NVD CVE-2023-4735 at SUSE CVE-2023-4735 at NVD CVE-2023-4738 at SUSE CVE-2023-4738 at NVD CVE-2023-4752 at SUSE CVE-2023-4752 at NVD CVE-2023-4781 at SUSE CVE-2023-4781 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). Important SUSE bug 1215713 CVE-2023-35945 at SUSE CVE-2023-35945 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). Low SUSE bug 1214806 CVE-2023-4641 at SUSE CVE-2023-4641 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). Moderate SUSE bug 1215889 CVE-2023-38546 at SUSE CVE-2023-38546 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Important SUSE bug 1195175 SUSE bug 1204502 SUSE bug 1206677 SUSE bug 1207034 SUSE bug 1207497 SUSE bug 1207508 SUSE bug 1207769 SUSE bug 1207878 CVE-2022-3606 at SUSE CVE-2022-3606 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) - CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) - CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). Important SUSE bug 1176588 SUSE bug 1202845 SUSE bug 1207036 SUSE bug 1207270 SUSE bug 1208995 SUSE bug 1210169 SUSE bug 1210643 SUSE bug 1210658 SUSE bug 1212703 SUSE bug 1213812 SUSE bug 1214233 SUSE bug 1214351 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1215115 SUSE bug 1215117 SUSE bug 1215150 SUSE bug 1215221 SUSE bug 1215275 SUSE bug 1215299 SUSE bug 1215322 SUSE bug 1215356 CVE-2020-36766 at SUSE CVE-2020-36766 at NVD CVE-2023-1192 at SUSE CVE-2023-1192 at NVD CVE-2023-1206 at SUSE CVE-2023-1206 at NVD CVE-2023-1859 at SUSE CVE-2023-1859 at NVD CVE-2023-2177 at SUSE CVE-2023-2177 at NVD CVE-2023-23454 at SUSE CVE-2023-23454 at NVD CVE-2023-4004 at SUSE CVE-2023-4004 at NVD CVE-2023-40283 at SUSE CVE-2023-40283 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-4389 at SUSE CVE-2023-4389 at NVD CVE-2023-4622 at SUSE CVE-2023-4622 at NVD CVE-2023-4623 at SUSE CVE-2023-4623 at NVD CVE-2023-4881 at SUSE CVE-2023-4881 at NVD CVE-2023-4921 at SUSE CVE-2023-4921 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for conmon fixes the following issues: conmon is rebuilt with the current stable release go1.21 (bsc#1215806) Important SUSE bug 1215806 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). Important SUSE bug 1215761 SUSE bug 1215762 CVE-2023-40660 at SUSE CVE-2023-40660 at NVD CVE-2023-40661 at SUSE CVE-2023-40661 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). Moderate SUSE bug 1215968 CVE-2023-43804 at SUSE CVE-2023-43804 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) Important SUSE bug 1215286 SUSE bug 1215891 CVE-2023-4813 at SUSE CVE-2023-4813 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216006 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216006 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). Important SUSE bug 1176588 SUSE bug 1202845 SUSE bug 1207270 SUSE bug 1208995 SUSE bug 1210169 SUSE bug 1210643 SUSE bug 1210658 SUSE bug 1212703 SUSE bug 1213812 SUSE bug 1214233 SUSE bug 1214351 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1215115 SUSE bug 1215117 SUSE bug 1215150 SUSE bug 1215221 SUSE bug 1215275 SUSE bug 1215299 SUSE bug 1215322 SUSE bug 1215356 CVE-2020-36766 at SUSE CVE-2020-36766 at NVD CVE-2023-1192 at SUSE CVE-2023-1192 at NVD CVE-2023-1206 at SUSE CVE-2023-1206 at NVD CVE-2023-1859 at SUSE CVE-2023-1859 at NVD CVE-2023-2177 at SUSE CVE-2023-2177 at NVD CVE-2023-4004 at SUSE CVE-2023-4004 at NVD CVE-2023-40283 at SUSE CVE-2023-40283 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-4389 at SUSE CVE-2023-4389 at NVD CVE-2023-4622 at SUSE CVE-2023-4622 at NVD CVE-2023-4623 at SUSE CVE-2023-4623 at NVD CVE-2023-4881 at SUSE CVE-2023-4881 at NVD CVE-2023-4921 at SUSE CVE-2023-4921 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). Important SUSE bug 1205767 SUSE bug 1207853 SUSE bug 1210335 CVE-2023-1829 at SUSE CVE-2023-1829 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. Important SUSE bug 1206480 SUSE bug 1206684 SUSE bug 1210557 SUSE bug 1211427 SUSE bug 1212101 SUSE bug 1213915 SUSE bug 1214052 SUSE bug 1214460 CVE-2023-4039 at SUSE CVE-2023-4039 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). - CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). - CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). Important SUSE bug 1215744 SUSE bug 1215746 SUSE bug 1215747 SUSE bug 1215748 CVE-2023-34323 at SUSE CVE-2023-34323 at NVD CVE-2023-34325 at SUSE CVE-2023-34325 at NVD CVE-2023-34326 at SUSE CVE-2023-34326 at NVD CVE-2023-34327 at SUSE CVE-2023-34327 at NVD CVE-2023-34328 at SUSE CVE-2023-34328 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh2_org fixes the following issues: - Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040] Update to 1.11.0: * Enhancements and bugfixes - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake 'unity' builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: now parses attribute extensions if they exist - SFTP: no longer will busy loop if SFTP fails to initialize - SFTP: now clear various errors as expected - SFTP: no longer skips files if the line buffer is too small - SCP: add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x - Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed 'old gex' build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Bump to version 1.10.0 * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type Moderate CVE-2019-17498 at SUSE CVE-2019-17498 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) Important SUSE bug 1216123 SUSE bug 1216174 CVE-2023-44487 at SUSE CVE-2023-44487 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). Moderate SUSE bug 1216378 CVE-2023-45853 at SUSE CVE-2023-45853 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433). Important SUSE bug 1216432 SUSE bug 1216433 CVE-2023-34058 at SUSE CVE-2023-34058 at NVD CVE-2023-34059 at SUSE CVE-2023-34059 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). Important SUSE bug 1210778 SUSE bug 1210853 SUSE bug 1212051 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215467 SUSE bug 1215518 SUSE bug 1215745 SUSE bug 1215858 SUSE bug 1215860 SUSE bug 1215861 SUSE bug 1216046 SUSE bug 1216051 SUSE bug 1216134 CVE-2023-2163 at SUSE CVE-2023-2163 at NVD CVE-2023-31085 at SUSE CVE-2023-31085 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2023-34324 at SUSE CVE-2023-34324 at NVD CVE-2023-3777 at SUSE CVE-2023-3777 at NVD CVE-2023-39189 at SUSE CVE-2023-39189 at NVD CVE-2023-39192 at SUSE CVE-2023-39192 at NVD CVE-2023-39193 at SUSE CVE-2023-39193 at NVD CVE-2023-39194 at SUSE CVE-2023-39194 at NVD CVE-2023-42754 at SUSE CVE-2023-42754 at NVD CVE-2023-45862 at SUSE CVE-2023-45862 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). Important SUSE bug 1212051 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215467 SUSE bug 1215518 SUSE bug 1215745 SUSE bug 1215858 SUSE bug 1215860 SUSE bug 1215861 SUSE bug 1216046 CVE-2023-2163 at SUSE CVE-2023-2163 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2023-34324 at SUSE CVE-2023-34324 at NVD CVE-2023-3777 at SUSE CVE-2023-3777 at NVD CVE-2023-39189 at SUSE CVE-2023-39189 at NVD CVE-2023-39192 at SUSE CVE-2023-39192 at NVD CVE-2023-39193 at SUSE CVE-2023-39193 at NVD CVE-2023-39194 at SUSE CVE-2023-39194 at NVD CVE-2023-42754 at SUSE CVE-2023-42754 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) Important SUSE bug 1213293 SUSE bug 1213518 SUSE bug 1214477 SUSE bug 1215157 CVE-2023-34049 at SUSE CVE-2023-34049 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Important SUSE bug 1208138 CVE-2023-0767 at SUSE CVE-2023-0767 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) Important SUSE bug 1215278 CVE-2023-23583 at SUSE CVE-2023-23583 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. Important SUSE bug 1206480 SUSE bug 1206684 SUSE bug 1210557 SUSE bug 1211427 SUSE bug 1212101 SUSE bug 1213915 SUSE bug 1214052 SUSE bug 1214460 SUSE bug 1215427 SUSE bug 1216664 CVE-2023-4039 at SUSE CVE-2023-4039 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). Moderate SUSE bug 1216129 CVE-2023-45322 at SUSE CVE-2023-45322 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). Important SUSE bug 1216654 SUSE bug 1216807 CVE-2023-46835 at SUSE CVE-2023-46835 at NVD CVE-2023-46836 at SUSE CVE-2023-46836 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). Moderate SUSE bug 1216377 CVE-2023-45803 at SUSE CVE-2023-45803 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) Important SUSE bug 1215278 CVE-2023-23583 at SUSE CVE-2023-23583 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Important SUSE bug 1216922 CVE-2023-5678 at SUSE CVE-2023-5678 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) Important SUSE bug 1215940 SUSE bug 1216001 SUSE bug 1216167 SUSE bug 1216696 CVE-2023-46246 at SUSE CVE-2023-46246 at NVD CVE-2023-5344 at SUSE CVE-2023-5344 at NVD CVE-2023-5441 at SUSE CVE-2023-5441 at NVD CVE-2023-5535 at SUSE CVE-2023-5535 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380) - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) - CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the 'fragment table' fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * 'Non-anchored' excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows '.' to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for 'corrupted' filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new 'experts' category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use 'max open file limit' when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports 'Actions'. * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file 'R' definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports 'exclude' files. * Max depth traversal option added. * Unsquashfs can now output a 'Pseudo file' representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs '-stat' output. * Unsquashfs 'write outside directory' exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. Important SUSE bug 1189936 SUSE bug 1190531 SUSE bug 935380 CVE-2015-4645 at SUSE CVE-2015-4645 at NVD CVE-2015-4646 at SUSE CVE-2015-4646 at NVD CVE-2021-40153 at SUSE CVE-2021-40153 at NVD CVE-2021-41072 at SUSE CVE-2021-41072 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). Important SUSE bug 1210660 CVE-2023-2137 at SUSE CVE-2023-2137 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). Moderate SUSE bug 1202436 SUSE bug 1207753 CVE-2022-48303 at SUSE CVE-2022-48303 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. - CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. - CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. - CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. - CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. - CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. - CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. - CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. - CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). Important SUSE bug 1215823 SUSE bug 1215831 CVE-2021-26345 at SUSE CVE-2021-26345 at NVD CVE-2021-46766 at SUSE CVE-2021-46766 at NVD CVE-2021-46774 at SUSE CVE-2021-46774 at NVD CVE-2022-23820 at SUSE CVE-2022-23820 at NVD CVE-2022-23830 at SUSE CVE-2022-23830 at NVD CVE-2023-20519 at SUSE CVE-2023-20519 at NVD CVE-2023-20521 at SUSE CVE-2023-20521 at NVD CVE-2023-20526 at SUSE CVE-2023-20526 at NVD CVE-2023-20533 at SUSE CVE-2023-20533 at NVD CVE-2023-20566 at SUSE CVE-2023-20566 at NVD CVE-2023-20592 at SUSE CVE-2023-20592 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Important SUSE bug 1216410 SUSE bug 1217215 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). Moderate SUSE bug 1217573 CVE-2023-46218 at SUSE CVE-2023-46218 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 Important SUSE bug 1200528 CVE-2022-1996 at SUSE CVE-2022-1996 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). Important SUSE bug 1084909 SUSE bug 1210780 SUSE bug 1214037 SUSE bug 1214344 SUSE bug 1214764 SUSE bug 1215371 SUSE bug 1216058 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217140 SUSE bug 1217332 SUSE bug 1217408 SUSE bug 1217780 CVE-2023-31083 at SUSE CVE-2023-31083 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-39198 at SUSE CVE-2023-39198 at NVD CVE-2023-45863 at SUSE CVE-2023-45863 at NVD CVE-2023-45871 at SUSE CVE-2023-45871 at NVD CVE-2023-5717 at SUSE CVE-2023-5717 at NVD CVE-2023-6176 at SUSE CVE-2023-6176 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). Important SUSE bug 1084909 SUSE bug 1210780 SUSE bug 1214037 SUSE bug 1214344 SUSE bug 1214764 SUSE bug 1215371 SUSE bug 1216058 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217140 SUSE bug 1217332 SUSE bug 1217408 SUSE bug 1217780 CVE-2023-31083 at SUSE CVE-2023-31083 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-39198 at SUSE CVE-2023-39198 at NVD CVE-2023-45863 at SUSE CVE-2023-45863 at NVD CVE-2023-45871 at SUSE CVE-2023-45871 at NVD CVE-2023-5717 at SUSE CVE-2023-5717 at NVD CVE-2023-6176 at SUSE CVE-2023-6176 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). Important SUSE bug 1208067 CVE-2022-4904 at SUSE CVE-2022-4904 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) Moderate SUSE bug 1201384 SUSE bug 1218014 CVE-2023-50495 at SUSE CVE-2023-50495 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump Important SUSE bug 1214788 SUSE bug 1217950 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). Moderate SUSE bug 1217592 CVE-2023-49083 at SUSE CVE-2023-49083 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) Important SUSE bug 1170415 SUSE bug 1170446 SUSE bug 1178760 SUSE bug 1210141 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1215323 SUSE bug 1217513 CVE-2020-12912 at SUSE CVE-2020-12912 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8695 at SUSE CVE-2020-8695 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). Moderate SUSE bug 1217277 CVE-2023-5981 at SUSE CVE-2023-5981 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Moderate SUSE bug 1206579 CVE-2022-47629 at SUSE CVE-2022-47629 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Important SUSE bug 1208275 SUSE bug 1208276 SUSE bug 1208277 CVE-2022-21216 at SUSE CVE-2022-21216 at NVD CVE-2022-33196 at SUSE CVE-2022-33196 at NVD CVE-2022-38090 at SUSE CVE-2022-38090 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399). - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073). - CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125). The following non-security bugs were fixed: - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - ext4: Detect already used quota file early (bsc#1206873). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - ibmveth: Always stop tx queues during close (bsc#1065729). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, memcg: do not high throttle allocators based on wraparound - mm, memcg: fix corruption on 64-bit divisor in memory.high throttling - mm, memcg: throttle allocators based on ancestral memory.high - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - module: Remove accidental change of module_enable_x() (git-fixes). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - modules: lockdep: Suppress suspicious RCU usage warning (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - nfs: Fix an Oops in nfs_d_automount() (git-fixes). - nfs: Fix memory leaks (git-fixes). - nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - nfs: Handle missing attributes in OPEN reply (bsc#1203740). - nfs: Zero-stateid SETATTR should first return delegation (git-fixes). - nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfs_find_open_context() may only select open files (git-fixes). - nfs: nfs_xdr_status should record the procedure name (git-fixes). - nfs: we do not support removing system.nfs4_acl (git-fixes). - nfsd: Clone should commit src file metadata too (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - nfsd: Keep existing listeners on portlist error (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix error handling in NFSv4.0 callbacks (git-fixes). - nfsd: safer handling of corrupted c_type (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: error out when relink swapfile (git-fixes). - nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - nfsv4: Fix races between open and dentry revalidation (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Do not start a timer on an already queued rpc task (git-fixes). - sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). - sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Handle 0 length opaque XDR object data properly (git-fixes). - sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes). - sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - sunrpc: check that domain table is empty at module unload (git-fixes). - sunrpc: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Limit sparing table size (bsc#1206643). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1203740 SUSE bug 1204614 SUSE bug 1204989 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206344 SUSE bug 1206393 SUSE bug 1206399 SUSE bug 1206515 SUSE bug 1206602 SUSE bug 1206634 SUSE bug 1206635 SUSE bug 1206636 SUSE bug 1206637 SUSE bug 1206640 SUSE bug 1206641 SUSE bug 1206642 SUSE bug 1206643 SUSE bug 1206644 SUSE bug 1206645 SUSE bug 1206646 SUSE bug 1206647 SUSE bug 1206648 SUSE bug 1206649 SUSE bug 1206841 SUSE bug 1206854 SUSE bug 1206855 SUSE bug 1206857 SUSE bug 1206858 SUSE bug 1206859 SUSE bug 1206860 SUSE bug 1206873 SUSE bug 1206875 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1206888 SUSE bug 1206889 SUSE bug 1206890 SUSE bug 1206891 SUSE bug 1206893 SUSE bug 1206896 SUSE bug 1206904 SUSE bug 1207036 SUSE bug 1207125 CVE-2022-3112 at SUSE CVE-2022-3112 at NVD CVE-2022-3115 at SUSE CVE-2022-3115 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-47520 at SUSE CVE-2022-47520 at NVD CVE-2023-23454 at SUSE CVE-2023-23454 at NVD CVE-2023-23455 at SUSE CVE-2023-23455 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) Important SUSE bug 1178168 SUSE bug 1182066 SUSE bug 1198331 SUSE bug 1199282 CVE-2020-25659 at SUSE CVE-2020-25659 at NVD CVE-2020-36242 at SUSE CVE-2020-36242 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). Moderate SUSE bug 1208143 CVE-2023-0361 at SUSE CVE-2023-0361 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 at SUSE CVE-2021-30560 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bugs were fixed: - Fixed a crash in the garbage collection (bsc#1188607) - Fixed email.generator.py to not replace a non-existent header (bsc#1208443, gh#python/cpython#71508). Important SUSE bug 1188607 SUSE bug 1208443 SUSE bug 1208471 CVE-2023-24329 at SUSE CVE-2023-24329 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599). - CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - add support for enabling livepatching related packages on -RT (jsc#PED-1706) - add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - config.conf: Drop armv7l, Leap 15.3 is EOL. - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - delete config/armv7hl/default. - delete config/armv7hl/lpae. - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - drivers:md:fix a potential use-after-free bug (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - hid: betop: check shape of output reports (git-fixes, bsc#1207186). - hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - kabi/severities: add mlx5 internal symbols - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508). - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#119175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#119175). - net/mlx5: Fix flow counters SF bulk query len (bsc#119175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175). - net/mlx5: Use order-0 allocations for EQs (bsc#119175). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - rdma/core: Fix ib block iterator counter overflow (bsc#1207878). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). - revert 'constraints: increase disk space for all architectures' (bsc#1203693). - rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Important SUSE bug 1186449 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1203693 SUSE bug 1204502 SUSE bug 1204760 SUSE bug 1205149 SUSE bug 1206351 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207034 SUSE bug 1207051 SUSE bug 1207134 SUSE bug 1207186 SUSE bug 1207237 SUSE bug 1207497 SUSE bug 1207508 SUSE bug 1207560 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1207878 SUSE bug 1208212 SUSE bug 1208599 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208776 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208845 SUSE bug 1208971 SUSE bug 1209008 CVE-2022-3606 at SUSE CVE-2022-3606 at NVD CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-38096 at SUSE CVE-2022-38096 at NVD CVE-2022-47929 at SUSE CVE-2022-47929 at NVD CVE-2023-0045 at SUSE CVE-2023-0045 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD CVE-2023-0266 at SUSE CVE-2023-0266 at NVD CVE-2023-0590 at SUSE CVE-2023-0590 at NVD CVE-2023-0597 at SUSE CVE-2023-0597 at NVD CVE-2023-1076 at SUSE CVE-2023-1076 at NVD CVE-2023-1095 at SUSE CVE-2023-1095 at NVD CVE-2023-1118 at SUSE CVE-2023-1118 at NVD CVE-2023-1195 at SUSE CVE-2023-1195 at NVD CVE-2023-22995 at SUSE CVE-2023-22995 at NVD CVE-2023-22998 at SUSE CVE-2023-22998 at NVD CVE-2023-23000 at SUSE CVE-2023-23000 at NVD CVE-2023-23004 at SUSE CVE-2023-23004 at NVD CVE-2023-23006 at SUSE CVE-2023-23006 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD CVE-2023-25012 at SUSE CVE-2023-25012 at NVD CVE-2023-26545 at SUSE CVE-2023-26545 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). Important SUSE bug 1186449 SUSE bug 1195175 SUSE bug 1198438 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1206103 SUSE bug 1206351 SUSE bug 1207051 SUSE bug 1207575 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208023 SUSE bug 1208153 SUSE bug 1208212 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208776 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208845 SUSE bug 1208971 CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-38096 at SUSE CVE-2022-38096 at NVD CVE-2023-0045 at SUSE CVE-2023-0045 at NVD CVE-2023-0590 at SUSE CVE-2023-0590 at NVD CVE-2023-0597 at SUSE CVE-2023-0597 at NVD CVE-2023-1118 at SUSE CVE-2023-1118 at NVD CVE-2023-22995 at SUSE CVE-2023-22995 at NVD CVE-2023-22998 at SUSE CVE-2023-22998 at NVD CVE-2023-23000 at SUSE CVE-2023-23000 at NVD CVE-2023-23006 at SUSE CVE-2023-23006 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD CVE-2023-26545 at SUSE CVE-2023-26545 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 Important SUSE bug 1207780 SUSE bug 1208828 SUSE bug 1208957 SUSE bug 1208959 CVE-2023-0512 at SUSE CVE-2023-0512 at NVD CVE-2023-1127 at SUSE CVE-2023-1127 at NVD CVE-2023-1170 at SUSE CVE-2023-1170 at NVD CVE-2023-1175 at SUSE CVE-2023-1175 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Moderate SUSE bug 1206673 CVE-2022-40899 at SUSE CVE-2022-40899 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers Moderate SUSE bug 1205375 SUSE bug 1206065 CVE-2022-36109 at SUSE CVE-2022-36109 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808). - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). - CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038). - CVE-2022-1050: Fixed a use-after-free issue in pvrdma_exec_cmd() in pvrdma (bsc#1197653). - CVE-2021-3929: Fixed a DMA reentrancy issue leads to use-after-free in nvme (bsc#1193880). The following non-security bugs were fixed: - Fix bsc#1202364. Important SUSE bug 1180207 SUSE bug 1185000 SUSE bug 1193880 SUSE bug 1197653 SUSE bug 1198038 SUSE bug 1202364 SUSE bug 1205808 CVE-2020-14394 at SUSE CVE-2020-14394 at NVD CVE-2021-3507 at SUSE CVE-2021-3507 at NVD CVE-2021-3929 at SUSE CVE-2021-3929 at NVD CVE-2022-0216 at SUSE CVE-2022-0216 at NVD CVE-2022-1050 at SUSE CVE-2022-1050 at NVD CVE-2022-4144 at SUSE CVE-2022-4144 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). Important SUSE bug 1209017 SUSE bug 1209018 SUSE bug 1209019 SUSE bug 1209188 CVE-2022-42331 at SUSE CVE-2022-42331 at NVD CVE-2022-42332 at SUSE CVE-2022-42332 at NVD CVE-2022-42333 at SUSE CVE-2022-42333 at NVD CVE-2022-42334 at SUSE CVE-2022-42334 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for slirp4netns fixes the following issues: - CVE-2020-29129: Fixed out-of-bounds access while processing NCSI packets (bsc#1179466). - CVE-2020-29130: Fixed out-of-bounds access while processing ARP packets (bsc#1179467). Moderate SUSE bug 1179466 SUSE bug 1179467 CVE-2020-29129 at SUSE CVE-2020-29129 at NVD CVE-2020-29130 at SUSE CVE-2020-29130 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for polkit fixes the following issues: - Change permissions for rules folders (bsc#1209282) Moderate SUSE bug 1209282 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). Important SUSE bug 1220770 SUSE bug 1220771 CVE-2024-26458 at SUSE CVE-2024-26458 at NVD CVE-2024-26461 at SUSE CVE-2024-26461 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677). Important SUSE bug 1221677 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libvirt fixes the following issues: - CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation (bsc#1221815). Moderate SUSE bug 1221815 CVE-2024-2494 at SUSE CVE-2024-2494 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). Important SUSE bug 1179610 SUSE bug 1211226 SUSE bug 1215237 SUSE bug 1215375 SUSE bug 1217250 SUSE bug 1217709 SUSE bug 1217946 SUSE bug 1217947 SUSE bug 1218105 SUSE bug 1218184 SUSE bug 1218253 SUSE bug 1218258 SUSE bug 1218559 CVE-2020-26555 at SUSE CVE-2020-26555 at NVD CVE-2023-51779 at SUSE CVE-2023-51779 at NVD CVE-2023-6121 at SUSE CVE-2023-6121 at NVD CVE-2023-6606 at SUSE CVE-2023-6606 at NVD CVE-2023-6610 at SUSE CVE-2023-6610 at NVD CVE-2023-6931 at SUSE CVE-2023-6931 at NVD CVE-2023-6932 at SUSE CVE-2023-6932 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) Moderate SUSE bug 1221665 SUSE bug 1221667 CVE-2024-2004 at SUSE CVE-2024-2004 at NVD CVE-2024-2398 at SUSE CVE-2024-2398 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). Moderate SUSE bug 1220061 CVE-2023-45918 at SUSE CVE-2023-45918 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). Moderate SUSE bug 1220279 CVE-2024-25629 at SUSE CVE-2024-25629 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20240312 release. (bsc#1221323) - CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access - CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. - CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel? SGX may allow a privileged user to potentially enable information disclosure via local access. Moderate SUSE bug 1221323 CVE-2023-22655 at SUSE CVE-2023-22655 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-38575 at SUSE CVE-2023-38575 at NVD CVE-2023-39368 at SUSE CVE-2023-39368 at NVD CVE-2023-43490 at SUSE CVE-2023-43490 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) - Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * https://github.com/containers/buildah/releases/tag/v1.34.0 * https://github.com/containers/buildah/releases/tag/v1.33.0 * https://github.com/containers/buildah/releases/tag/v1.32.0 * https://github.com/containers/buildah/releases/tag/v1.31.0 * https://github.com/containers/buildah/releases/tag/v1.30.0 - Require cni-plugins (bsc#1220568) Important SUSE bug 1219563 SUSE bug 1220568 SUSE bug 1221677 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) Moderate SUSE bug 1221332 SUSE bug 1221334 CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2024-2193 at SUSE CVE-2024-2193 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) Important SUSE bug 1221399 CVE-2024-28182 at SUSE CVE-2024-28182 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) Important SUSE bug 1194038 SUSE bug 1207987 SUSE bug 1221831 CVE-2024-28085 at SUSE CVE-2024-28085 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). Important SUSE bug 1219901 CVE-2022-48624 at SUSE CVE-2022-48624 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) Moderate SUSE bug 1175678 SUSE bug 1218171 SUSE bug 1218544 SUSE bug 1221525 CVE-2024-0217 at SUSE CVE-2024-0217 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) Moderate SUSE bug 1217000 SUSE bug 1218475 CVE-2024-22365 at SUSE CVE-2024-22365 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) Important SUSE bug 1198101 SUSE bug 1205588 SUSE bug 1205855 SUSE bug 1210382 SUSE bug 1213945 SUSE bug 1215098 SUSE bug 1215099 SUSE bug 1215100 SUSE bug 1215101 SUSE bug 1215102 SUSE bug 1215103 SUSE bug 1219460 CVE-2022-28737 at SUSE CVE-2022-28737 at NVD CVE-2023-40546 at SUSE CVE-2023-40546 at NVD CVE-2023-40547 at SUSE CVE-2023-40547 at NVD CVE-2023-40548 at SUSE CVE-2023-40548 at NVD CVE-2023-40549 at SUSE CVE-2023-40549 at NVD CVE-2023-40550 at SUSE CVE-2023-40550 at NVD CVE-2023-40551 at SUSE CVE-2023-40551 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) Important SUSE bug 1222992 CVE-2024-2961 at SUSE CVE-2024-2961 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). Moderate SUSE bug 1222842 CVE-2024-3651 at SUSE CVE-2024-3651 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556). - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560). - CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561). - CVE-2021-46908: Fixed incorrect permission flag for mixed signed bounds arithmetic in bpf (bsc#1220425). - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq (bsc#1220554). - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580). - CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583). - CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566). - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662). - CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi (bsc#1220615). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532). - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand() (bsc#1220536). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743). - CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575). - CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638). - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625). - CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en (bsc#1220794). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692). - CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi (bsc#1220764). - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768). - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769). - CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779). - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777). - CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749). - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739). - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829). - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic (bsc#1220846). - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850). - CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532). - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541). - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548). - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4 (bsc#1221575). - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605). - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608). - CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47136: Fixed uninitialized memory access caused by allocation via zero-initialize tc skb extension in net (bsc#1221931). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934). - CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935). - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949). - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952). - CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965). - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998). - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991). - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002). - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000). - CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004). - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994). - CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992). - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47176: Fixed crash with illegal operation exception in dasd_device_tasklet in s390/dasd (bsc#1221996). - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997). - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4 (bsc#1222001). - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - doc/README.SUSE: Update information about module support status (jsc#PED-5759) - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - group-source-files.pl: Quote filenames (boo#1221077). - mm: fix gup_pud_range (bsc#1220824). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). Altered because 5.3 does not do SSP Important SUSE bug 1192145 SUSE bug 1209657 SUSE bug 1218336 SUSE bug 1218447 SUSE bug 1218479 SUSE bug 1218562 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220320 SUSE bug 1220340 SUSE bug 1220366 SUSE bug 1220400 SUSE bug 1220411 SUSE bug 1220413 SUSE bug 1220414 SUSE bug 1220425 SUSE bug 1220426 SUSE bug 1220429 SUSE bug 1220432 SUSE bug 1220442 SUSE bug 1220445 SUSE bug 1220465 SUSE bug 1220468 SUSE bug 1220475 SUSE bug 1220484 SUSE bug 1220486 SUSE bug 1220487 SUSE bug 1220516 SUSE bug 1220521 SUSE bug 1220528 SUSE bug 1220529 SUSE bug 1220532 SUSE bug 1220536 SUSE bug 1220554 SUSE bug 1220556 SUSE bug 1220557 SUSE bug 1220560 SUSE bug 1220561 SUSE bug 1220566 SUSE bug 1220575 SUSE bug 1220580 SUSE bug 1220583 SUSE bug 1220611 SUSE bug 1220615 SUSE bug 1220621 SUSE bug 1220625 SUSE bug 1220630 SUSE bug 1220631 SUSE bug 1220638 SUSE bug 1220639 SUSE bug 1220640 SUSE bug 1220662 SUSE bug 1220663 SUSE bug 1220669 SUSE bug 1220670 SUSE bug 1220677 SUSE bug 1220678 SUSE bug 1220685 SUSE bug 1220687 SUSE bug 1220688 SUSE bug 1220692 SUSE bug 1220697 SUSE bug 1220703 SUSE bug 1220706 SUSE bug 1220733 SUSE bug 1220734 SUSE bug 1220739 SUSE bug 1220743 SUSE bug 1220749 SUSE bug 1220751 SUSE bug 1220753 SUSE bug 1220758 SUSE bug 1220759 SUSE bug 1220764 SUSE bug 1220768 SUSE bug 1220769 SUSE bug 1220777 SUSE bug 1220779 SUSE bug 1220785 SUSE bug 1220790 SUSE bug 1220794 SUSE bug 1220824 SUSE bug 1220829 SUSE bug 1220836 SUSE bug 1220846 SUSE bug 1220850 SUSE bug 1220861 SUSE bug 1220871 SUSE bug 1220883 SUSE bug 1220946 SUSE bug 1220954 SUSE bug 1220969 SUSE bug 1220979 SUSE bug 1220982 SUSE bug 1220985 SUSE bug 1220987 SUSE bug 1221015 SUSE bug 1221044 SUSE bug 1221058 SUSE bug 1221061 SUSE bug 1221077 SUSE bug 1221088 SUSE bug 1221276 SUSE bug 1221293 SUSE bug 1221532 SUSE bug 1221534 SUSE bug 1221541 SUSE bug 1221548 SUSE bug 1221552 SUSE bug 1221575 SUSE bug 1221605 SUSE bug 1221606 SUSE bug 1221608 SUSE bug 1221830 SUSE bug 1221931 SUSE bug 1221932 SUSE bug 1221934 SUSE bug 1221935 SUSE bug 1221949 SUSE bug 1221952 SUSE bug 1221965 SUSE bug 1221966 SUSE bug 1221969 SUSE bug 1221973 SUSE bug 1221974 SUSE bug 1221978 SUSE bug 1221989 SUSE bug 1221990 SUSE bug 1221991 SUSE bug 1221992 SUSE bug 1221993 SUSE bug 1221994 SUSE bug 1221996 SUSE bug 1221997 SUSE bug 1221998 SUSE bug 1221999 SUSE bug 1222000 SUSE bug 1222001 SUSE bug 1222002 SUSE bug 1222003 SUSE bug 1222004 SUSE bug 1222117 SUSE bug 1222422 SUSE bug 1222585 SUSE bug 1222619 SUSE bug 1222660 SUSE bug 1222664 SUSE bug 1222669 SUSE bug 1222706 SUSE bug 1222878 CVE-2020-36780 at SUSE CVE-2020-36780 at NVD CVE-2020-36781 at SUSE CVE-2020-36781 at NVD CVE-2020-36782 at SUSE CVE-2020-36782 at NVD CVE-2020-36783 at SUSE CVE-2020-36783 at NVD CVE-2021-46908 at SUSE CVE-2021-46908 at NVD CVE-2021-46909 at SUSE CVE-2021-46909 at NVD CVE-2021-46911 at SUSE CVE-2021-46911 at NVD CVE-2021-46914 at SUSE CVE-2021-46914 at NVD CVE-2021-46917 at SUSE CVE-2021-46917 at NVD CVE-2021-46918 at SUSE CVE-2021-46918 at NVD CVE-2021-46919 at SUSE CVE-2021-46919 at NVD CVE-2021-46920 at SUSE CVE-2021-46920 at NVD CVE-2021-46921 at SUSE CVE-2021-46921 at NVD CVE-2021-46922 at SUSE CVE-2021-46922 at NVD CVE-2021-46930 at SUSE CVE-2021-46930 at NVD CVE-2021-46931 at SUSE CVE-2021-46931 at NVD CVE-2021-46933 at SUSE CVE-2021-46933 at NVD CVE-2021-46938 at SUSE CVE-2021-46938 at NVD CVE-2021-46939 at SUSE CVE-2021-46939 at NVD CVE-2021-46943 at SUSE CVE-2021-46943 at NVD CVE-2021-46944 at SUSE CVE-2021-46944 at NVD CVE-2021-46950 at SUSE CVE-2021-46950 at NVD CVE-2021-46951 at SUSE CVE-2021-46951 at NVD CVE-2021-46956 at SUSE CVE-2021-46956 at NVD CVE-2021-46958 at SUSE CVE-2021-46958 at NVD CVE-2021-46959 at SUSE CVE-2021-46959 at NVD CVE-2021-46960 at SUSE CVE-2021-46960 at NVD CVE-2021-46961 at SUSE CVE-2021-46961 at NVD CVE-2021-46962 at SUSE CVE-2021-46962 at NVD CVE-2021-46963 at SUSE CVE-2021-46963 at NVD CVE-2021-46971 at SUSE CVE-2021-46971 at NVD CVE-2021-46976 at SUSE CVE-2021-46976 at NVD CVE-2021-46980 at SUSE CVE-2021-46980 at NVD CVE-2021-46981 at SUSE CVE-2021-46981 at NVD CVE-2021-46983 at SUSE CVE-2021-46983 at NVD CVE-2021-46984 at SUSE CVE-2021-46984 at NVD CVE-2021-46988 at SUSE CVE-2021-46988 at NVD CVE-2021-46990 at SUSE CVE-2021-46990 at NVD CVE-2021-46991 at SUSE CVE-2021-46991 at NVD CVE-2021-46992 at SUSE CVE-2021-46992 at NVD CVE-2021-46998 at SUSE CVE-2021-46998 at NVD CVE-2021-47000 at SUSE CVE-2021-47000 at NVD CVE-2021-47001 at SUSE CVE-2021-47001 at NVD CVE-2021-47003 at SUSE CVE-2021-47003 at NVD CVE-2021-47006 at SUSE CVE-2021-47006 at NVD CVE-2021-47009 at SUSE CVE-2021-47009 at NVD CVE-2021-47014 at SUSE CVE-2021-47014 at NVD CVE-2021-47015 at SUSE CVE-2021-47015 at NVD CVE-2021-47017 at SUSE CVE-2021-47017 at NVD CVE-2021-47020 at SUSE CVE-2021-47020 at NVD CVE-2021-47026 at SUSE CVE-2021-47026 at NVD CVE-2021-47034 at SUSE CVE-2021-47034 at NVD CVE-2021-47035 at SUSE CVE-2021-47035 at NVD CVE-2021-47038 at SUSE CVE-2021-47038 at NVD CVE-2021-47044 at SUSE CVE-2021-47044 at NVD CVE-2021-47045 at SUSE CVE-2021-47045 at NVD CVE-2021-47046 at SUSE CVE-2021-47046 at NVD CVE-2021-47049 at SUSE CVE-2021-47049 at NVD CVE-2021-47051 at SUSE CVE-2021-47051 at NVD CVE-2021-47055 at SUSE CVE-2021-47055 at NVD CVE-2021-47056 at SUSE CVE-2021-47056 at NVD CVE-2021-47058 at SUSE CVE-2021-47058 at NVD CVE-2021-47063 at SUSE CVE-2021-47063 at NVD CVE-2021-47065 at SUSE CVE-2021-47065 at NVD CVE-2021-47068 at SUSE CVE-2021-47068 at NVD CVE-2021-47070 at SUSE CVE-2021-47070 at NVD CVE-2021-47071 at SUSE CVE-2021-47071 at NVD CVE-2021-47073 at SUSE CVE-2021-47073 at NVD CVE-2021-47077 at SUSE CVE-2021-47077 at NVD CVE-2021-47082 at SUSE CVE-2021-47082 at NVD CVE-2021-47087 at SUSE CVE-2021-47087 at NVD CVE-2021-47095 at SUSE CVE-2021-47095 at NVD CVE-2021-47097 at SUSE CVE-2021-47097 at NVD CVE-2021-47100 at SUSE CVE-2021-47100 at NVD CVE-2021-47101 at SUSE CVE-2021-47101 at NVD CVE-2021-47109 at SUSE CVE-2021-47109 at NVD CVE-2021-47110 at SUSE CVE-2021-47110 at NVD CVE-2021-47112 at SUSE CVE-2021-47112 at NVD CVE-2021-47114 at SUSE CVE-2021-47114 at NVD CVE-2021-47117 at SUSE CVE-2021-47117 at NVD CVE-2021-47118 at SUSE CVE-2021-47118 at NVD CVE-2021-47119 at SUSE CVE-2021-47119 at NVD CVE-2021-47120 at SUSE CVE-2021-47120 at NVD CVE-2021-47130 at SUSE CVE-2021-47130 at NVD CVE-2021-47136 at SUSE CVE-2021-47136 at NVD CVE-2021-47137 at SUSE CVE-2021-47137 at NVD CVE-2021-47138 at SUSE CVE-2021-47138 at NVD CVE-2021-47139 at SUSE CVE-2021-47139 at NVD CVE-2021-47141 at SUSE CVE-2021-47141 at NVD CVE-2021-47142 at SUSE CVE-2021-47142 at NVD CVE-2021-47144 at SUSE CVE-2021-47144 at NVD CVE-2021-47150 at SUSE CVE-2021-47150 at NVD CVE-2021-47153 at SUSE CVE-2021-47153 at NVD CVE-2021-47160 at SUSE CVE-2021-47160 at NVD CVE-2021-47161 at SUSE CVE-2021-47161 at NVD CVE-2021-47164 at SUSE CVE-2021-47164 at NVD CVE-2021-47165 at SUSE CVE-2021-47165 at NVD CVE-2021-47166 at SUSE CVE-2021-47166 at NVD CVE-2021-47167 at SUSE CVE-2021-47167 at NVD CVE-2021-47168 at SUSE CVE-2021-47168 at NVD CVE-2021-47169 at SUSE CVE-2021-47169 at NVD CVE-2021-47170 at SUSE CVE-2021-47170 at NVD CVE-2021-47171 at SUSE CVE-2021-47171 at NVD CVE-2021-47172 at SUSE CVE-2021-47172 at NVD CVE-2021-47173 at SUSE CVE-2021-47173 at NVD CVE-2021-47174 at SUSE CVE-2021-47174 at NVD CVE-2021-47175 at SUSE CVE-2021-47175 at NVD CVE-2021-47176 at SUSE CVE-2021-47176 at NVD CVE-2021-47177 at SUSE CVE-2021-47177 at NVD CVE-2021-47179 at SUSE CVE-2021-47179 at NVD CVE-2021-47180 at SUSE CVE-2021-47180 at NVD CVE-2021-47181 at SUSE CVE-2021-47181 at NVD CVE-2021-47183 at SUSE CVE-2021-47183 at NVD CVE-2021-47185 at SUSE CVE-2021-47185 at NVD CVE-2021-47189 at SUSE CVE-2021-47189 at NVD CVE-2021-47202 at SUSE CVE-2021-47202 at NVD CVE-2022-48626 at SUSE CVE-2022-48626 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-52454 at SUSE CVE-2023-52454 at NVD CVE-2023-52469 at SUSE CVE-2023-52469 at NVD CVE-2023-52470 at SUSE CVE-2023-52470 at NVD CVE-2023-52474 at SUSE CVE-2023-52474 at NVD CVE-2023-52476 at SUSE CVE-2023-52476 at NVD CVE-2023-52477 at SUSE CVE-2023-52477 at NVD CVE-2023-52492 at SUSE CVE-2023-52492 at NVD CVE-2023-52500 at SUSE CVE-2023-52500 at NVD CVE-2023-52508 at SUSE CVE-2023-52508 at NVD CVE-2023-52509 at SUSE CVE-2023-52509 at NVD CVE-2023-52572 at SUSE CVE-2023-52572 at NVD CVE-2023-52575 at SUSE CVE-2023-52575 at NVD CVE-2023-52583 at SUSE CVE-2023-52583 at NVD CVE-2023-52590 at SUSE CVE-2023-52590 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52607 at SUSE CVE-2023-52607 at NVD CVE-2023-52628 at SUSE CVE-2023-52628 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2023-7192 at SUSE CVE-2023-7192 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-26600 at SUSE CVE-2024-26600 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - group-source-files.pl: Quote filenames (boo#1221077). - kernel-binary: certs: Avoid trailing space - mm: fix gup_pud_range (bsc#1220824). Important SUSE bug 1184942 SUSE bug 1186060 SUSE bug 1192145 SUSE bug 1194516 SUSE bug 1208995 SUSE bug 1209635 SUSE bug 1209657 SUSE bug 1212514 SUSE bug 1213456 SUSE bug 1217987 SUSE bug 1217988 SUSE bug 1217989 SUSE bug 1218336 SUSE bug 1218447 SUSE bug 1218479 SUSE bug 1218562 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220320 SUSE bug 1220340 SUSE bug 1220366 SUSE bug 1220400 SUSE bug 1220411 SUSE bug 1220413 SUSE bug 1220414 SUSE bug 1220425 SUSE bug 1220426 SUSE bug 1220429 SUSE bug 1220432 SUSE bug 1220442 SUSE bug 1220445 SUSE bug 1220465 SUSE bug 1220468 SUSE bug 1220475 SUSE bug 1220484 SUSE bug 1220486 SUSE bug 1220487 SUSE bug 1220516 SUSE bug 1220521 SUSE bug 1220528 SUSE bug 1220529 SUSE bug 1220532 SUSE bug 1220554 SUSE bug 1220556 SUSE bug 1220557 SUSE bug 1220560 SUSE bug 1220561 SUSE bug 1220566 SUSE bug 1220575 SUSE bug 1220580 SUSE bug 1220583 SUSE bug 1220611 SUSE bug 1220615 SUSE bug 1220621 SUSE bug 1220625 SUSE bug 1220630 SUSE bug 1220631 SUSE bug 1220638 SUSE bug 1220639 SUSE bug 1220640 SUSE bug 1220641 SUSE bug 1220662 SUSE bug 1220663 SUSE bug 1220669 SUSE bug 1220670 SUSE bug 1220677 SUSE bug 1220678 SUSE bug 1220685 SUSE bug 1220687 SUSE bug 1220688 SUSE bug 1220692 SUSE bug 1220697 SUSE bug 1220703 SUSE bug 1220706 SUSE bug 1220733 SUSE bug 1220734 SUSE bug 1220739 SUSE bug 1220743 SUSE bug 1220745 SUSE bug 1220749 SUSE bug 1220751 SUSE bug 1220753 SUSE bug 1220758 SUSE bug 1220759 SUSE bug 1220764 SUSE bug 1220768 SUSE bug 1220769 SUSE bug 1220777 SUSE bug 1220779 SUSE bug 1220785 SUSE bug 1220790 SUSE bug 1220794 SUSE bug 1220824 SUSE bug 1220826 SUSE bug 1220829 SUSE bug 1220836 SUSE bug 1220846 SUSE bug 1220850 SUSE bug 1220861 SUSE bug 1220871 SUSE bug 1220883 SUSE bug 1220946 SUSE bug 1220954 SUSE bug 1220969 SUSE bug 1220979 SUSE bug 1220982 SUSE bug 1220985 SUSE bug 1220987 SUSE bug 1221015 SUSE bug 1221044 SUSE bug 1221058 SUSE bug 1221061 SUSE bug 1221077 SUSE bug 1221088 SUSE bug 1221276 SUSE bug 1221293 SUSE bug 1221532 SUSE bug 1221534 SUSE bug 1221541 SUSE bug 1221548 SUSE bug 1221552 SUSE bug 1221575 SUSE bug 1221605 SUSE bug 1221606 SUSE bug 1221608 SUSE bug 1221830 SUSE bug 1221931 SUSE bug 1221932 SUSE bug 1221934 SUSE bug 1221935 SUSE bug 1221949 SUSE bug 1221952 SUSE bug 1221965 SUSE bug 1221966 SUSE bug 1221969 SUSE bug 1221973 SUSE bug 1221974 SUSE bug 1221978 SUSE bug 1221989 SUSE bug 1221990 SUSE bug 1221991 SUSE bug 1221992 SUSE bug 1221993 SUSE bug 1221994 SUSE bug 1221996 SUSE bug 1221997 SUSE bug 1221998 SUSE bug 1221999 SUSE bug 1222000 SUSE bug 1222001 SUSE bug 1222002 SUSE bug 1222003 SUSE bug 1222004 SUSE bug 1222117 SUSE bug 1222422 SUSE bug 1222585 SUSE bug 1222619 SUSE bug 1222660 SUSE bug 1222664 SUSE bug 1222669 SUSE bug 1222706 CVE-2020-36780 at SUSE CVE-2020-36780 at NVD CVE-2020-36781 at SUSE CVE-2020-36781 at NVD CVE-2020-36782 at SUSE CVE-2020-36782 at NVD CVE-2020-36783 at SUSE CVE-2020-36783 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-46908 at SUSE CVE-2021-46908 at NVD CVE-2021-46909 at SUSE CVE-2021-46909 at NVD CVE-2021-46911 at SUSE CVE-2021-46911 at NVD CVE-2021-46914 at SUSE CVE-2021-46914 at NVD CVE-2021-46917 at SUSE CVE-2021-46917 at NVD CVE-2021-46918 at SUSE CVE-2021-46918 at NVD CVE-2021-46919 at SUSE CVE-2021-46919 at NVD CVE-2021-46920 at SUSE CVE-2021-46920 at NVD CVE-2021-46921 at SUSE CVE-2021-46921 at NVD CVE-2021-46922 at SUSE CVE-2021-46922 at NVD CVE-2021-46930 at SUSE CVE-2021-46930 at NVD CVE-2021-46931 at SUSE CVE-2021-46931 at NVD CVE-2021-46933 at SUSE CVE-2021-46933 at NVD CVE-2021-46938 at SUSE CVE-2021-46938 at NVD CVE-2021-46939 at SUSE CVE-2021-46939 at NVD CVE-2021-46943 at SUSE CVE-2021-46943 at NVD CVE-2021-46944 at SUSE CVE-2021-46944 at NVD CVE-2021-46950 at SUSE CVE-2021-46950 at NVD CVE-2021-46951 at SUSE CVE-2021-46951 at NVD CVE-2021-46956 at SUSE CVE-2021-46956 at NVD CVE-2021-46958 at SUSE CVE-2021-46958 at NVD CVE-2021-46959 at SUSE CVE-2021-46959 at NVD CVE-2021-46960 at SUSE CVE-2021-46960 at NVD CVE-2021-46961 at SUSE CVE-2021-46961 at NVD CVE-2021-46962 at SUSE CVE-2021-46962 at NVD CVE-2021-46963 at SUSE CVE-2021-46963 at NVD CVE-2021-46971 at SUSE CVE-2021-46971 at NVD CVE-2021-46976 at SUSE CVE-2021-46976 at NVD CVE-2021-46980 at SUSE CVE-2021-46980 at NVD CVE-2021-46981 at SUSE CVE-2021-46981 at NVD CVE-2021-46983 at SUSE CVE-2021-46983 at NVD CVE-2021-46984 at SUSE CVE-2021-46984 at NVD CVE-2021-46988 at SUSE CVE-2021-46988 at NVD CVE-2021-46990 at SUSE CVE-2021-46990 at NVD CVE-2021-46991 at SUSE CVE-2021-46991 at NVD CVE-2021-46992 at SUSE CVE-2021-46992 at NVD CVE-2021-46998 at SUSE CVE-2021-46998 at NVD CVE-2021-47000 at SUSE CVE-2021-47000 at NVD CVE-2021-47001 at SUSE CVE-2021-47001 at NVD CVE-2021-47003 at SUSE CVE-2021-47003 at NVD CVE-2021-47006 at SUSE CVE-2021-47006 at NVD CVE-2021-47009 at SUSE CVE-2021-47009 at NVD CVE-2021-47013 at SUSE CVE-2021-47013 at NVD CVE-2021-47014 at SUSE CVE-2021-47014 at NVD CVE-2021-47015 at SUSE CVE-2021-47015 at NVD CVE-2021-47017 at SUSE CVE-2021-47017 at NVD CVE-2021-47020 at SUSE CVE-2021-47020 at NVD CVE-2021-47026 at SUSE CVE-2021-47026 at NVD CVE-2021-47034 at SUSE CVE-2021-47034 at NVD CVE-2021-47035 at SUSE CVE-2021-47035 at NVD CVE-2021-47038 at SUSE CVE-2021-47038 at NVD CVE-2021-47044 at SUSE CVE-2021-47044 at NVD CVE-2021-47045 at SUSE CVE-2021-47045 at NVD CVE-2021-47046 at SUSE CVE-2021-47046 at NVD CVE-2021-47049 at SUSE CVE-2021-47049 at NVD CVE-2021-47051 at SUSE CVE-2021-47051 at NVD CVE-2021-47055 at SUSE CVE-2021-47055 at NVD CVE-2021-47056 at SUSE CVE-2021-47056 at NVD CVE-2021-47058 at SUSE CVE-2021-47058 at NVD CVE-2021-47061 at SUSE CVE-2021-47061 at NVD CVE-2021-47063 at SUSE CVE-2021-47063 at NVD CVE-2021-47065 at SUSE CVE-2021-47065 at NVD CVE-2021-47068 at SUSE CVE-2021-47068 at NVD CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2021-47070 at SUSE CVE-2021-47070 at NVD CVE-2021-47071 at SUSE CVE-2021-47071 at NVD CVE-2021-47073 at SUSE CVE-2021-47073 at NVD CVE-2021-47077 at SUSE CVE-2021-47077 at NVD CVE-2021-47082 at SUSE CVE-2021-47082 at NVD CVE-2021-47087 at SUSE CVE-2021-47087 at NVD CVE-2021-47095 at SUSE CVE-2021-47095 at NVD CVE-2021-47097 at SUSE CVE-2021-47097 at NVD CVE-2021-47100 at SUSE CVE-2021-47100 at NVD CVE-2021-47101 at SUSE CVE-2021-47101 at NVD CVE-2021-47109 at SUSE CVE-2021-47109 at NVD CVE-2021-47110 at SUSE CVE-2021-47110 at NVD CVE-2021-47112 at SUSE CVE-2021-47112 at NVD CVE-2021-47114 at SUSE CVE-2021-47114 at NVD CVE-2021-47117 at SUSE CVE-2021-47117 at NVD CVE-2021-47118 at SUSE CVE-2021-47118 at NVD CVE-2021-47119 at SUSE CVE-2021-47119 at NVD CVE-2021-47120 at SUSE CVE-2021-47120 at NVD CVE-2021-47130 at SUSE CVE-2021-47130 at NVD CVE-2021-47136 at SUSE CVE-2021-47136 at NVD CVE-2021-47137 at SUSE CVE-2021-47137 at NVD CVE-2021-47138 at SUSE CVE-2021-47138 at NVD CVE-2021-47139 at SUSE CVE-2021-47139 at NVD CVE-2021-47141 at SUSE CVE-2021-47141 at NVD CVE-2021-47142 at SUSE CVE-2021-47142 at NVD CVE-2021-47144 at SUSE CVE-2021-47144 at NVD CVE-2021-47150 at SUSE CVE-2021-47150 at NVD CVE-2021-47153 at SUSE CVE-2021-47153 at NVD CVE-2021-47160 at SUSE CVE-2021-47160 at NVD CVE-2021-47161 at SUSE CVE-2021-47161 at NVD CVE-2021-47164 at SUSE CVE-2021-47164 at NVD CVE-2021-47165 at SUSE CVE-2021-47165 at NVD CVE-2021-47166 at SUSE CVE-2021-47166 at NVD CVE-2021-47167 at SUSE CVE-2021-47167 at NVD CVE-2021-47168 at SUSE CVE-2021-47168 at NVD CVE-2021-47169 at SUSE CVE-2021-47169 at NVD CVE-2021-47170 at SUSE CVE-2021-47170 at NVD CVE-2021-47171 at SUSE CVE-2021-47171 at NVD CVE-2021-47172 at SUSE CVE-2021-47172 at NVD CVE-2021-47173 at SUSE CVE-2021-47173 at NVD CVE-2021-47174 at SUSE CVE-2021-47174 at NVD CVE-2021-47175 at SUSE CVE-2021-47175 at NVD CVE-2021-47176 at SUSE CVE-2021-47176 at NVD CVE-2021-47177 at SUSE CVE-2021-47177 at NVD CVE-2021-47179 at SUSE CVE-2021-47179 at NVD CVE-2021-47180 at SUSE CVE-2021-47180 at NVD CVE-2021-47181 at SUSE CVE-2021-47181 at NVD CVE-2021-47183 at SUSE CVE-2021-47183 at NVD CVE-2021-47185 at SUSE CVE-2021-47185 at NVD CVE-2021-47189 at SUSE CVE-2021-47189 at NVD CVE-2022-0487 at SUSE CVE-2022-0487 at NVD CVE-2022-4744 at SUSE CVE-2022-4744 at NVD CVE-2022-48626 at SUSE CVE-2022-48626 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1192 at SUSE CVE-2023-1192 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-35827 at SUSE CVE-2023-35827 at NVD CVE-2023-52454 at SUSE CVE-2023-52454 at NVD CVE-2023-52469 at SUSE CVE-2023-52469 at NVD CVE-2023-52470 at SUSE CVE-2023-52470 at NVD CVE-2023-52474 at SUSE CVE-2023-52474 at NVD CVE-2023-52476 at SUSE CVE-2023-52476 at NVD CVE-2023-52477 at SUSE CVE-2023-52477 at NVD CVE-2023-52492 at SUSE CVE-2023-52492 at NVD CVE-2023-52500 at SUSE CVE-2023-52500 at NVD CVE-2023-52508 at SUSE CVE-2023-52508 at NVD CVE-2023-52509 at SUSE CVE-2023-52509 at NVD CVE-2023-52572 at SUSE CVE-2023-52572 at NVD CVE-2023-52575 at SUSE CVE-2023-52575 at NVD CVE-2023-52583 at SUSE CVE-2023-52583 at NVD CVE-2023-52590 at SUSE CVE-2023-52590 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52607 at SUSE CVE-2023-52607 at NVD CVE-2023-52628 at SUSE CVE-2023-52628 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2023-6356 at SUSE CVE-2023-6356 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2023-6535 at SUSE CVE-2023-6535 at NVD CVE-2023-6536 at SUSE CVE-2023-6536 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2023-7192 at SUSE CVE-2023-7192 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-26600 at SUSE CVE-2024-26600 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). - io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709). Important SUSE bug 1179610 SUSE bug 1215237 SUSE bug 1215375 SUSE bug 1217250 SUSE bug 1217709 SUSE bug 1217946 SUSE bug 1217947 SUSE bug 1218105 SUSE bug 1218253 SUSE bug 1218258 SUSE bug 1218559 CVE-2020-26555 at SUSE CVE-2020-26555 at NVD CVE-2023-51779 at SUSE CVE-2023-51779 at NVD CVE-2023-6121 at SUSE CVE-2023-6121 at NVD CVE-2023-6606 at SUSE CVE-2023-6606 at NVD CVE-2023-6610 at SUSE CVE-2023-6610 at NVD CVE-2023-6931 at SUSE CVE-2023-6931 at NVD CVE-2023-6932 at SUSE CVE-2023-6932 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) Important SUSE bug 1222849 CVE-2024-32487 at SUSE CVE-2024-32487 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302) Moderate SUSE bug 1221984 SUSE bug 1222302 SUSE bug 1222453 CVE-2023-46842 at SUSE CVE-2023-46842 at NVD CVE-2024-2201 at SUSE CVE-2024-2201 at NVD CVE-2024-31142 at SUSE CVE-2024-31142 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) Important SUSE bug 1223100 CVE-2023-3758 at SUSE CVE-2023-3758 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Moderate SUSE bug 1222548 CVE-2024-2511 at SUSE CVE-2024-2511 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). Important SUSE bug 1190576 SUSE bug 1192145 SUSE bug 1200313 SUSE bug 1201489 SUSE bug 1203906 SUSE bug 1203935 SUSE bug 1204614 SUSE bug 1211592 SUSE bug 1218562 SUSE bug 1218917 SUSE bug 1219169 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220513 SUSE bug 1220755 SUSE bug 1220854 SUSE bug 1221113 SUSE bug 1221299 SUSE bug 1221543 SUSE bug 1221545 SUSE bug 1222449 SUSE bug 1222482 SUSE bug 1222503 SUSE bug 1222559 SUSE bug 1222585 SUSE bug 1222624 SUSE bug 1222666 SUSE bug 1222669 SUSE bug 1222709 SUSE bug 1222790 SUSE bug 1222792 SUSE bug 1222829 SUSE bug 1222876 SUSE bug 1222878 SUSE bug 1222881 SUSE bug 1222883 SUSE bug 1222894 SUSE bug 1222976 SUSE bug 1223016 SUSE bug 1223057 SUSE bug 1223111 SUSE bug 1223187 SUSE bug 1223202 SUSE bug 1223475 SUSE bug 1223482 SUSE bug 1223509 SUSE bug 1223513 SUSE bug 1223522 SUSE bug 1223824 SUSE bug 1223921 SUSE bug 1223923 SUSE bug 1223931 SUSE bug 1223941 SUSE bug 1223948 SUSE bug 1223952 SUSE bug 1223963 CVE-2021-46955 at SUSE CVE-2021-46955 at NVD CVE-2021-47041 at SUSE CVE-2021-47041 at NVD CVE-2021-47074 at SUSE CVE-2021-47074 at NVD CVE-2021-47113 at SUSE CVE-2021-47113 at NVD CVE-2021-47131 at SUSE CVE-2021-47131 at NVD CVE-2021-47184 at SUSE CVE-2021-47184 at NVD CVE-2021-47185 at SUSE CVE-2021-47185 at NVD CVE-2021-47194 at SUSE CVE-2021-47194 at NVD CVE-2021-47198 at SUSE CVE-2021-47198 at NVD CVE-2021-47201 at SUSE CVE-2021-47201 at NVD CVE-2021-47202 at SUSE CVE-2021-47202 at NVD CVE-2021-47203 at SUSE CVE-2021-47203 at NVD CVE-2021-47206 at SUSE CVE-2021-47206 at NVD CVE-2021-47207 at SUSE CVE-2021-47207 at NVD CVE-2021-47212 at SUSE CVE-2021-47212 at NVD CVE-2021-47216 at SUSE CVE-2021-47216 at NVD CVE-2022-48631 at SUSE CVE-2022-48631 at NVD CVE-2022-48638 at SUSE CVE-2022-48638 at NVD CVE-2022-48650 at SUSE CVE-2022-48650 at NVD CVE-2022-48651 at SUSE CVE-2022-48651 at NVD CVE-2022-48654 at SUSE CVE-2022-48654 at NVD CVE-2022-48672 at SUSE CVE-2022-48672 at NVD CVE-2022-48686 at SUSE CVE-2022-48686 at NVD CVE-2022-48687 at SUSE CVE-2022-48687 at NVD CVE-2022-48693 at SUSE CVE-2022-48693 at NVD CVE-2022-48695 at SUSE CVE-2022-48695 at NVD CVE-2022-48701 at SUSE CVE-2022-48701 at NVD CVE-2022-48702 at SUSE CVE-2022-48702 at NVD CVE-2023-2860 at SUSE CVE-2023-2860 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-0841 at SUSE CVE-2024-0841 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-23307 at SUSE CVE-2024-23307 at NVD CVE-2024-26610 at SUSE CVE-2024-26610 at NVD CVE-2024-26688 at SUSE CVE-2024-26688 at NVD CVE-2024-26689 at SUSE CVE-2024-26689 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26744 at SUSE CVE-2024-26744 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26840 at SUSE CVE-2024-26840 at NVD CVE-2024-26852 at SUSE CVE-2024-26852 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26898 at SUSE CVE-2024-26898 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). Important SUSE bug 1190576 SUSE bug 1192145 SUSE bug 1200313 SUSE bug 1201489 SUSE bug 1203906 SUSE bug 1203935 SUSE bug 1204614 SUSE bug 1211592 SUSE bug 1218562 SUSE bug 1218917 SUSE bug 1219169 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220513 SUSE bug 1220755 SUSE bug 1220854 SUSE bug 1221113 SUSE bug 1221299 SUSE bug 1221543 SUSE bug 1221545 SUSE bug 1222449 SUSE bug 1222482 SUSE bug 1222503 SUSE bug 1222559 SUSE bug 1222624 SUSE bug 1222666 SUSE bug 1222709 SUSE bug 1222790 SUSE bug 1222792 SUSE bug 1222829 SUSE bug 1222876 SUSE bug 1222881 SUSE bug 1222883 SUSE bug 1222894 SUSE bug 1222976 SUSE bug 1223016 SUSE bug 1223057 SUSE bug 1223111 SUSE bug 1223187 SUSE bug 1223202 SUSE bug 1223475 SUSE bug 1223482 SUSE bug 1223509 SUSE bug 1223513 SUSE bug 1223522 SUSE bug 1223824 SUSE bug 1223921 SUSE bug 1223923 SUSE bug 1223931 SUSE bug 1223941 SUSE bug 1223948 SUSE bug 1223952 SUSE bug 1223963 CVE-2021-46955 at SUSE CVE-2021-46955 at NVD CVE-2021-47041 at SUSE CVE-2021-47041 at NVD CVE-2021-47074 at SUSE CVE-2021-47074 at NVD CVE-2021-47113 at SUSE CVE-2021-47113 at NVD CVE-2021-47131 at SUSE CVE-2021-47131 at NVD CVE-2021-47184 at SUSE CVE-2021-47184 at NVD CVE-2021-47194 at SUSE CVE-2021-47194 at NVD CVE-2021-47198 at SUSE CVE-2021-47198 at NVD CVE-2021-47201 at SUSE CVE-2021-47201 at NVD CVE-2021-47203 at SUSE CVE-2021-47203 at NVD CVE-2021-47206 at SUSE CVE-2021-47206 at NVD CVE-2021-47207 at SUSE CVE-2021-47207 at NVD CVE-2021-47212 at SUSE CVE-2021-47212 at NVD CVE-2021-47216 at SUSE CVE-2021-47216 at NVD CVE-2022-48631 at SUSE CVE-2022-48631 at NVD CVE-2022-48638 at SUSE CVE-2022-48638 at NVD CVE-2022-48650 at SUSE CVE-2022-48650 at NVD CVE-2022-48651 at SUSE CVE-2022-48651 at NVD CVE-2022-48654 at SUSE CVE-2022-48654 at NVD CVE-2022-48672 at SUSE CVE-2022-48672 at NVD CVE-2022-48686 at SUSE CVE-2022-48686 at NVD CVE-2022-48687 at SUSE CVE-2022-48687 at NVD CVE-2022-48693 at SUSE CVE-2022-48693 at NVD CVE-2022-48695 at SUSE CVE-2022-48695 at NVD CVE-2022-48701 at SUSE CVE-2022-48701 at NVD CVE-2022-48702 at SUSE CVE-2022-48702 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-23307 at SUSE CVE-2024-23307 at NVD CVE-2024-26610 at SUSE CVE-2024-26610 at NVD CVE-2024-26688 at SUSE CVE-2024-26688 at NVD CVE-2024-26689 at SUSE CVE-2024-26689 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26744 at SUSE CVE-2024-26744 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26840 at SUSE CVE-2024-26840 at NVD CVE-2024-26852 at SUSE CVE-2024-26852 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26898 at SUSE CVE-2024-26898 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) Important SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1213638 CVE-2018-6798 at SUSE CVE-2018-6798 at NVD CVE-2018-6913 at SUSE CVE-2018-6913 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed a potential security vulnerability in some Intel? Processors that may have allowed information disclosure. - CVE-2023-46103: Fixed a potential security vulnerability in Intel? Core™ Ultra Processors that may have allowed denial of service. - CVE-2023-45745,CVE-2023-47855: Fixed a potential security vulnerabilities in some Intel? Trust Domain Extensions (TDX) module software that may have allowed escalation of privilege. Important SUSE bug 1224277 CVE-2023-45733 at SUSE CVE-2023-45733 at NVD CVE-2023-45745 at SUSE CVE-2023-45745 at NVD CVE-2023-46103 at SUSE CVE-2023-46103 at NVD CVE-2023-47855 at SUSE CVE-2023-47855 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for opensc fixes the following issues: - CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386) Moderate SUSE bug 1219386 CVE-2023-5992 at SUSE CVE-2023-5992 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). Important SUSE bug 1219559 SUSE bug 1220664 SUSE bug 1221563 SUSE bug 1221854 SUSE bug 1222075 CVE-2023-52425 at SUSE CVE-2023-52425 at NVD CVE-2024-0450 at SUSE CVE-2024-0450 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) Moderate SUSE bug 1218722 SUSE bug 1223980 CVE-2024-22195 at SUSE CVE-2024-22195 at NVD CVE-2024-34064 at SUSE CVE-2024-34064 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). Moderate SUSE bug 1224788 CVE-2024-35195 at SUSE CVE-2024-35195 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) Important SUSE bug 1221940 SUSE bug 1223423 SUSE bug 1223424 SUSE bug 1223425 CVE-2024-33599 at SUSE CVE-2024-33599 at NVD CVE-2024-33600 at SUSE CVE-2024-33600 at NVD CVE-2024-33601 at SUSE CVE-2024-33601 at NVD CVE-2024-33602 at SUSE CVE-2024-33602 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273) Moderate SUSE bug 1219273 CVE-2023-27534 at SUSE CVE-2023-27534 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1152472 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1174585 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176869 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1184631 SUSE bug 1185589 SUSE bug 1185902 SUSE bug 1186885 SUSE bug 1188616 SUSE bug 1188772 SUSE bug 1189883 SUSE bug 1190795 SUSE bug 1191452 SUSE bug 1192107 SUSE bug 1194288 SUSE bug 1194591 SUSE bug 1196956 SUSE bug 1197760 SUSE bug 1198029 SUSE bug 1199304 SUSE bug 1200619 SUSE bug 1203389 SUSE bug 1206646 SUSE bug 1209657 SUSE bug 1210335 SUSE bug 1210629 SUSE bug 1213476 SUSE bug 1215420 SUSE bug 1216702 SUSE bug 1217169 SUSE bug 1220137 SUSE bug 1220144 SUSE bug 1220754 SUSE bug 1220877 SUSE bug 1220960 SUSE bug 1221044 SUSE bug 1221113 SUSE bug 1221829 SUSE bug 1222251 SUSE bug 1222619 SUSE bug 1222838 SUSE bug 1222867 SUSE bug 1223084 SUSE bug 1223138 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223512 SUSE bug 1223626 SUSE bug 1223715 SUSE bug 1223932 SUSE bug 1223934 SUSE bug 1224099 SUSE bug 1224174 SUSE bug 1224438 SUSE bug 1224482 SUSE bug 1224511 SUSE bug 1224592 SUSE bug 1224816 SUSE bug 1224826 SUSE bug 1224830 SUSE bug 1224831 SUSE bug 1224832 SUSE bug 1224834 SUSE bug 1224841 SUSE bug 1224842 SUSE bug 1224843 SUSE bug 1224844 SUSE bug 1224846 SUSE bug 1224849 SUSE bug 1224852 SUSE bug 1224853 SUSE bug 1224854 SUSE bug 1224859 SUSE bug 1224882 SUSE bug 1224886 SUSE bug 1224888 SUSE bug 1224889 SUSE bug 1224891 SUSE bug 1224892 SUSE bug 1224893 SUSE bug 1224899 SUSE bug 1224904 SUSE bug 1224907 SUSE bug 1224909 SUSE bug 1224916 SUSE bug 1224917 SUSE bug 1224922 SUSE bug 1224923 SUSE bug 1224924 SUSE bug 1224926 SUSE bug 1224928 SUSE bug 1224953 SUSE bug 1224954 SUSE bug 1224955 SUSE bug 1224957 SUSE bug 1224961 SUSE bug 1224963 SUSE bug 1224965 SUSE bug 1224966 SUSE bug 1224968 SUSE bug 1224981 SUSE bug 1224982 SUSE bug 1224983 SUSE bug 1224984 SUSE bug 1224987 SUSE bug 1224990 SUSE bug 1224993 SUSE bug 1224996 SUSE bug 1224997 SUSE bug 1225026 SUSE bug 1225030 SUSE bug 1225058 SUSE bug 1225060 SUSE bug 1225083 SUSE bug 1225084 SUSE bug 1225091 SUSE bug 1225112 SUSE bug 1225113 SUSE bug 1225128 SUSE bug 1225140 SUSE bug 1225143 SUSE bug 1225148 SUSE bug 1225155 SUSE bug 1225164 SUSE bug 1225177 SUSE bug 1225178 SUSE bug 1225181 SUSE bug 1225192 SUSE bug 1225193 SUSE bug 1225198 SUSE bug 1225201 SUSE bug 1225206 SUSE bug 1225207 SUSE bug 1225208 SUSE bug 1225214 SUSE bug 1225223 SUSE bug 1225224 SUSE bug 1225230 SUSE bug 1225232 SUSE bug 1225233 SUSE bug 1225237 SUSE bug 1225238 SUSE bug 1225243 SUSE bug 1225244 SUSE bug 1225247 SUSE bug 1225251 SUSE bug 1225252 SUSE bug 1225256 SUSE bug 1225261 SUSE bug 1225262 SUSE bug 1225263 SUSE bug 1225301 SUSE bug 1225303 SUSE bug 1225316 SUSE bug 1225318 SUSE bug 1225320 SUSE bug 1225321 SUSE bug 1225322 SUSE bug 1225326 SUSE bug 1225327 SUSE bug 1225328 SUSE bug 1225330 SUSE bug 1225333 SUSE bug 1225336 SUSE bug 1225341 SUSE bug 1225346 SUSE bug 1225351 SUSE bug 1225354 SUSE bug 1225355 SUSE bug 1225357 SUSE bug 1225358 SUSE bug 1225360 SUSE bug 1225361 SUSE bug 1225366 SUSE bug 1225367 SUSE bug 1225369 SUSE bug 1225370 SUSE bug 1225372 SUSE bug 1225374 SUSE bug 1225384 SUSE bug 1225386 SUSE bug 1225387 SUSE bug 1225390 SUSE bug 1225393 SUSE bug 1225400 SUSE bug 1225404 SUSE bug 1225405 SUSE bug 1225409 SUSE bug 1225411 SUSE bug 1225424 SUSE bug 1225427 SUSE bug 1225435 SUSE bug 1225437 SUSE bug 1225438 SUSE bug 1225439 SUSE bug 1225446 SUSE bug 1225447 SUSE bug 1225448 SUSE bug 1225450 SUSE bug 1225453 SUSE bug 1225455 SUSE bug 1225468 SUSE bug 1225499 SUSE bug 1225500 SUSE bug 1225508 SUSE bug 1225534 CVE-2020-36788 at SUSE CVE-2020-36788 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD CVE-2021-43527 at SUSE CVE-2021-43527 at NVD CVE-2021-47104 at SUSE CVE-2021-47104 at NVD CVE-2021-47192 at SUSE CVE-2021-47192 at NVD CVE-2021-47200 at SUSE CVE-2021-47200 at NVD CVE-2021-47220 at SUSE CVE-2021-47220 at NVD CVE-2021-47227 at SUSE CVE-2021-47227 at NVD CVE-2021-47228 at SUSE CVE-2021-47228 at NVD CVE-2021-47229 at SUSE CVE-2021-47229 at NVD CVE-2021-47230 at SUSE CVE-2021-47230 at NVD CVE-2021-47231 at SUSE CVE-2021-47231 at NVD CVE-2021-47235 at SUSE CVE-2021-47235 at NVD CVE-2021-47236 at SUSE CVE-2021-47236 at NVD CVE-2021-47237 at SUSE CVE-2021-47237 at NVD CVE-2021-47239 at SUSE CVE-2021-47239 at NVD CVE-2021-47240 at SUSE CVE-2021-47240 at NVD CVE-2021-47241 at SUSE CVE-2021-47241 at NVD CVE-2021-47246 at SUSE CVE-2021-47246 at NVD CVE-2021-47252 at SUSE CVE-2021-47252 at NVD CVE-2021-47253 at SUSE CVE-2021-47253 at NVD CVE-2021-47254 at SUSE CVE-2021-47254 at NVD CVE-2021-47255 at SUSE CVE-2021-47255 at NVD CVE-2021-47258 at SUSE CVE-2021-47258 at NVD CVE-2021-47259 at SUSE CVE-2021-47259 at NVD CVE-2021-47260 at SUSE CVE-2021-47260 at NVD CVE-2021-47261 at SUSE CVE-2021-47261 at NVD CVE-2021-47263 at SUSE CVE-2021-47263 at NVD CVE-2021-47265 at SUSE CVE-2021-47265 at NVD CVE-2021-47267 at SUSE CVE-2021-47267 at NVD CVE-2021-47269 at SUSE CVE-2021-47269 at NVD CVE-2021-47270 at SUSE CVE-2021-47270 at NVD CVE-2021-47274 at SUSE CVE-2021-47274 at NVD CVE-2021-47275 at SUSE CVE-2021-47275 at NVD CVE-2021-47276 at SUSE CVE-2021-47276 at NVD CVE-2021-47280 at SUSE CVE-2021-47280 at NVD CVE-2021-47281 at SUSE CVE-2021-47281 at NVD CVE-2021-47284 at SUSE CVE-2021-47284 at NVD CVE-2021-47285 at SUSE CVE-2021-47285 at NVD CVE-2021-47288 at SUSE CVE-2021-47288 at NVD CVE-2021-47289 at SUSE CVE-2021-47289 at NVD CVE-2021-47296 at SUSE CVE-2021-47296 at NVD CVE-2021-47301 at SUSE CVE-2021-47301 at NVD CVE-2021-47302 at SUSE CVE-2021-47302 at NVD CVE-2021-47305 at SUSE CVE-2021-47305 at NVD CVE-2021-47307 at SUSE CVE-2021-47307 at NVD CVE-2021-47308 at SUSE CVE-2021-47308 at NVD CVE-2021-47314 at SUSE CVE-2021-47314 at NVD CVE-2021-47315 at SUSE CVE-2021-47315 at NVD CVE-2021-47320 at SUSE CVE-2021-47320 at NVD CVE-2021-47321 at SUSE CVE-2021-47321 at NVD CVE-2021-47323 at SUSE CVE-2021-47323 at NVD CVE-2021-47324 at SUSE CVE-2021-47324 at NVD CVE-2021-47329 at SUSE CVE-2021-47329 at NVD CVE-2021-47330 at SUSE CVE-2021-47330 at NVD CVE-2021-47332 at SUSE CVE-2021-47332 at NVD CVE-2021-47333 at SUSE CVE-2021-47333 at NVD CVE-2021-47334 at SUSE CVE-2021-47334 at NVD CVE-2021-47337 at SUSE CVE-2021-47337 at NVD CVE-2021-47338 at SUSE CVE-2021-47338 at NVD CVE-2021-47340 at SUSE CVE-2021-47340 at NVD CVE-2021-47341 at SUSE CVE-2021-47341 at NVD CVE-2021-47343 at SUSE CVE-2021-47343 at NVD CVE-2021-47344 at SUSE CVE-2021-47344 at NVD CVE-2021-47347 at SUSE CVE-2021-47347 at NVD CVE-2021-47348 at SUSE CVE-2021-47348 at NVD CVE-2021-47350 at SUSE CVE-2021-47350 at NVD CVE-2021-47353 at SUSE CVE-2021-47353 at NVD CVE-2021-47354 at SUSE CVE-2021-47354 at NVD CVE-2021-47356 at SUSE CVE-2021-47356 at NVD CVE-2021-47369 at SUSE CVE-2021-47369 at NVD CVE-2021-47375 at SUSE CVE-2021-47375 at NVD CVE-2021-47378 at SUSE CVE-2021-47378 at NVD CVE-2021-47381 at SUSE CVE-2021-47381 at NVD CVE-2021-47382 at SUSE CVE-2021-47382 at NVD CVE-2021-47383 at SUSE CVE-2021-47383 at NVD CVE-2021-47387 at SUSE CVE-2021-47387 at NVD CVE-2021-47388 at SUSE CVE-2021-47388 at NVD CVE-2021-47391 at SUSE CVE-2021-47391 at NVD CVE-2021-47392 at SUSE CVE-2021-47392 at NVD CVE-2021-47393 at SUSE CVE-2021-47393 at NVD CVE-2021-47395 at SUSE CVE-2021-47395 at NVD CVE-2021-47396 at SUSE CVE-2021-47396 at NVD CVE-2021-47399 at SUSE CVE-2021-47399 at NVD CVE-2021-47402 at SUSE CVE-2021-47402 at NVD CVE-2021-47404 at SUSE CVE-2021-47404 at NVD CVE-2021-47405 at SUSE CVE-2021-47405 at NVD CVE-2021-47409 at SUSE CVE-2021-47409 at NVD CVE-2021-47413 at SUSE CVE-2021-47413 at NVD CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2021-47422 at SUSE CVE-2021-47422 at NVD CVE-2021-47423 at SUSE CVE-2021-47423 at NVD CVE-2021-47424 at SUSE CVE-2021-47424 at NVD CVE-2021-47425 at SUSE CVE-2021-47425 at NVD CVE-2021-47426 at SUSE CVE-2021-47426 at NVD CVE-2021-47428 at SUSE CVE-2021-47428 at NVD CVE-2021-47431 at SUSE CVE-2021-47431 at NVD CVE-2021-47434 at SUSE CVE-2021-47434 at NVD CVE-2021-47435 at SUSE CVE-2021-47435 at NVD CVE-2021-47436 at SUSE CVE-2021-47436 at NVD CVE-2021-47441 at SUSE CVE-2021-47441 at NVD CVE-2021-47442 at SUSE CVE-2021-47442 at NVD CVE-2021-47443 at SUSE CVE-2021-47443 at NVD CVE-2021-47444 at SUSE CVE-2021-47444 at NVD CVE-2021-47445 at SUSE CVE-2021-47445 at NVD CVE-2021-47451 at SUSE CVE-2021-47451 at NVD CVE-2021-47456 at SUSE CVE-2021-47456 at NVD CVE-2021-47458 at SUSE CVE-2021-47458 at NVD CVE-2021-47460 at SUSE CVE-2021-47460 at NVD CVE-2021-47464 at SUSE CVE-2021-47464 at NVD CVE-2021-47465 at SUSE CVE-2021-47465 at NVD CVE-2021-47468 at SUSE CVE-2021-47468 at NVD CVE-2021-47473 at SUSE CVE-2021-47473 at NVD CVE-2021-47478 at SUSE CVE-2021-47478 at NVD CVE-2021-47480 at SUSE CVE-2021-47480 at NVD CVE-2021-47482 at SUSE CVE-2021-47482 at NVD CVE-2021-47483 at SUSE CVE-2021-47483 at NVD CVE-2021-47485 at SUSE CVE-2021-47485 at NVD CVE-2021-47493 at SUSE CVE-2021-47493 at NVD CVE-2021-47494 at SUSE CVE-2021-47494 at NVD CVE-2021-47495 at SUSE CVE-2021-47495 at NVD CVE-2021-47496 at SUSE CVE-2021-47496 at NVD CVE-2021-47497 at SUSE CVE-2021-47497 at NVD CVE-2021-47498 at SUSE CVE-2021-47498 at NVD CVE-2021-47499 at SUSE CVE-2021-47499 at NVD CVE-2021-47500 at SUSE CVE-2021-47500 at NVD CVE-2021-47501 at SUSE CVE-2021-47501 at NVD CVE-2021-47502 at SUSE CVE-2021-47502 at NVD CVE-2021-47503 at SUSE CVE-2021-47503 at NVD CVE-2021-47505 at SUSE CVE-2021-47505 at NVD CVE-2021-47506 at SUSE CVE-2021-47506 at NVD CVE-2021-47507 at SUSE CVE-2021-47507 at NVD CVE-2021-47509 at SUSE CVE-2021-47509 at NVD CVE-2021-47511 at SUSE CVE-2021-47511 at NVD CVE-2021-47512 at SUSE CVE-2021-47512 at NVD CVE-2021-47516 at SUSE CVE-2021-47516 at NVD CVE-2021-47518 at SUSE CVE-2021-47518 at NVD CVE-2021-47521 at SUSE CVE-2021-47521 at NVD CVE-2021-47522 at SUSE CVE-2021-47522 at NVD CVE-2021-47523 at SUSE CVE-2021-47523 at NVD CVE-2021-47535 at SUSE CVE-2021-47535 at NVD CVE-2021-47536 at SUSE CVE-2021-47536 at NVD CVE-2021-47538 at SUSE CVE-2021-47538 at NVD CVE-2021-47540 at SUSE CVE-2021-47540 at NVD CVE-2021-47541 at SUSE CVE-2021-47541 at NVD CVE-2021-47542 at SUSE CVE-2021-47542 at NVD CVE-2021-47549 at SUSE CVE-2021-47549 at NVD CVE-2021-47557 at SUSE CVE-2021-47557 at NVD CVE-2021-47562 at SUSE CVE-2021-47562 at NVD CVE-2021-47563 at SUSE CVE-2021-47563 at NVD CVE-2021-47565 at SUSE CVE-2021-47565 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-48636 at SUSE CVE-2022-48636 at NVD CVE-2022-48673 at SUSE CVE-2022-48673 at NVD CVE-2022-48704 at SUSE CVE-2022-48704 at NVD CVE-2022-48710 at SUSE CVE-2022-48710 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1829 at SUSE CVE-2023-1829 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52433 at SUSE CVE-2023-52433 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-52655 at SUSE CVE-2023-52655 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2024-26581 at SUSE CVE-2024-26581 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26828 at SUSE CVE-2024-26828 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26929 at SUSE CVE-2024-26929 at NVD CVE-2024-26930 at SUSE CVE-2024-26930 at NVD CVE-2024-27398 at SUSE CVE-2024-27398 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Important SUSE bug 1225551 CVE-2024-4741 at SUSE CVE-2024-4741 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122) - CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136) Important SUSE bug 1224122 SUSE bug 1226136 CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). Important SUSE bug 1221400 SUSE bug 1224323 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1152472 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1174585 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176869 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1184631 SUSE bug 1185570 SUSE bug 1185589 SUSE bug 1185902 SUSE bug 1186885 SUSE bug 1187357 SUSE bug 1188616 SUSE bug 1188772 SUSE bug 1189883 SUSE bug 1190795 SUSE bug 1191452 SUSE bug 1192107 SUSE bug 1194288 SUSE bug 1194591 SUSE bug 1196956 SUSE bug 1197760 SUSE bug 1198029 SUSE bug 1199304 SUSE bug 1200619 SUSE bug 1203389 SUSE bug 1206646 SUSE bug 1209657 SUSE bug 1210335 SUSE bug 1210629 SUSE bug 1213476 SUSE bug 1215420 SUSE bug 1216702 SUSE bug 1217169 SUSE bug 1220137 SUSE bug 1220144 SUSE bug 1220754 SUSE bug 1220877 SUSE bug 1220960 SUSE bug 1221044 SUSE bug 1221113 SUSE bug 1221829 SUSE bug 1222251 SUSE bug 1222619 SUSE bug 1222838 SUSE bug 1222867 SUSE bug 1223084 SUSE bug 1223138 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223512 SUSE bug 1223932 SUSE bug 1223934 SUSE bug 1224099 SUSE bug 1224174 SUSE bug 1224438 SUSE bug 1224482 SUSE bug 1224511 SUSE bug 1224592 SUSE bug 1224816 SUSE bug 1224826 SUSE bug 1224830 SUSE bug 1224831 SUSE bug 1224832 SUSE bug 1224834 SUSE bug 1224841 SUSE bug 1224842 SUSE bug 1224843 SUSE bug 1224844 SUSE bug 1224846 SUSE bug 1224849 SUSE bug 1224852 SUSE bug 1224853 SUSE bug 1224854 SUSE bug 1224859 SUSE bug 1224882 SUSE bug 1224886 SUSE bug 1224888 SUSE bug 1224889 SUSE bug 1224891 SUSE bug 1224892 SUSE bug 1224893 SUSE bug 1224899 SUSE bug 1224904 SUSE bug 1224907 SUSE bug 1224909 SUSE bug 1224916 SUSE bug 1224917 SUSE bug 1224922 SUSE bug 1224923 SUSE bug 1224924 SUSE bug 1224926 SUSE bug 1224928 SUSE bug 1224953 SUSE bug 1224954 SUSE bug 1224955 SUSE bug 1224957 SUSE bug 1224961 SUSE bug 1224963 SUSE bug 1224965 SUSE bug 1224966 SUSE bug 1224968 SUSE bug 1224981 SUSE bug 1224982 SUSE bug 1224983 SUSE bug 1224984 SUSE bug 1224987 SUSE bug 1224990 SUSE bug 1224993 SUSE bug 1224996 SUSE bug 1224997 SUSE bug 1225026 SUSE bug 1225030 SUSE bug 1225058 SUSE bug 1225060 SUSE bug 1225083 SUSE bug 1225084 SUSE bug 1225091 SUSE bug 1225112 SUSE bug 1225113 SUSE bug 1225128 SUSE bug 1225140 SUSE bug 1225143 SUSE bug 1225148 SUSE bug 1225155 SUSE bug 1225164 SUSE bug 1225177 SUSE bug 1225178 SUSE bug 1225181 SUSE bug 1225192 SUSE bug 1225193 SUSE bug 1225198 SUSE bug 1225201 SUSE bug 1225206 SUSE bug 1225207 SUSE bug 1225208 SUSE bug 1225214 SUSE bug 1225223 SUSE bug 1225224 SUSE bug 1225230 SUSE bug 1225232 SUSE bug 1225233 SUSE bug 1225237 SUSE bug 1225238 SUSE bug 1225243 SUSE bug 1225244 SUSE bug 1225247 SUSE bug 1225251 SUSE bug 1225252 SUSE bug 1225256 SUSE bug 1225261 SUSE bug 1225262 SUSE bug 1225263 SUSE bug 1225301 SUSE bug 1225303 SUSE bug 1225316 SUSE bug 1225318 SUSE bug 1225320 SUSE bug 1225321 SUSE bug 1225322 SUSE bug 1225326 SUSE bug 1225327 SUSE bug 1225328 SUSE bug 1225330 SUSE bug 1225333 SUSE bug 1225336 SUSE bug 1225341 SUSE bug 1225346 SUSE bug 1225351 SUSE bug 1225354 SUSE bug 1225355 SUSE bug 1225357 SUSE bug 1225358 SUSE bug 1225360 SUSE bug 1225361 SUSE bug 1225366 SUSE bug 1225367 SUSE bug 1225369 SUSE bug 1225370 SUSE bug 1225372 SUSE bug 1225374 SUSE bug 1225384 SUSE bug 1225386 SUSE bug 1225387 SUSE bug 1225390 SUSE bug 1225393 SUSE bug 1225400 SUSE bug 1225404 SUSE bug 1225405 SUSE bug 1225409 SUSE bug 1225411 SUSE bug 1225424 SUSE bug 1225427 SUSE bug 1225435 SUSE bug 1225437 SUSE bug 1225438 SUSE bug 1225439 SUSE bug 1225446 SUSE bug 1225447 SUSE bug 1225448 SUSE bug 1225450 SUSE bug 1225453 SUSE bug 1225455 SUSE bug 1225468 SUSE bug 1225499 SUSE bug 1225500 SUSE bug 1225508 SUSE bug 1225534 CVE-2020-36788 at SUSE CVE-2020-36788 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD CVE-2021-43527 at SUSE CVE-2021-43527 at NVD CVE-2021-47104 at SUSE CVE-2021-47104 at NVD CVE-2021-47192 at SUSE CVE-2021-47192 at NVD CVE-2021-47200 at SUSE CVE-2021-47200 at NVD CVE-2021-47220 at SUSE CVE-2021-47220 at NVD CVE-2021-47227 at SUSE CVE-2021-47227 at NVD CVE-2021-47228 at SUSE CVE-2021-47228 at NVD CVE-2021-47229 at SUSE CVE-2021-47229 at NVD CVE-2021-47230 at SUSE CVE-2021-47230 at NVD CVE-2021-47231 at SUSE CVE-2021-47231 at NVD CVE-2021-47235 at SUSE CVE-2021-47235 at NVD CVE-2021-47236 at SUSE CVE-2021-47236 at NVD CVE-2021-47237 at SUSE CVE-2021-47237 at NVD CVE-2021-47239 at SUSE CVE-2021-47239 at NVD CVE-2021-47240 at SUSE CVE-2021-47240 at NVD CVE-2021-47241 at SUSE CVE-2021-47241 at NVD CVE-2021-47246 at SUSE CVE-2021-47246 at NVD CVE-2021-47252 at SUSE CVE-2021-47252 at NVD CVE-2021-47253 at SUSE CVE-2021-47253 at NVD CVE-2021-47254 at SUSE CVE-2021-47254 at NVD CVE-2021-47255 at SUSE CVE-2021-47255 at NVD CVE-2021-47258 at SUSE CVE-2021-47258 at NVD CVE-2021-47259 at SUSE CVE-2021-47259 at NVD CVE-2021-47260 at SUSE CVE-2021-47260 at NVD CVE-2021-47261 at SUSE CVE-2021-47261 at NVD CVE-2021-47263 at SUSE CVE-2021-47263 at NVD CVE-2021-47265 at SUSE CVE-2021-47265 at NVD CVE-2021-47267 at SUSE CVE-2021-47267 at NVD CVE-2021-47269 at SUSE CVE-2021-47269 at NVD CVE-2021-47270 at SUSE CVE-2021-47270 at NVD CVE-2021-47274 at SUSE CVE-2021-47274 at NVD CVE-2021-47275 at SUSE CVE-2021-47275 at NVD CVE-2021-47276 at SUSE CVE-2021-47276 at NVD CVE-2021-47280 at SUSE CVE-2021-47280 at NVD CVE-2021-47281 at SUSE CVE-2021-47281 at NVD CVE-2021-47284 at SUSE CVE-2021-47284 at NVD CVE-2021-47285 at SUSE CVE-2021-47285 at NVD CVE-2021-47288 at SUSE CVE-2021-47288 at NVD CVE-2021-47289 at SUSE CVE-2021-47289 at NVD CVE-2021-47296 at SUSE CVE-2021-47296 at NVD CVE-2021-47301 at SUSE CVE-2021-47301 at NVD CVE-2021-47302 at SUSE CVE-2021-47302 at NVD CVE-2021-47305 at SUSE CVE-2021-47305 at NVD CVE-2021-47307 at SUSE CVE-2021-47307 at NVD CVE-2021-47308 at SUSE CVE-2021-47308 at NVD CVE-2021-47314 at SUSE CVE-2021-47314 at NVD CVE-2021-47315 at SUSE CVE-2021-47315 at NVD CVE-2021-47320 at SUSE CVE-2021-47320 at NVD CVE-2021-47321 at SUSE CVE-2021-47321 at NVD CVE-2021-47323 at SUSE CVE-2021-47323 at NVD CVE-2021-47324 at SUSE CVE-2021-47324 at NVD CVE-2021-47329 at SUSE CVE-2021-47329 at NVD CVE-2021-47330 at SUSE CVE-2021-47330 at NVD CVE-2021-47332 at SUSE CVE-2021-47332 at NVD CVE-2021-47333 at SUSE CVE-2021-47333 at NVD CVE-2021-47334 at SUSE CVE-2021-47334 at NVD CVE-2021-47337 at SUSE CVE-2021-47337 at NVD CVE-2021-47338 at SUSE CVE-2021-47338 at NVD CVE-2021-47340 at SUSE CVE-2021-47340 at NVD CVE-2021-47341 at SUSE CVE-2021-47341 at NVD CVE-2021-47343 at SUSE CVE-2021-47343 at NVD CVE-2021-47344 at SUSE CVE-2021-47344 at NVD CVE-2021-47347 at SUSE CVE-2021-47347 at NVD CVE-2021-47348 at SUSE CVE-2021-47348 at NVD CVE-2021-47350 at SUSE CVE-2021-47350 at NVD CVE-2021-47353 at SUSE CVE-2021-47353 at NVD CVE-2021-47354 at SUSE CVE-2021-47354 at NVD CVE-2021-47356 at SUSE CVE-2021-47356 at NVD CVE-2021-47369 at SUSE CVE-2021-47369 at NVD CVE-2021-47375 at SUSE CVE-2021-47375 at NVD CVE-2021-47378 at SUSE CVE-2021-47378 at NVD CVE-2021-47381 at SUSE CVE-2021-47381 at NVD CVE-2021-47382 at SUSE CVE-2021-47382 at NVD CVE-2021-47383 at SUSE CVE-2021-47383 at NVD CVE-2021-47387 at SUSE CVE-2021-47387 at NVD CVE-2021-47388 at SUSE CVE-2021-47388 at NVD CVE-2021-47391 at SUSE CVE-2021-47391 at NVD CVE-2021-47392 at SUSE CVE-2021-47392 at NVD CVE-2021-47393 at SUSE CVE-2021-47393 at NVD CVE-2021-47395 at SUSE CVE-2021-47395 at NVD CVE-2021-47396 at SUSE CVE-2021-47396 at NVD CVE-2021-47399 at SUSE CVE-2021-47399 at NVD CVE-2021-47402 at SUSE CVE-2021-47402 at NVD CVE-2021-47404 at SUSE CVE-2021-47404 at NVD CVE-2021-47405 at SUSE CVE-2021-47405 at NVD CVE-2021-47409 at SUSE CVE-2021-47409 at NVD CVE-2021-47413 at SUSE CVE-2021-47413 at NVD CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2021-47422 at SUSE CVE-2021-47422 at NVD CVE-2021-47423 at SUSE CVE-2021-47423 at NVD CVE-2021-47424 at SUSE CVE-2021-47424 at NVD CVE-2021-47425 at SUSE CVE-2021-47425 at NVD CVE-2021-47426 at SUSE CVE-2021-47426 at NVD CVE-2021-47428 at SUSE CVE-2021-47428 at NVD CVE-2021-47431 at SUSE CVE-2021-47431 at NVD CVE-2021-47434 at SUSE CVE-2021-47434 at NVD CVE-2021-47435 at SUSE CVE-2021-47435 at NVD CVE-2021-47436 at SUSE CVE-2021-47436 at NVD CVE-2021-47441 at SUSE CVE-2021-47441 at NVD CVE-2021-47442 at SUSE CVE-2021-47442 at NVD CVE-2021-47443 at SUSE CVE-2021-47443 at NVD CVE-2021-47444 at SUSE CVE-2021-47444 at NVD CVE-2021-47445 at SUSE CVE-2021-47445 at NVD CVE-2021-47451 at SUSE CVE-2021-47451 at NVD CVE-2021-47456 at SUSE CVE-2021-47456 at NVD CVE-2021-47458 at SUSE CVE-2021-47458 at NVD CVE-2021-47460 at SUSE CVE-2021-47460 at NVD CVE-2021-47464 at SUSE CVE-2021-47464 at NVD CVE-2021-47465 at SUSE CVE-2021-47465 at NVD CVE-2021-47468 at SUSE CVE-2021-47468 at NVD CVE-2021-47473 at SUSE CVE-2021-47473 at NVD CVE-2021-47478 at SUSE CVE-2021-47478 at NVD CVE-2021-47480 at SUSE CVE-2021-47480 at NVD CVE-2021-47482 at SUSE CVE-2021-47482 at NVD CVE-2021-47483 at SUSE CVE-2021-47483 at NVD CVE-2021-47485 at SUSE CVE-2021-47485 at NVD CVE-2021-47493 at SUSE CVE-2021-47493 at NVD CVE-2021-47494 at SUSE CVE-2021-47494 at NVD CVE-2021-47495 at SUSE CVE-2021-47495 at NVD CVE-2021-47496 at SUSE CVE-2021-47496 at NVD CVE-2021-47497 at SUSE CVE-2021-47497 at NVD CVE-2021-47498 at SUSE CVE-2021-47498 at NVD CVE-2021-47499 at SUSE CVE-2021-47499 at NVD CVE-2021-47500 at SUSE CVE-2021-47500 at NVD CVE-2021-47501 at SUSE CVE-2021-47501 at NVD CVE-2021-47502 at SUSE CVE-2021-47502 at NVD CVE-2021-47503 at SUSE CVE-2021-47503 at NVD CVE-2021-47505 at SUSE CVE-2021-47505 at NVD CVE-2021-47506 at SUSE CVE-2021-47506 at NVD CVE-2021-47507 at SUSE CVE-2021-47507 at NVD CVE-2021-47509 at SUSE CVE-2021-47509 at NVD CVE-2021-47511 at SUSE CVE-2021-47511 at NVD CVE-2021-47512 at SUSE CVE-2021-47512 at NVD CVE-2021-47516 at SUSE CVE-2021-47516 at NVD CVE-2021-47518 at SUSE CVE-2021-47518 at NVD CVE-2021-47521 at SUSE CVE-2021-47521 at NVD CVE-2021-47522 at SUSE CVE-2021-47522 at NVD CVE-2021-47523 at SUSE CVE-2021-47523 at NVD CVE-2021-47535 at SUSE CVE-2021-47535 at NVD CVE-2021-47536 at SUSE CVE-2021-47536 at NVD CVE-2021-47538 at SUSE CVE-2021-47538 at NVD CVE-2021-47540 at SUSE CVE-2021-47540 at NVD CVE-2021-47541 at SUSE CVE-2021-47541 at NVD CVE-2021-47542 at SUSE CVE-2021-47542 at NVD CVE-2021-47549 at SUSE CVE-2021-47549 at NVD CVE-2021-47557 at SUSE CVE-2021-47557 at NVD CVE-2021-47562 at SUSE CVE-2021-47562 at NVD CVE-2021-47563 at SUSE CVE-2021-47563 at NVD CVE-2021-47565 at SUSE CVE-2021-47565 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-48636 at SUSE CVE-2022-48636 at NVD CVE-2022-48673 at SUSE CVE-2022-48673 at NVD CVE-2022-48704 at SUSE CVE-2022-48704 at NVD CVE-2022-48710 at SUSE CVE-2022-48710 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1829 at SUSE CVE-2023-1829 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52433 at SUSE CVE-2023-52433 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-52655 at SUSE CVE-2023-52655 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2024-26581 at SUSE CVE-2024-26581 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26828 at SUSE CVE-2024-26828 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26929 at SUSE CVE-2024-26929 at NVD CVE-2024-26930 at SUSE CVE-2024-26930 at NVD CVE-2024-27398 at SUSE CVE-2024-27398 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). Low SUSE bug 1224044 CVE-2024-34397 at SUSE CVE-2024-34397 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python39 fixes the following issues: - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) Moderate SUSE bug 1226447 SUSE bug 1226448 CVE-2024-0397 at SUSE CVE-2024-0397 at NVD CVE-2024-4032 at SUSE CVE-2024-4032 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). Low SUSE bug 1224282 CVE-2024-34459 at SUSE CVE-2024-34459 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). Important SUSE bug 1227186 SUSE bug 1227187 CVE-2024-37370 at SUSE CVE-2024-37370 at NVD CVE-2024-37371 at SUSE CVE-2024-37371 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). Important SUSE bug 1156395 SUSE bug 1171988 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1181147 SUSE bug 1191958 SUSE bug 1195065 SUSE bug 1195254 SUSE bug 1195798 SUSE bug 1202623 SUSE bug 1218148 SUSE bug 1219224 SUSE bug 1219633 SUSE bug 1222015 SUSE bug 1223011 SUSE bug 1223384 SUSE bug 1224671 SUSE bug 1224703 SUSE bug 1224749 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224865 SUSE bug 1225010 SUSE bug 1225047 SUSE bug 1225109 SUSE bug 1225161 SUSE bug 1225184 SUSE bug 1225203 SUSE bug 1225487 SUSE bug 1225518 SUSE bug 1225611 SUSE bug 1225732 SUSE bug 1225749 SUSE bug 1225840 SUSE bug 1225866 SUSE bug 1226226 SUSE bug 1226537 SUSE bug 1226552 SUSE bug 1226554 SUSE bug 1226557 SUSE bug 1226558 SUSE bug 1226562 SUSE bug 1226563 SUSE bug 1226575 SUSE bug 1226583 SUSE bug 1226585 SUSE bug 1226587 SUSE bug 1226595 SUSE bug 1226614 SUSE bug 1226619 SUSE bug 1226621 SUSE bug 1226624 SUSE bug 1226643 SUSE bug 1226644 SUSE bug 1226645 SUSE bug 1226647 SUSE bug 1226650 SUSE bug 1226669 SUSE bug 1226670 SUSE bug 1226672 SUSE bug 1226674 SUSE bug 1226679 SUSE bug 1226686 SUSE bug 1226691 SUSE bug 1226692 SUSE bug 1226698 SUSE bug 1226703 SUSE bug 1226708 SUSE bug 1226709 SUSE bug 1226711 SUSE bug 1226712 SUSE bug 1226713 SUSE bug 1226715 SUSE bug 1226716 SUSE bug 1226720 SUSE bug 1226721 SUSE bug 1226732 SUSE bug 1226758 SUSE bug 1226762 SUSE bug 1226786 SUSE bug 1226962 CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-43389 at SUSE CVE-2021-43389 at NVD CVE-2021-4439 at SUSE CVE-2021-4439 at NVD CVE-2021-47247 at SUSE CVE-2021-47247 at NVD CVE-2021-47311 at SUSE CVE-2021-47311 at NVD CVE-2021-47328 at SUSE CVE-2021-47328 at NVD CVE-2021-47368 at SUSE CVE-2021-47368 at NVD CVE-2021-47372 at SUSE CVE-2021-47372 at NVD CVE-2021-47379 at SUSE CVE-2021-47379 at NVD CVE-2021-47571 at SUSE CVE-2021-47571 at NVD CVE-2021-47576 at SUSE CVE-2021-47576 at NVD CVE-2021-47583 at SUSE CVE-2021-47583 at NVD CVE-2021-47589 at SUSE CVE-2021-47589 at NVD CVE-2021-47595 at SUSE CVE-2021-47595 at NVD CVE-2021-47596 at SUSE CVE-2021-47596 at NVD CVE-2021-47600 at SUSE CVE-2021-47600 at NVD CVE-2021-47602 at SUSE CVE-2021-47602 at NVD CVE-2021-47609 at SUSE CVE-2021-47609 at NVD CVE-2021-47611 at SUSE CVE-2021-47611 at NVD CVE-2021-47612 at SUSE CVE-2021-47612 at NVD CVE-2021-47617 at SUSE CVE-2021-47617 at NVD CVE-2021-47618 at SUSE CVE-2021-47618 at NVD CVE-2021-47619 at SUSE CVE-2021-47619 at NVD CVE-2021-47620 at SUSE CVE-2021-47620 at NVD CVE-2022-0435 at SUSE CVE-2022-0435 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD CVE-2022-2938 at SUSE CVE-2022-2938 at NVD CVE-2022-48711 at SUSE CVE-2022-48711 at NVD CVE-2022-48715 at SUSE CVE-2022-48715 at NVD CVE-2022-48717 at SUSE CVE-2022-48717 at NVD CVE-2022-48722 at SUSE CVE-2022-48722 at NVD CVE-2022-48724 at SUSE CVE-2022-48724 at NVD CVE-2022-48726 at SUSE CVE-2022-48726 at NVD CVE-2022-48728 at SUSE CVE-2022-48728 at NVD CVE-2022-48730 at SUSE CVE-2022-48730 at NVD CVE-2022-48732 at SUSE CVE-2022-48732 at NVD CVE-2022-48736 at SUSE CVE-2022-48736 at NVD CVE-2022-48737 at SUSE CVE-2022-48737 at NVD CVE-2022-48738 at SUSE CVE-2022-48738 at NVD CVE-2022-48746 at SUSE CVE-2022-48746 at NVD CVE-2022-48747 at SUSE CVE-2022-48747 at NVD CVE-2022-48748 at SUSE CVE-2022-48748 at NVD CVE-2022-48749 at SUSE CVE-2022-48749 at NVD CVE-2022-48752 at SUSE CVE-2022-48752 at NVD CVE-2022-48754 at SUSE CVE-2022-48754 at NVD CVE-2022-48756 at SUSE CVE-2022-48756 at NVD CVE-2022-48758 at SUSE CVE-2022-48758 at NVD CVE-2022-48759 at SUSE CVE-2022-48759 at NVD CVE-2022-48760 at SUSE CVE-2022-48760 at NVD CVE-2022-48767 at SUSE CVE-2022-48767 at NVD CVE-2022-48768 at SUSE CVE-2022-48768 at NVD CVE-2022-48771 at SUSE CVE-2022-48771 at NVD CVE-2023-24023 at SUSE CVE-2023-24023 at NVD CVE-2023-52707 at SUSE CVE-2023-52707 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-26923 at SUSE CVE-2024-26923 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38545 at SUSE CVE-2024-38545 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-38560 at SUSE CVE-2024-38560 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). Important SUSE bug 1156395 SUSE bug 1171988 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1181147 SUSE bug 1191958 SUSE bug 1195065 SUSE bug 1195254 SUSE bug 1195798 SUSE bug 1202623 SUSE bug 1218148 SUSE bug 1219224 SUSE bug 1219633 SUSE bug 1222015 SUSE bug 1223011 SUSE bug 1224671 SUSE bug 1224703 SUSE bug 1224749 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224865 SUSE bug 1225010 SUSE bug 1225047 SUSE bug 1225109 SUSE bug 1225161 SUSE bug 1225184 SUSE bug 1225203 SUSE bug 1225487 SUSE bug 1225518 SUSE bug 1225611 SUSE bug 1225732 SUSE bug 1225749 SUSE bug 1225840 SUSE bug 1225866 SUSE bug 1226226 SUSE bug 1226537 SUSE bug 1226552 SUSE bug 1226554 SUSE bug 1226557 SUSE bug 1226558 SUSE bug 1226562 SUSE bug 1226563 SUSE bug 1226575 SUSE bug 1226583 SUSE bug 1226585 SUSE bug 1226587 SUSE bug 1226595 SUSE bug 1226614 SUSE bug 1226619 SUSE bug 1226621 SUSE bug 1226624 SUSE bug 1226643 SUSE bug 1226644 SUSE bug 1226645 SUSE bug 1226647 SUSE bug 1226650 SUSE bug 1226669 SUSE bug 1226670 SUSE bug 1226672 SUSE bug 1226674 SUSE bug 1226679 SUSE bug 1226686 SUSE bug 1226691 SUSE bug 1226692 SUSE bug 1226698 SUSE bug 1226703 SUSE bug 1226708 SUSE bug 1226709 SUSE bug 1226711 SUSE bug 1226712 SUSE bug 1226713 SUSE bug 1226715 SUSE bug 1226716 SUSE bug 1226720 SUSE bug 1226721 SUSE bug 1226732 SUSE bug 1226762 SUSE bug 1226785 SUSE bug 1226786 SUSE bug 1226962 CVE-2021-43389 at SUSE CVE-2021-43389 at NVD CVE-2021-4439 at SUSE CVE-2021-4439 at NVD CVE-2021-47247 at SUSE CVE-2021-47247 at NVD CVE-2021-47311 at SUSE CVE-2021-47311 at NVD CVE-2021-47328 at SUSE CVE-2021-47328 at NVD CVE-2021-47368 at SUSE CVE-2021-47368 at NVD CVE-2021-47372 at SUSE CVE-2021-47372 at NVD CVE-2021-47379 at SUSE CVE-2021-47379 at NVD CVE-2021-47571 at SUSE CVE-2021-47571 at NVD CVE-2021-47576 at SUSE CVE-2021-47576 at NVD CVE-2021-47583 at SUSE CVE-2021-47583 at NVD CVE-2021-47589 at SUSE CVE-2021-47589 at NVD CVE-2021-47595 at SUSE CVE-2021-47595 at NVD CVE-2021-47596 at SUSE CVE-2021-47596 at NVD CVE-2021-47600 at SUSE CVE-2021-47600 at NVD CVE-2021-47602 at SUSE CVE-2021-47602 at NVD CVE-2021-47609 at SUSE CVE-2021-47609 at NVD CVE-2021-47611 at SUSE CVE-2021-47611 at NVD CVE-2021-47612 at SUSE CVE-2021-47612 at NVD CVE-2021-47617 at SUSE CVE-2021-47617 at NVD CVE-2021-47618 at SUSE CVE-2021-47618 at NVD CVE-2021-47619 at SUSE CVE-2021-47619 at NVD CVE-2021-47620 at SUSE CVE-2021-47620 at NVD CVE-2022-2938 at SUSE CVE-2022-2938 at NVD CVE-2022-48711 at SUSE CVE-2022-48711 at NVD CVE-2022-48715 at SUSE CVE-2022-48715 at NVD CVE-2022-48717 at SUSE CVE-2022-48717 at NVD CVE-2022-48722 at SUSE CVE-2022-48722 at NVD CVE-2022-48724 at SUSE CVE-2022-48724 at NVD CVE-2022-48726 at SUSE CVE-2022-48726 at NVD CVE-2022-48728 at SUSE CVE-2022-48728 at NVD CVE-2022-48730 at SUSE CVE-2022-48730 at NVD CVE-2022-48732 at SUSE CVE-2022-48732 at NVD CVE-2022-48736 at SUSE CVE-2022-48736 at NVD CVE-2022-48737 at SUSE CVE-2022-48737 at NVD CVE-2022-48738 at SUSE CVE-2022-48738 at NVD CVE-2022-48746 at SUSE CVE-2022-48746 at NVD CVE-2022-48747 at SUSE CVE-2022-48747 at NVD CVE-2022-48748 at SUSE CVE-2022-48748 at NVD CVE-2022-48749 at SUSE CVE-2022-48749 at NVD CVE-2022-48752 at SUSE CVE-2022-48752 at NVD CVE-2022-48754 at SUSE CVE-2022-48754 at NVD CVE-2022-48756 at SUSE CVE-2022-48756 at NVD CVE-2022-48758 at SUSE CVE-2022-48758 at NVD CVE-2022-48759 at SUSE CVE-2022-48759 at NVD CVE-2022-48760 at SUSE CVE-2022-48760 at NVD CVE-2022-48767 at SUSE CVE-2022-48767 at NVD CVE-2022-48768 at SUSE CVE-2022-48768 at NVD CVE-2022-48771 at SUSE CVE-2022-48771 at NVD CVE-2023-24023 at SUSE CVE-2023-24023 at NVD CVE-2023-52707 at SUSE CVE-2023-52707 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38545 at SUSE CVE-2024-38545 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-38560 at SUSE CVE-2024-38560 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). Moderate SUSE bug 1141157 CVE-2019-13225 at SUSE CVE-2019-13225 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for cockpit fixes the following issues: - CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). Moderate SUSE bug 1226040 CVE-2024-6126 at SUSE CVE-2024-6126 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). Important SUSE bug 1222453 SUSE bug 1227355 CVE-2024-2201 at SUSE CVE-2024-2201 at NVD CVE-2024-31143 at SUSE CVE-2024-31143 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: - FIPS: Added more safe memset (bsc#1222811). - FIPS: Adjusted AES GCM restrictions (bsc#1222830). - FIPS: Adjusted approved ciphers (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118, bsc#1222807, bsc#1222828, bsc#1222834, bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116). Update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string<uint8_t> * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. Moderate SUSE bug 1214980 SUSE bug 1222804 SUSE bug 1222807 SUSE bug 1222811 SUSE bug 1222813 SUSE bug 1222814 SUSE bug 1222821 SUSE bug 1222822 SUSE bug 1222826 SUSE bug 1222828 SUSE bug 1222830 SUSE bug 1222833 SUSE bug 1222834 SUSE bug 1224113 SUSE bug 1224115 SUSE bug 1224116 SUSE bug 1224118 CVE-2023-5388 at SUSE CVE-2023-5388 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) Moderate SUSE bug 1218851 CVE-2023-46839 at SUSE CVE-2023-46839 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). Important SUSE bug 916845 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) Moderate SUSE bug 1226469 CVE-2024-37891 at SUSE CVE-2024-37891 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) Moderate SUSE bug 1228770 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 Important SUSE bug 1220356 SUSE bug 1227525 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - NFS: Clean up directory array handling (bsc#1226662). - NFS: Clean up nfs_readdir_page_filler() (bsc#1226662). - NFS: Clean up readdir struct nfs_cache_array (bsc#1226662). - NFS: Do not discard readdir results (bsc#1226662). - NFS: Do not overfill uncached readdir pages (bsc#1226662). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - NFS: Fix up directory verifier races (bsc#1226662). - NFS: Further optimisations for 'ls -l' (bsc#1226662). - NFS: More readdir cleanups (bsc#1226662). - NFS: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFS: Support larger readdir buffers (bsc#1226662). - NFS: Use the 64-bit server readdir cookies when possible (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - X.509: Fix the parser of extended key usage for length (bsc#1218820 bsc#1226666). - nfs: optimise readdir cache page invalidation (bsc#1226662). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). Important SUSE bug 1216834 SUSE bug 1218820 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1221539 SUSE bug 1222728 SUSE bug 1222824 SUSE bug 1223863 SUSE bug 1224918 SUSE bug 1225431 SUSE bug 1226519 SUSE bug 1226550 SUSE bug 1226574 SUSE bug 1226662 SUSE bug 1226666 SUSE bug 1227213 SUSE bug 1227362 SUSE bug 1227487 SUSE bug 1227716 SUSE bug 1227750 SUSE bug 1227810 SUSE bug 1227836 SUSE bug 1227976 SUSE bug 1228013 SUSE bug 1228040 SUSE bug 1228114 SUSE bug 1228328 SUSE bug 1228561 SUSE bug 1228644 SUSE bug 1228743 CVE-2021-47126 at SUSE CVE-2021-47126 at NVD CVE-2021-47219 at SUSE CVE-2021-47219 at NVD CVE-2021-47291 at SUSE CVE-2021-47291 at NVD CVE-2021-47520 at SUSE CVE-2021-47520 at NVD CVE-2021-47580 at SUSE CVE-2021-47580 at NVD CVE-2021-47598 at SUSE CVE-2021-47598 at NVD CVE-2022-48792 at SUSE CVE-2022-48792 at NVD CVE-2022-48821 at SUSE CVE-2022-48821 at NVD CVE-2022-48822 at SUSE CVE-2022-48822 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26800 at SUSE CVE-2024-26800 at NVD CVE-2024-36974 at SUSE CVE-2024-36974 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Moderate SUSE bug 1227138 CVE-2024-5535 at SUSE CVE-2024-5535 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) Moderate SUSE bug 1228535 CVE-2024-7264 at SUSE CVE-2024-7264 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for kernel-firmware fixes the following issues: - CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) Important SUSE bug 1229069 CVE-2023-31315 at SUSE CVE-2023-31315 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - nfs: Clean up directory array handling (bsc#1226662). - nfs: Clean up nfs_readdir_page_filler() (bsc#1226662). - nfs: Clean up readdir struct nfs_cache_array (bsc#1226662). - nfs: Do not discard readdir results (bsc#1226662). - nfs: Do not overfill uncached readdir pages (bsc#1226662). - nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - nfs: Fix up directory verifier races (bsc#1226662). - nfs: Further optimisations for 'ls -l' (bsc#1226662). - nfs: More readdir cleanups (bsc#1226662). - nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - nfs: Reduce use of uncached readdir (bsc#1226662). - nfs: Support larger readdir buffers (bsc#1226662). - nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662). - nfs: optimise readdir cache page invalidation (bsc#1226662). - nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666). Important SUSE bug 1065729 SUSE bug 1179610 SUSE bug 1186463 SUSE bug 1216834 SUSE bug 1218820 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1220187 SUSE bug 1221539 SUSE bug 1222728 SUSE bug 1222824 SUSE bug 1223863 SUSE bug 1224918 SUSE bug 1225404 SUSE bug 1225431 SUSE bug 1226519 SUSE bug 1226550 SUSE bug 1226574 SUSE bug 1226575 SUSE bug 1226662 SUSE bug 1226666 SUSE bug 1226785 SUSE bug 1227213 SUSE bug 1227362 SUSE bug 1227487 SUSE bug 1227716 SUSE bug 1227750 SUSE bug 1227810 SUSE bug 1227836 SUSE bug 1227976 SUSE bug 1228013 SUSE bug 1228040 SUSE bug 1228114 SUSE bug 1228328 SUSE bug 1228561 SUSE bug 1228644 SUSE bug 1228743 CVE-2020-26558 at SUSE CVE-2020-26558 at NVD CVE-2021-0129 at SUSE CVE-2021-0129 at NVD CVE-2021-47126 at SUSE CVE-2021-47126 at NVD CVE-2021-47219 at SUSE CVE-2021-47219 at NVD CVE-2021-47291 at SUSE CVE-2021-47291 at NVD CVE-2021-47506 at SUSE CVE-2021-47506 at NVD CVE-2021-47520 at SUSE CVE-2021-47520 at NVD CVE-2021-47580 at SUSE CVE-2021-47580 at NVD CVE-2021-47598 at SUSE CVE-2021-47598 at NVD CVE-2021-47600 at SUSE CVE-2021-47600 at NVD CVE-2022-48792 at SUSE CVE-2022-48792 at NVD CVE-2022-48821 at SUSE CVE-2022-48821 at NVD CVE-2022-48822 at SUSE CVE-2022-48822 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26585 at SUSE CVE-2024-26585 at NVD CVE-2024-26800 at SUSE CVE-2024-26800 at NVD CVE-2024-36974 at SUSE CVE-2024-36974 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) Important SUSE bug 1218894 CVE-2024-21626 at SUSE CVE-2024-21626 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968) - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) Other fixes: - Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311) Important SUSE bug 1212968 SUSE bug 1215311 SUSE bug 1227322 CVE-2023-2861 at SUSE CVE-2023-2861 at NVD CVE-2024-4467 at SUSE CVE-2024-4467 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). Low SUSE bug 1224044 CVE-2024-34397 at SUSE CVE-2024-34397 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Important SUSE bug 1228574 SUSE bug 1228575 CVE-2024-31145 at SUSE CVE-2024-31145 at NVD CVE-2024-31146 at SUSE CVE-2024-31146 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2024-6104: Fixed sensitive information disclosure in log files in go-retryablehttp (bsc#1227052) Moderate SUSE bug 1227052 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240813 release (bsc#1229129) - CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html) - CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html) - CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html) - CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html) - CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html) Other issues fixed: - Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details. - Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details - Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details. - Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details. - Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details. - Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details. - Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details. - Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details. - Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details. - Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8 | CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3 | EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3 | KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11 | TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile - update to 20240531: * Update for functional issues. Refer to Intel Pentium Silver and Intel Celeron Processor Specification Update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx Important SUSE bug 1229129 CVE-2023-42667 at SUSE CVE-2023-42667 at NVD CVE-2023-49141 at SUSE CVE-2023-49141 at NVD CVE-2024-24853 at SUSE CVE-2024-24853 at NVD CVE-2024-24980 at SUSE CVE-2024-24980 at NVD CVE-2024-25939 at SUSE CVE-2024-25939 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP Critical SUSE bug 1214855 SUSE bug 1219267 SUSE bug 1219268 SUSE bug 1219438 SUSE bug 1221243 SUSE bug 1221677 SUSE bug 1221916 SUSE bug 1223409 SUSE bug 1224117 SUSE bug 1228324 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD CVE-2024-23651 at SUSE CVE-2024-23651 at NVD CVE-2024-23652 at SUSE CVE-2024-23652 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) Moderate SUSE bug 1228535 SUSE bug 1230093 CVE-2024-7264 at SUSE CVE-2024-7264 at NVD CVE-2024-8096 at SUSE CVE-2024-8096 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) Important SUSE bug 1200528 SUSE bug 1217070 SUSE bug 1228553 CVE-2022-1996 at SUSE CVE-2022-1996 at NVD CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) Low SUSE bug 1230092 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657). - CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510). - CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109). Important SUSE bug 1176447 SUSE bug 1195668 SUSE bug 1195928 SUSE bug 1195957 SUSE bug 1196018 SUSE bug 1196516 SUSE bug 1196823 SUSE bug 1202346 SUSE bug 1209636 SUSE bug 1209799 SUSE bug 1210629 SUSE bug 1216834 SUSE bug 1222251 SUSE bug 1225109 SUSE bug 1225584 SUSE bug 1227832 SUSE bug 1227924 SUSE bug 1227928 SUSE bug 1227932 SUSE bug 1227935 SUSE bug 1227941 SUSE bug 1227942 SUSE bug 1227945 SUSE bug 1227952 SUSE bug 1227964 SUSE bug 1227969 SUSE bug 1227985 SUSE bug 1227987 SUSE bug 1227988 SUSE bug 1227989 SUSE bug 1227997 SUSE bug 1228000 SUSE bug 1228004 SUSE bug 1228005 SUSE bug 1228006 SUSE bug 1228015 SUSE bug 1228020 SUSE bug 1228037 SUSE bug 1228045 SUSE bug 1228060 SUSE bug 1228062 SUSE bug 1228066 SUSE bug 1228466 SUSE bug 1228516 SUSE bug 1228576 SUSE bug 1228959 SUSE bug 1229400 SUSE bug 1229454 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229510 SUSE bug 1229512 SUSE bug 1229598 SUSE bug 1229604 SUSE bug 1229607 SUSE bug 1229620 SUSE bug 1229621 SUSE bug 1229624 SUSE bug 1229626 SUSE bug 1229629 SUSE bug 1229630 SUSE bug 1229637 SUSE bug 1229641 SUSE bug 1229657 SUSE bug 1229707 CVE-2021-4441 at SUSE CVE-2021-4441 at NVD CVE-2022-48775 at SUSE CVE-2022-48775 at NVD CVE-2022-48778 at SUSE CVE-2022-48778 at NVD CVE-2022-48787 at SUSE CVE-2022-48787 at NVD CVE-2022-48788 at SUSE CVE-2022-48788 at NVD CVE-2022-48789 at SUSE CVE-2022-48789 at NVD CVE-2022-48790 at SUSE CVE-2022-48790 at NVD CVE-2022-48798 at SUSE CVE-2022-48798 at NVD CVE-2022-48802 at SUSE CVE-2022-48802 at NVD CVE-2022-48805 at SUSE CVE-2022-48805 at NVD CVE-2022-48811 at SUSE CVE-2022-48811 at NVD CVE-2022-48823 at SUSE CVE-2022-48823 at NVD CVE-2022-48824 at SUSE CVE-2022-48824 at NVD CVE-2022-48827 at SUSE CVE-2022-48827 at NVD CVE-2022-48834 at SUSE CVE-2022-48834 at NVD CVE-2022-48835 at SUSE CVE-2022-48835 at NVD CVE-2022-48836 at SUSE CVE-2022-48836 at NVD CVE-2022-48837 at SUSE CVE-2022-48837 at NVD CVE-2022-48838 at SUSE CVE-2022-48838 at NVD CVE-2022-48839 at SUSE CVE-2022-48839 at NVD CVE-2022-48843 at SUSE CVE-2022-48843 at NVD CVE-2022-48851 at SUSE CVE-2022-48851 at NVD CVE-2022-48853 at SUSE CVE-2022-48853 at NVD CVE-2022-48856 at SUSE CVE-2022-48856 at NVD CVE-2022-48857 at SUSE CVE-2022-48857 at NVD CVE-2022-48858 at SUSE CVE-2022-48858 at NVD CVE-2022-48872 at SUSE CVE-2022-48872 at NVD CVE-2022-48873 at SUSE CVE-2022-48873 at NVD CVE-2022-48901 at SUSE CVE-2022-48901 at NVD CVE-2022-48905 at SUSE CVE-2022-48905 at NVD CVE-2022-48912 at SUSE CVE-2022-48912 at NVD CVE-2022-48917 at SUSE CVE-2022-48917 at NVD CVE-2022-48919 at SUSE CVE-2022-48919 at NVD CVE-2022-48925 at SUSE CVE-2022-48925 at NVD CVE-2022-48926 at SUSE CVE-2022-48926 at NVD CVE-2022-48928 at SUSE CVE-2022-48928 at NVD CVE-2022-48930 at SUSE CVE-2022-48930 at NVD CVE-2022-48933 at SUSE CVE-2022-48933 at NVD CVE-2022-48934 at SUSE CVE-2022-48934 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657). - CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510). - CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109). - scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002). Important SUSE bug 1176447 SUSE bug 1195668 SUSE bug 1195928 SUSE bug 1195957 SUSE bug 1196018 SUSE bug 1196516 SUSE bug 1196823 SUSE bug 1202346 SUSE bug 1209636 SUSE bug 1209799 SUSE bug 1210629 SUSE bug 1216834 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1222251 SUSE bug 1222728 SUSE bug 1223948 SUSE bug 1225109 SUSE bug 1225584 SUSE bug 1227832 SUSE bug 1227924 SUSE bug 1227928 SUSE bug 1227932 SUSE bug 1227935 SUSE bug 1227941 SUSE bug 1227942 SUSE bug 1227945 SUSE bug 1227952 SUSE bug 1227964 SUSE bug 1227969 SUSE bug 1227985 SUSE bug 1227987 SUSE bug 1227988 SUSE bug 1227989 SUSE bug 1227997 SUSE bug 1228000 SUSE bug 1228002 SUSE bug 1228004 SUSE bug 1228005 SUSE bug 1228006 SUSE bug 1228015 SUSE bug 1228020 SUSE bug 1228037 SUSE bug 1228045 SUSE bug 1228060 SUSE bug 1228062 SUSE bug 1228066 SUSE bug 1228114 SUSE bug 1228516 SUSE bug 1228576 SUSE bug 1228959 SUSE bug 1229400 SUSE bug 1229454 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229510 SUSE bug 1229512 SUSE bug 1229598 SUSE bug 1229604 SUSE bug 1229607 SUSE bug 1229620 SUSE bug 1229621 SUSE bug 1229624 SUSE bug 1229626 SUSE bug 1229629 SUSE bug 1229630 SUSE bug 1229637 SUSE bug 1229641 SUSE bug 1229657 SUSE bug 1229707 CVE-2021-4441 at SUSE CVE-2021-4441 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-20368 at SUSE CVE-2022-20368 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-2964 at SUSE CVE-2022-2964 at NVD CVE-2022-48686 at SUSE CVE-2022-48686 at NVD CVE-2022-48775 at SUSE CVE-2022-48775 at NVD CVE-2022-48778 at SUSE CVE-2022-48778 at NVD CVE-2022-48787 at SUSE CVE-2022-48787 at NVD CVE-2022-48788 at SUSE CVE-2022-48788 at NVD CVE-2022-48789 at SUSE CVE-2022-48789 at NVD CVE-2022-48790 at SUSE CVE-2022-48790 at NVD CVE-2022-48791 at SUSE CVE-2022-48791 at NVD CVE-2022-48798 at SUSE CVE-2022-48798 at NVD CVE-2022-48802 at SUSE CVE-2022-48802 at NVD CVE-2022-48805 at SUSE CVE-2022-48805 at NVD CVE-2022-48811 at SUSE CVE-2022-48811 at NVD CVE-2022-48823 at SUSE CVE-2022-48823 at NVD CVE-2022-48824 at SUSE CVE-2022-48824 at NVD CVE-2022-48827 at SUSE CVE-2022-48827 at NVD CVE-2022-48834 at SUSE CVE-2022-48834 at NVD CVE-2022-48835 at SUSE CVE-2022-48835 at NVD CVE-2022-48836 at SUSE CVE-2022-48836 at NVD CVE-2022-48837 at SUSE CVE-2022-48837 at NVD CVE-2022-48838 at SUSE CVE-2022-48838 at NVD CVE-2022-48839 at SUSE CVE-2022-48839 at NVD CVE-2022-48843 at SUSE CVE-2022-48843 at NVD CVE-2022-48851 at SUSE CVE-2022-48851 at NVD CVE-2022-48853 at SUSE CVE-2022-48853 at NVD CVE-2022-48856 at SUSE CVE-2022-48856 at NVD CVE-2022-48857 at SUSE CVE-2022-48857 at NVD CVE-2022-48858 at SUSE CVE-2022-48858 at NVD CVE-2022-48872 at SUSE CVE-2022-48872 at NVD CVE-2022-48873 at SUSE CVE-2022-48873 at NVD CVE-2022-48901 at SUSE CVE-2022-48901 at NVD CVE-2022-48905 at SUSE CVE-2022-48905 at NVD CVE-2022-48912 at SUSE CVE-2022-48912 at NVD CVE-2022-48917 at SUSE CVE-2022-48917 at NVD CVE-2022-48919 at SUSE CVE-2022-48919 at NVD CVE-2022-48925 at SUSE CVE-2022-48925 at NVD CVE-2022-48926 at SUSE CVE-2022-48926 at NVD CVE-2022-48928 at SUSE CVE-2022-48928 at NVD CVE-2022-48930 at SUSE CVE-2022-48930 at NVD CVE-2022-48933 at SUSE CVE-2022-48933 at NVD CVE-2022-48934 at SUSE CVE-2022-48934 at NVD CVE-2023-1582 at SUSE CVE-2023-1582 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26800 at SUSE CVE-2024-26800 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. Important SUSE bug 1227378 SUSE bug 1227999 SUSE bug 1228780 SUSE bug 1229596 CVE-2024-6923 at SUSE CVE-2024-6923 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) The following non-security bugs were fixed: - powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). - scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002) Important SUSE bug 1228002 CVE-2022-48791 at SUSE CVE-2022-48791 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240910 release (bsc#1230400) - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. Moderate SUSE bug 1230400 CVE-2024-23984 at SUSE CVE-2024-23984 at NVD CVE-2024-24968 at SUSE CVE-2024-24968 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2024-5642: buffer overread when NPN is used and invalid values are sent to the OpenSSL API. (bsc#1227233) Moderate SUSE bug 1227233 CVE-2024-5642 at SUSE CVE-2024-5642 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) Moderate SUSE bug 1230366 CVE-2024-45817 at SUSE CVE-2024-45817 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python36 fixes the following issues: - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Important SUSE bug 1230227 CVE-2024-6232 at SUSE CVE-2024-6232 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) Moderate SUSE bug 1229930 SUSE bug 1229931 SUSE bug 1229932 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) Moderate SUSE bug 1230020 SUSE bug 1230034 CVE-2023-7256 at SUSE CVE-2023-7256 at NVD CVE-2024-8006 at SUSE CVE-2024-8006 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for opensc fixes the following issues: - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076) - CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075) - CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074) - CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073) - CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072) - CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071) - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364) Low SUSE bug 1217722 SUSE bug 1230071 SUSE bug 1230072 SUSE bug 1230073 SUSE bug 1230074 SUSE bug 1230075 SUSE bug 1230076 SUSE bug 1230364 CVE-2024-45615 at SUSE CVE-2024-45615 at NVD CVE-2024-45616 at SUSE CVE-2024-45616 at NVD CVE-2024-45617 at SUSE CVE-2024-45617 at NVD CVE-2024-45618 at SUSE CVE-2024-45618 at NVD CVE-2024-45619 at SUSE CVE-2024-45619 at NVD CVE-2024-45620 at SUSE CVE-2024-45620 at NVD CVE-2024-8443 at SUSE CVE-2024-8443 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). The following non-security bugs were fixed: - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). - ext4: add reserved GDT blocks check (bsc#1230326). - ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). - kabi: add __nf_queue_get_refs() for kabi compliance. - No -rt specific changes this merge. - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326). Important SUSE bug 1226666 SUSE bug 1227487 SUSE bug 1229633 SUSE bug 1230015 SUSE bug 1230245 SUSE bug 1230326 SUSE bug 1230398 SUSE bug 1230434 SUSE bug 1230519 SUSE bug 1230767 CVE-2022-48911 at SUSE CVE-2022-48911 at NVD CVE-2022-48945 at SUSE CVE-2022-48945 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145). The following non-security bugs were fixed: - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). - ext4: add reserved GDT blocks check (bsc#1230326). - ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). - kabi: add __nf_queue_get_refs() for kabi compliance. - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326). Important SUSE bug 1220826 SUSE bug 1226145 SUSE bug 1226666 SUSE bug 1227487 SUSE bug 1228466 SUSE bug 1229633 SUSE bug 1230015 SUSE bug 1230245 SUSE bug 1230326 SUSE bug 1230398 SUSE bug 1230434 SUSE bug 1230519 SUSE bug 1230767 CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2022-48911 at SUSE CVE-2022-48911 at NVD CVE-2022-48945 at SUSE CVE-2022-48945 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: Security fixes: - CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241) Other fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906) Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) Moderate SUSE bug 1220262 CVE-2023-50782 at SUSE CVE-2023-50782 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). Moderate SUSE bug 1232579 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622). - CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624). Bug fixes: - Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542). Important SUSE bug 1232542 SUSE bug 1232622 SUSE bug 1232624 CVE-2024-45818 at SUSE CVE-2024-45818 at NVD CVE-2024-45819 at SUSE CVE-2024-45819 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282). Important SUSE bug 1233282 CVE-2024-52533 at SUSE CVE-2024-52533 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) - CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. - CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - Update for functional issues. New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12 | EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13 | SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 New Disclosures Updated in Prior Releases: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3 - Intel CPU Microcode was updated to the 20241029 release Update for functional issues. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14 Important SUSE bug 1233313 CVE-2024-21820 at SUSE CVE-2024-21820 at NVD CVE-2024-21853 at SUSE CVE-2024-21853 at NVD CVE-2024-23918 at SUSE CVE-2024-23918 at NVD CVE-2024-23984 at SUSE CVE-2024-23984 at NVD CVE-2024-24968 at SUSE CVE-2024-24968 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893). - CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979). - CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286). - CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304). - CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069). - CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070). - CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136). - CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890). - CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938). - CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961). - CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960). - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193). - CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200). - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203). - CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073). - CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). The following non-security bugs were fixed: - kernel-binary: generate and install compile_commands.json (bsc#1228971) - kernel-binary: vdso: Own module_dir - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375). - mkspec-dtb: add toplevel symlinks also on arm - net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). Important SUSE bug 1195775 SUSE bug 1204171 SUSE bug 1205796 SUSE bug 1209290 SUSE bug 1216223 SUSE bug 1218562 SUSE bug 1219125 SUSE bug 1223384 SUSE bug 1223524 SUSE bug 1223824 SUSE bug 1225189 SUSE bug 1225336 SUSE bug 1225611 SUSE bug 1226145 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1228743 SUSE bug 1229042 SUSE bug 1229454 SUSE bug 1229456 SUSE bug 1230429 SUSE bug 1230454 SUSE bug 1231073 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231195 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231203 SUSE bug 1231293 SUSE bug 1231375 SUSE bug 1231502 SUSE bug 1231673 SUSE bug 1231861 SUSE bug 1231887 SUSE bug 1231890 SUSE bug 1231893 SUSE bug 1231895 SUSE bug 1231936 SUSE bug 1231938 SUSE bug 1231942 SUSE bug 1231960 SUSE bug 1231961 SUSE bug 1231979 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1232033 SUSE bug 1232069 SUSE bug 1232070 SUSE bug 1232097 SUSE bug 1232136 SUSE bug 1232145 SUSE bug 1232262 SUSE bug 1232282 SUSE bug 1232286 SUSE bug 1232304 SUSE bug 1232383 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232432 SUSE bug 1232519 CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD CVE-2022-48664 at SUSE CVE-2022-48664 at NVD CVE-2022-48947 at SUSE CVE-2022-48947 at NVD CVE-2022-48956 at SUSE CVE-2022-48956 at NVD CVE-2022-48960 at SUSE CVE-2022-48960 at NVD CVE-2022-48962 at SUSE CVE-2022-48962 at NVD CVE-2022-48967 at SUSE CVE-2022-48967 at NVD CVE-2022-48970 at SUSE CVE-2022-48970 at NVD CVE-2022-48988 at SUSE CVE-2022-48988 at NVD CVE-2022-48991 at SUSE CVE-2022-48991 at NVD CVE-2022-48999 at SUSE CVE-2022-48999 at NVD CVE-2022-49003 at SUSE CVE-2022-49003 at NVD CVE-2022-49014 at SUSE CVE-2022-49014 at NVD CVE-2022-49015 at SUSE CVE-2022-49015 at NVD CVE-2022-49023 at SUSE CVE-2022-49023 at NVD CVE-2022-49025 at SUSE CVE-2022-49025 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46815 at SUSE CVE-2024-46815 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47589: igbvf: fix double free in `igbvf_probe` (bsc#1226557). - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893). - CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979). - CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286). - CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304). - CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069). - CVE-2022-48991: khugepaged: retract_page_tables() remember to test exit (bsc#1232070 prerequisity). - CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136). - CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890). - CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938). - CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961). - CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200). - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203). - CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073). - CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). The following non-security bugs were fixed: - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375). - kernel-binary: generate and install compile_commands.json (bsc#1228971) - kernel-binary: vdso: Own module_dir - mkspec-dtb: add toplevel symlinks also on arm - net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). Important SUSE bug 1195775 SUSE bug 1204171 SUSE bug 1205796 SUSE bug 1206344 SUSE bug 1209290 SUSE bug 1216223 SUSE bug 1218562 SUSE bug 1219125 SUSE bug 1223384 SUSE bug 1223524 SUSE bug 1223824 SUSE bug 1225189 SUSE bug 1225336 SUSE bug 1225611 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1226557 SUSE bug 1228743 SUSE bug 1229042 SUSE bug 1229454 SUSE bug 1229456 SUSE bug 1230429 SUSE bug 1230454 SUSE bug 1231073 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231203 SUSE bug 1231293 SUSE bug 1231375 SUSE bug 1231502 SUSE bug 1231673 SUSE bug 1231861 SUSE bug 1231887 SUSE bug 1231890 SUSE bug 1231893 SUSE bug 1231895 SUSE bug 1231936 SUSE bug 1231938 SUSE bug 1231942 SUSE bug 1231960 SUSE bug 1231961 SUSE bug 1231979 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1232033 SUSE bug 1232069 SUSE bug 1232070 SUSE bug 1232097 SUSE bug 1232136 SUSE bug 1232145 SUSE bug 1232262 SUSE bug 1232280 SUSE bug 1232282 SUSE bug 1232286 SUSE bug 1232304 SUSE bug 1232383 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232432 SUSE bug 1232519 CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2021-47589 at SUSE CVE-2021-47589 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD CVE-2022-48664 at SUSE CVE-2022-48664 at NVD CVE-2022-48947 at SUSE CVE-2022-48947 at NVD CVE-2022-48956 at SUSE CVE-2022-48956 at NVD CVE-2022-48960 at SUSE CVE-2022-48960 at NVD CVE-2022-48962 at SUSE CVE-2022-48962 at NVD CVE-2022-48967 at SUSE CVE-2022-48967 at NVD CVE-2022-48970 at SUSE CVE-2022-48970 at NVD CVE-2022-48988 at SUSE CVE-2022-48988 at NVD CVE-2022-48991 at SUSE CVE-2022-48991 at NVD CVE-2022-48999 at SUSE CVE-2022-48999 at NVD CVE-2022-49003 at SUSE CVE-2022-49003 at NVD CVE-2022-49014 at SUSE CVE-2022-49014 at NVD CVE-2022-49015 at SUSE CVE-2022-49015 at NVD CVE-2022-49023 at SUSE CVE-2022-49023 at NVD CVE-2022-49025 at SUSE CVE-2022-49025 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) Low SUSE bug 1231795 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) Moderate SUSE bug 1234068 CVE-2024-11053 at SUSE CVE-2024-11053 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070) - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). The following non-security bugs were fixed: - Update config files (bsc#1218644). - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - initramfs: avoid filename buffer overrun (bsc#1232436). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Flush XDP packets on error (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: Set tx_info->xdpf value to NULL (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: Use bitmask to indicate packet redirection (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353). Important SUSE bug 1154353 SUSE bug 1198778 SUSE bug 1218644 SUSE bug 1220927 SUSE bug 1231939 SUSE bug 1231940 SUSE bug 1231958 SUSE bug 1231962 SUSE bug 1231991 SUSE bug 1231992 SUSE bug 1231995 SUSE bug 1232006 SUSE bug 1232163 SUSE bug 1232172 SUSE bug 1232224 SUSE bug 1232436 SUSE bug 1232860 SUSE bug 1232907 SUSE bug 1232919 SUSE bug 1232928 SUSE bug 1233070 SUSE bug 1233117 SUSE bug 1233293 SUSE bug 1233453 SUSE bug 1233456 SUSE bug 1233468 SUSE bug 1233479 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233555 SUSE bug 1233557 CVE-2022-48985 at SUSE CVE-2022-48985 at NVD CVE-2022-49006 at SUSE CVE-2022-49006 at NVD CVE-2022-49010 at SUSE CVE-2022-49010 at NVD CVE-2022-49011 at SUSE CVE-2022-49011 at NVD CVE-2022-49019 at SUSE CVE-2022-49019 at NVD CVE-2022-49021 at SUSE CVE-2022-49021 at NVD CVE-2022-49022 at SUSE CVE-2022-49022 at NVD CVE-2022-49029 at SUSE CVE-2022-49029 at NVD CVE-2022-49031 at SUSE CVE-2022-49031 at NVD CVE-2022-49032 at SUSE CVE-2022-49032 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52524: net: nfc: llcp: Add lock when modifying device list (bsc#1220927). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224). - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). The following non-security bugs were fixed: - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - initramfs: avoid filename buffer overrun (bsc#1232436). - kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Flush XDP packets on error (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: Set tx_info->xdpf value to NULL (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: Use bitmask to indicate packet redirection (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353). Important SUSE bug 1154353 SUSE bug 1198778 SUSE bug 1218644 SUSE bug 1220927 SUSE bug 1231939 SUSE bug 1231940 SUSE bug 1231958 SUSE bug 1231962 SUSE bug 1231991 SUSE bug 1231992 SUSE bug 1231995 SUSE bug 1232006 SUSE bug 1232163 SUSE bug 1232172 SUSE bug 1232224 SUSE bug 1232436 SUSE bug 1232860 SUSE bug 1232907 SUSE bug 1232919 SUSE bug 1232928 SUSE bug 1233070 SUSE bug 1233117 SUSE bug 1233293 SUSE bug 1233453 SUSE bug 1233456 SUSE bug 1233468 SUSE bug 1233479 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233555 SUSE bug 1233557 CVE-2022-48985 at SUSE CVE-2022-48985 at NVD CVE-2022-49006 at SUSE CVE-2022-49006 at NVD CVE-2022-49010 at SUSE CVE-2022-49010 at NVD CVE-2022-49011 at SUSE CVE-2022-49011 at NVD CVE-2022-49019 at SUSE CVE-2022-49019 at NVD CVE-2022-49021 at SUSE CVE-2022-49021 at NVD CVE-2022-49022 at SUSE CVE-2022-49022 at NVD CVE-2022-49029 at SUSE CVE-2022-49029 at NVD CVE-2022-49031 at SUSE CVE-2022-49031 at NVD CVE-2022-49032 at SUSE CVE-2022-49032 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ovmf fixes the following issues: - CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount (bsc#1225889) Moderate SUSE bug 1225889 CVE-2024-1298 at SUSE CVE-2024-1298 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819 - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Allow a parallel docker-stable RPM to exists in repositories. - Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.17.1> - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348) - Mark docker-buildx as required since classic 'docker build' has been deprecated since Docker 23.0. (bsc#1230331) - Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. (bsc#1230333) - Update to Docker 26.1.5-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2615> bsc#1230294 - This update includes fixes for: * CVE-2024-41110. bsc#1228324 * CVE-2023-47108. bsc#1217070 bsc#1229806 * CVE-2023-45142. bsc#1228553 bsc#1229806 - Update to Docker 26.1.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2614> - Update to Docker 26.1.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2610> - Update --add-runtime to point to correct binary path. Important SUSE bug 1217070 SUSE bug 1228324 SUSE bug 1228553 SUSE bug 1229806 SUSE bug 1230294 SUSE bug 1230331 SUSE bug 1230333 SUSE bug 1231348 SUSE bug 1232999 SUSE bug 1233819 CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 Important SUSE bug 1219123 SUSE bug 1219189 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. Important SUSE bug 1218894 CVE-2024-21626 at SUSE CVE-2024-21626 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). Important SUSE bug 1219576 CVE-2024-25062 at SUSE CVE-2024-25062 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). Important SUSE bug 1108281 SUSE bug 1193285 SUSE bug 1216702 SUSE bug 1217987 SUSE bug 1217988 SUSE bug 1217989 SUSE bug 1218713 SUSE bug 1218730 SUSE bug 1218752 SUSE bug 1218757 SUSE bug 1218768 SUSE bug 1218804 SUSE bug 1218832 SUSE bug 1218836 SUSE bug 1219053 SUSE bug 1219120 SUSE bug 1219412 SUSE bug 1219434 CVE-2021-33631 at SUSE CVE-2021-33631 at NVD CVE-2023-46838 at SUSE CVE-2023-46838 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-51043 at SUSE CVE-2023-51043 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-51782 at SUSE CVE-2023-51782 at NVD CVE-2023-6040 at SUSE CVE-2023-6040 at NVD CVE-2023-6356 at SUSE CVE-2023-6356 at NVD CVE-2023-6535 at SUSE CVE-2023-6535 at NVD CVE-2023-6536 at SUSE CVE-2023-6536 at NVD CVE-2023-6915 at SUSE CVE-2023-6915 at NVD CVE-2024-0565 at SUSE CVE-2024-0565 at NVD CVE-2024-0775 at SUSE CVE-2024-0775 at NVD CVE-2024-1086 at SUSE CVE-2024-1086 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). - CVE-2022-48566: Use CRYPTO_memcmp() for compare_digest (bsc#1214691). Moderate SUSE bug 1210638 SUSE bug 1214691 CVE-2022-48566 at SUSE CVE-2022-48566 at NVD CVE-2023-27043 at SUSE CVE-2023-27043 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). Important SUSE bug 1108281 SUSE bug 1193285 SUSE bug 1215275 SUSE bug 1216702 SUSE bug 1217987 SUSE bug 1217988 SUSE bug 1217989 SUSE bug 1218713 SUSE bug 1218730 SUSE bug 1218752 SUSE bug 1218757 SUSE bug 1218768 SUSE bug 1218804 SUSE bug 1218832 SUSE bug 1218836 SUSE bug 1219053 SUSE bug 1219120 SUSE bug 1219412 SUSE bug 1219434 CVE-2021-33631 at SUSE CVE-2021-33631 at NVD CVE-2023-46838 at SUSE CVE-2023-46838 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-4921 at SUSE CVE-2023-4921 at NVD CVE-2023-51043 at SUSE CVE-2023-51043 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-51782 at SUSE CVE-2023-51782 at NVD CVE-2023-6040 at SUSE CVE-2023-6040 at NVD CVE-2023-6356 at SUSE CVE-2023-6356 at NVD CVE-2023-6535 at SUSE CVE-2023-6535 at NVD CVE-2023-6536 at SUSE CVE-2023-6536 at NVD CVE-2023-6915 at SUSE CVE-2023-6915 at NVD CVE-2024-0565 at SUSE CVE-2024-0565 at NVD CVE-2024-0775 at SUSE CVE-2024-0775 at NVD CVE-2024-1086 at SUSE CVE-2024-1086 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430) - CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431) Bugs fixed: - Ensure that pillar refresh loads beacons from pillar without restart - Fix the aptpkg.py unit test failure - Prefer unittest.mock to python-mock in test suite - Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649) - Revert changes to set Salt configured user early in the stack (bsc#1216284) - Align behavior of some modules when using salt-call via symlink (bsc#1215963) - Fix gitfs '__env__' and improve cache cleaning (bsc#1193948) - Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed Important SUSE bug 1193948 SUSE bug 1211649 SUSE bug 1215963 SUSE bug 1216284 SUSE bug 1219430 SUSE bug 1219431 CVE-2024-22231 at SUSE CVE-2024-22231 at NVD CVE-2024-22232 at SUSE CVE-2024-22232 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files Important SUSE bug 1158095 SUSE bug 1168699 SUSE bug 1174713 SUSE bug 1189608 SUSE bug 1211188 SUSE bug 1211190 SUSE bug 1218126 SUSE bug 1218186 SUSE bug 1218209 CVE-2019-14889 at SUSE CVE-2019-14889 at NVD CVE-2020-16135 at SUSE CVE-2020-16135 at NVD CVE-2020-1730 at SUSE CVE-2020-1730 at NVD CVE-2021-3634 at SUSE CVE-2021-3634 at NVD CVE-2023-1667 at SUSE CVE-2023-1667 at NVD CVE-2023-2283 at SUSE CVE-2023-2283 at NVD CVE-2023-48795 at SUSE CVE-2023-48795 at NVD CVE-2023-6004 at SUSE CVE-2023-6004 at NVD CVE-2023-6918 at SUSE CVE-2023-6918 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh2_org fixes the following issues: - Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com' when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. Important SUSE bug 1218971 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) Important SUSE bug 1216198 CVE-2023-5388 at SUSE CVE-2023-5388 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). Important SUSE bug 1219267 SUSE bug 1219268 SUSE bug 1219438 CVE-2024-23651 at SUSE CVE-2024-23651 at NVD CVE-2024-23652 at SUSE CVE-2024-23652 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) Important SUSE bug 1218215 CVE-2023-51385 at SUSE CVE-2023-51385 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). Moderate SUSE bug 1218127 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). Low SUSE bug 1217969 CVE-2023-39804 at SUSE CVE-2023-39804 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). Important SUSE bug 1219975 CVE-2023-52160 at SUSE CVE-2023-52160 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) Moderate SUSE bug 1218571 SUSE bug 1219238 CVE-2023-7207 at SUSE CVE-2023-7207 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). Moderate SUSE bug 1219243 CVE-2024-0727 at SUSE CVE-2024-0727 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). Important SUSE bug 1219026 SUSE bug 1220389 CVE-2023-42465 at SUSE CVE-2023-42465 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). Important SUSE bug 1219666 CVE-2023-6597 at SUSE CVE-2023-6597 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). Important SUSE bug 1155518 SUSE bug 1184436 SUSE bug 1185988 SUSE bug 1186286 SUSE bug 1200599 SUSE bug 1207653 SUSE bug 1212514 SUSE bug 1213456 SUSE bug 1216223 SUSE bug 1218195 SUSE bug 1218689 SUSE bug 1218915 SUSE bug 1219127 SUSE bug 1219128 SUSE bug 1219146 SUSE bug 1219295 SUSE bug 1219653 SUSE bug 1219827 SUSE bug 1219835 SUSE bug 1219915 SUSE bug 1220009 SUSE bug 1220140 SUSE bug 1220187 SUSE bug 1220238 SUSE bug 1220240 SUSE bug 1220241 SUSE bug 1220243 SUSE bug 1220250 SUSE bug 1220253 SUSE bug 1220255 SUSE bug 1220328 SUSE bug 1220330 SUSE bug 1220344 SUSE bug 1220398 SUSE bug 1220409 SUSE bug 1220416 SUSE bug 1220418 SUSE bug 1220421 SUSE bug 1220436 SUSE bug 1220444 SUSE bug 1220459 SUSE bug 1220469 SUSE bug 1220482 SUSE bug 1220526 SUSE bug 1220538 SUSE bug 1220570 SUSE bug 1220572 SUSE bug 1220599 SUSE bug 1220627 SUSE bug 1220641 SUSE bug 1220649 SUSE bug 1220660 SUSE bug 1220700 SUSE bug 1220735 SUSE bug 1220736 SUSE bug 1220737 SUSE bug 1220742 SUSE bug 1220745 SUSE bug 1220767 SUSE bug 1220796 SUSE bug 1220825 SUSE bug 1220826 SUSE bug 1220831 SUSE bug 1220845 SUSE bug 1220860 SUSE bug 1220863 SUSE bug 1220870 SUSE bug 1220917 SUSE bug 1220918 SUSE bug 1220930 SUSE bug 1220931 SUSE bug 1220932 SUSE bug 1221039 SUSE bug 1221040 CVE-2019-25162 at SUSE CVE-2019-25162 at NVD CVE-2020-36777 at SUSE CVE-2020-36777 at NVD CVE-2020-36784 at SUSE CVE-2020-36784 at NVD CVE-2021-46904 at SUSE CVE-2021-46904 at NVD CVE-2021-46905 at SUSE CVE-2021-46905 at NVD CVE-2021-46906 at SUSE CVE-2021-46906 at NVD CVE-2021-46915 at SUSE CVE-2021-46915 at NVD CVE-2021-46924 at SUSE CVE-2021-46924 at NVD CVE-2021-46929 at SUSE CVE-2021-46929 at NVD CVE-2021-46932 at SUSE CVE-2021-46932 at NVD CVE-2021-46934 at SUSE CVE-2021-46934 at NVD CVE-2021-46953 at SUSE CVE-2021-46953 at NVD CVE-2021-46964 at SUSE CVE-2021-46964 at NVD CVE-2021-46966 at SUSE CVE-2021-46966 at NVD CVE-2021-46968 at SUSE CVE-2021-46968 at NVD CVE-2021-46974 at SUSE CVE-2021-46974 at NVD CVE-2021-46989 at SUSE CVE-2021-46989 at NVD CVE-2021-47005 at SUSE CVE-2021-47005 at NVD CVE-2021-47012 at SUSE CVE-2021-47012 at NVD CVE-2021-47013 at SUSE CVE-2021-47013 at NVD CVE-2021-47054 at SUSE CVE-2021-47054 at NVD CVE-2021-47060 at SUSE CVE-2021-47060 at NVD CVE-2021-47061 at SUSE CVE-2021-47061 at NVD CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2021-47076 at SUSE CVE-2021-47076 at NVD CVE-2021-47078 at SUSE CVE-2021-47078 at NVD CVE-2021-47083 at SUSE CVE-2021-47083 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-48627 at SUSE CVE-2022-48627 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-35827 at SUSE CVE-2023-35827 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-51042 at SUSE CVE-2023-51042 at NVD CVE-2023-52340 at SUSE CVE-2023-52340 at NVD CVE-2023-52429 at SUSE CVE-2023-52429 at NVD CVE-2023-52439 at SUSE CVE-2023-52439 at NVD CVE-2023-52443 at SUSE CVE-2023-52443 at NVD CVE-2023-52445 at SUSE CVE-2023-52445 at NVD CVE-2023-52448 at SUSE CVE-2023-52448 at NVD CVE-2023-52449 at SUSE CVE-2023-52449 at NVD CVE-2023-52451 at SUSE CVE-2023-52451 at NVD CVE-2023-52463 at SUSE CVE-2023-52463 at NVD CVE-2023-52475 at SUSE CVE-2023-52475 at NVD CVE-2023-52478 at SUSE CVE-2023-52478 at NVD CVE-2023-52482 at SUSE CVE-2023-52482 at NVD CVE-2023-52502 at SUSE CVE-2023-52502 at NVD CVE-2023-52530 at SUSE CVE-2023-52530 at NVD CVE-2023-52531 at SUSE CVE-2023-52531 at NVD CVE-2023-52532 at SUSE CVE-2023-52532 at NVD CVE-2023-52569 at SUSE CVE-2023-52569 at NVD CVE-2023-52574 at SUSE CVE-2023-52574 at NVD CVE-2023-52597 at SUSE CVE-2023-52597 at NVD CVE-2023-52605 at SUSE CVE-2023-52605 at NVD CVE-2023-6817 at SUSE CVE-2023-6817 at NVD CVE-2024-0340 at SUSE CVE-2024-0340 at NVD CVE-2024-0607 at SUSE CVE-2024-0607 at NVD CVE-2024-1151 at SUSE CVE-2024-1151 at NVD CVE-2024-23849 at SUSE CVE-2024-23849 at NVD CVE-2024-23851 at SUSE CVE-2024-23851 at NVD CVE-2024-26585 at SUSE CVE-2024-26585 at NVD CVE-2024-26586 at SUSE CVE-2024-26586 at NVD CVE-2024-26589 at SUSE CVE-2024-26589 at NVD CVE-2024-26593 at SUSE CVE-2024-26593 at NVD CVE-2024-26595 at SUSE CVE-2024-26595 at NVD CVE-2024-26602 at SUSE CVE-2024-26602 at NVD CVE-2024-26607 at SUSE CVE-2024-26607 at NVD CVE-2024-26622 at SUSE CVE-2024-26622 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk. - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). Important SUSE bug 1200599 SUSE bug 1207653 SUSE bug 1212514 SUSE bug 1213456 SUSE bug 1216223 SUSE bug 1218195 SUSE bug 1218689 SUSE bug 1218915 SUSE bug 1219127 SUSE bug 1219128 SUSE bug 1219146 SUSE bug 1219295 SUSE bug 1219653 SUSE bug 1219827 SUSE bug 1219835 SUSE bug 1219915 SUSE bug 1220009 SUSE bug 1220140 SUSE bug 1220187 SUSE bug 1220238 SUSE bug 1220240 SUSE bug 1220241 SUSE bug 1220243 SUSE bug 1220250 SUSE bug 1220253 SUSE bug 1220255 SUSE bug 1220328 SUSE bug 1220330 SUSE bug 1220344 SUSE bug 1220398 SUSE bug 1220409 SUSE bug 1220416 SUSE bug 1220418 SUSE bug 1220421 SUSE bug 1220436 SUSE bug 1220444 SUSE bug 1220459 SUSE bug 1220469 SUSE bug 1220482 SUSE bug 1220526 SUSE bug 1220538 SUSE bug 1220570 SUSE bug 1220572 SUSE bug 1220599 SUSE bug 1220627 SUSE bug 1220641 SUSE bug 1220649 SUSE bug 1220660 SUSE bug 1220689 SUSE bug 1220700 SUSE bug 1220735 SUSE bug 1220736 SUSE bug 1220737 SUSE bug 1220742 SUSE bug 1220745 SUSE bug 1220767 SUSE bug 1220796 SUSE bug 1220825 SUSE bug 1220826 SUSE bug 1220831 SUSE bug 1220845 SUSE bug 1220860 SUSE bug 1220863 SUSE bug 1220870 SUSE bug 1220917 SUSE bug 1220918 SUSE bug 1220930 SUSE bug 1220931 SUSE bug 1220932 SUSE bug 1221039 SUSE bug 1221040 CVE-2019-25162 at SUSE CVE-2019-25162 at NVD CVE-2020-36777 at SUSE CVE-2020-36777 at NVD CVE-2020-36784 at SUSE CVE-2020-36784 at NVD CVE-2021-46904 at SUSE CVE-2021-46904 at NVD CVE-2021-46905 at SUSE CVE-2021-46905 at NVD CVE-2021-46906 at SUSE CVE-2021-46906 at NVD CVE-2021-46915 at SUSE CVE-2021-46915 at NVD CVE-2021-46924 at SUSE CVE-2021-46924 at NVD CVE-2021-46929 at SUSE CVE-2021-46929 at NVD CVE-2021-46932 at SUSE CVE-2021-46932 at NVD CVE-2021-46934 at SUSE CVE-2021-46934 at NVD CVE-2021-46953 at SUSE CVE-2021-46953 at NVD CVE-2021-46964 at SUSE CVE-2021-46964 at NVD CVE-2021-46966 at SUSE CVE-2021-46966 at NVD CVE-2021-46968 at SUSE CVE-2021-46968 at NVD CVE-2021-46974 at SUSE CVE-2021-46974 at NVD CVE-2021-46989 at SUSE CVE-2021-46989 at NVD CVE-2021-47005 at SUSE CVE-2021-47005 at NVD CVE-2021-47012 at SUSE CVE-2021-47012 at NVD CVE-2021-47013 at SUSE CVE-2021-47013 at NVD CVE-2021-47054 at SUSE CVE-2021-47054 at NVD CVE-2021-47060 at SUSE CVE-2021-47060 at NVD CVE-2021-47061 at SUSE CVE-2021-47061 at NVD CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2021-47076 at SUSE CVE-2021-47076 at NVD CVE-2021-47078 at SUSE CVE-2021-47078 at NVD CVE-2021-47083 at SUSE CVE-2021-47083 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-48627 at SUSE CVE-2022-48627 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-35827 at SUSE CVE-2023-35827 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-51042 at SUSE CVE-2023-51042 at NVD CVE-2023-52340 at SUSE CVE-2023-52340 at NVD CVE-2023-52429 at SUSE CVE-2023-52429 at NVD CVE-2023-52439 at SUSE CVE-2023-52439 at NVD CVE-2023-52443 at SUSE CVE-2023-52443 at NVD CVE-2023-52445 at SUSE CVE-2023-52445 at NVD CVE-2023-52448 at SUSE CVE-2023-52448 at NVD CVE-2023-52449 at SUSE CVE-2023-52449 at NVD CVE-2023-52451 at SUSE CVE-2023-52451 at NVD CVE-2023-52463 at SUSE CVE-2023-52463 at NVD CVE-2023-52475 at SUSE CVE-2023-52475 at NVD CVE-2023-52478 at SUSE CVE-2023-52478 at NVD CVE-2023-52482 at SUSE CVE-2023-52482 at NVD CVE-2023-52502 at SUSE CVE-2023-52502 at NVD CVE-2023-52530 at SUSE CVE-2023-52530 at NVD CVE-2023-52531 at SUSE CVE-2023-52531 at NVD CVE-2023-52532 at SUSE CVE-2023-52532 at NVD CVE-2023-52569 at SUSE CVE-2023-52569 at NVD CVE-2023-52574 at SUSE CVE-2023-52574 at NVD CVE-2023-52597 at SUSE CVE-2023-52597 at NVD CVE-2023-52605 at SUSE CVE-2023-52605 at NVD CVE-2023-6817 at SUSE CVE-2023-6817 at NVD CVE-2024-0340 at SUSE CVE-2024-0340 at NVD CVE-2024-0607 at SUSE CVE-2024-0607 at NVD CVE-2024-1151 at SUSE CVE-2024-1151 at NVD CVE-2024-23849 at SUSE CVE-2024-23849 at NVD CVE-2024-23851 at SUSE CVE-2024-23851 at NVD CVE-2024-26585 at SUSE CVE-2024-26585 at NVD CVE-2024-26586 at SUSE CVE-2024-26586 at NVD CVE-2024-26589 at SUSE CVE-2024-26589 at NVD CVE-2024-26593 at SUSE CVE-2024-26593 at NVD CVE-2024-26595 at SUSE CVE-2024-26595 at NVD CVE-2024-26602 at SUSE CVE-2024-26602 at NVD CVE-2024-26607 at SUSE CVE-2024-26607 at NVD CVE-2024-26622 at SUSE CVE-2024-26622 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865). Moderate SUSE bug 1218865 CVE-2023-5981 at SUSE CVE-2023-5981 at NVD CVE-2024-0553 at SUSE CVE-2024-0553 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) Moderate SUSE bug 1217445 SUSE bug 1217589 SUSE bug 1218866 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 Important SUSE bug 1215005 SUSE bug 1217316 SUSE bug 1217320 SUSE bug 1217321 SUSE bug 1217324 SUSE bug 1217326 SUSE bug 1217329 SUSE bug 1217330 SUSE bug 1217432 SUSE bug 1219581 CVE-2023-4750 at SUSE CVE-2023-4750 at NVD CVE-2023-48231 at SUSE CVE-2023-48231 at NVD CVE-2023-48232 at SUSE CVE-2023-48232 at NVD CVE-2023-48233 at SUSE CVE-2023-48233 at NVD CVE-2023-48234 at SUSE CVE-2023-48234 at NVD CVE-2023-48235 at SUSE CVE-2023-48235 at NVD CVE-2023-48236 at SUSE CVE-2023-48236 at NVD CVE-2023-48237 at SUSE CVE-2023-48237 at NVD CVE-2023-48706 at SUSE CVE-2023-48706 at NVD CVE-2024-22667 at SUSE CVE-2024-22667 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). Moderate SUSE bug 1219885 CVE-2023-46841 at SUSE CVE-2023-46841 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) Important SUSE bug 1238591 SUSE bug 1239625 SUSE bug 1239637 CVE-2023-40403 at SUSE CVE-2023-40403 at NVD CVE-2024-55549 at SUSE CVE-2024-55549 at NVD CVE-2025-24855 at SUSE CVE-2025-24855 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) Moderate SUSE bug 1238879 CVE-2025-27516 at SUSE CVE-2025-27516 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). Important SUSE bug 1239330 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) Important SUSE bug 1237367 SUSE bug 1239185 SUSE bug 1239322 CVE-2024-23650 at SUSE CVE-2024-23650 at NVD CVE-2024-29018 at SUSE CVE-2024-29018 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). Moderate SUSE bug 1234452 cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Important SUSE bug 1239618 CVE-2024-8176 at SUSE CVE-2024-8176 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719). - CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729). - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787). - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969). Important SUSE bug 1065729 SUSE bug 1179878 SUSE bug 1180814 SUSE bug 1185762 SUSE bug 1195823 SUSE bug 1196444 SUSE bug 1197158 SUSE bug 1197227 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197472 SUSE bug 1197661 SUSE bug 1197926 SUSE bug 1198577 SUSE bug 1198660 SUSE bug 1199657 SUSE bug 1200045 SUSE bug 1200217 SUSE bug 1200571 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200825 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1201193 SUSE bug 1201381 SUSE bug 1201610 SUSE bug 1202672 SUSE bug 1202711 SUSE bug 1203769 SUSE bug 1207186 SUSE bug 1209547 SUSE bug 1210647 SUSE bug 1213167 SUSE bug 1224867 SUSE bug 1225742 SUSE bug 1230326 SUSE bug 1231375 SUSE bug 1233479 SUSE bug 1233557 SUSE bug 1235433 SUSE bug 1235528 SUSE bug 1237530 SUSE bug 1237718 SUSE bug 1237721 SUSE bug 1237723 SUSE bug 1237726 SUSE bug 1237734 SUSE bug 1237735 SUSE bug 1237736 SUSE bug 1237738 SUSE bug 1237739 SUSE bug 1237740 SUSE bug 1237742 SUSE bug 1237746 SUSE bug 1237748 SUSE bug 1237752 SUSE bug 1237778 SUSE bug 1237782 SUSE bug 1237783 SUSE bug 1237784 SUSE bug 1237788 SUSE bug 1237798 SUSE bug 1237810 SUSE bug 1237813 SUSE bug 1237814 SUSE bug 1237815 SUSE bug 1237823 SUSE bug 1237829 SUSE bug 1237831 SUSE bug 1237839 SUSE bug 1237840 SUSE bug 1237846 SUSE bug 1237868 SUSE bug 1237872 SUSE bug 1237903 SUSE bug 1237916 SUSE bug 1237918 SUSE bug 1237932 SUSE bug 1237940 SUSE bug 1237941 SUSE bug 1237951 SUSE bug 1237954 SUSE bug 1237958 SUSE bug 1237963 SUSE bug 1237983 SUSE bug 1237984 SUSE bug 1237996 SUSE bug 1237997 SUSE bug 1237998 SUSE bug 1238000 SUSE bug 1238007 SUSE bug 1238013 SUSE bug 1238022 SUSE bug 1238030 SUSE bug 1238036 SUSE bug 1238046 SUSE bug 1238071 SUSE bug 1238079 SUSE bug 1238096 SUSE bug 1238099 SUSE bug 1238103 SUSE bug 1238108 SUSE bug 1238111 SUSE bug 1238123 SUSE bug 1238126 SUSE bug 1238131 SUSE bug 1238135 SUSE bug 1238139 SUSE bug 1238146 SUSE bug 1238149 SUSE bug 1238150 SUSE bug 1238155 SUSE bug 1238156 SUSE bug 1238158 SUSE bug 1238162 SUSE bug 1238166 SUSE bug 1238168 SUSE bug 1238169 SUSE bug 1238170 SUSE bug 1238171 SUSE bug 1238172 SUSE bug 1238175 SUSE bug 1238177 SUSE bug 1238181 SUSE bug 1238183 SUSE bug 1238184 SUSE bug 1238228 SUSE bug 1238229 SUSE bug 1238231 SUSE bug 1238235 SUSE bug 1238236 SUSE bug 1238239 SUSE bug 1238241 SUSE bug 1238242 SUSE bug 1238243 SUSE bug 1238244 SUSE bug 1238249 SUSE bug 1238255 SUSE bug 1238256 SUSE bug 1238257 SUSE bug 1238263 SUSE bug 1238264 SUSE bug 1238266 SUSE bug 1238267 SUSE bug 1238269 SUSE bug 1238271 SUSE bug 1238272 SUSE bug 1238274 SUSE bug 1238275 SUSE bug 1238276 SUSE bug 1238278 SUSE bug 1238279 SUSE bug 1238281 SUSE bug 1238284 SUSE bug 1238289 SUSE bug 1238293 SUSE bug 1238306 SUSE bug 1238307 SUSE bug 1238313 SUSE bug 1238327 SUSE bug 1238331 SUSE bug 1238333 SUSE bug 1238334 SUSE bug 1238336 SUSE bug 1238337 SUSE bug 1238338 SUSE bug 1238343 SUSE bug 1238372 SUSE bug 1238373 SUSE bug 1238377 SUSE bug 1238382 SUSE bug 1238386 SUSE bug 1238393 SUSE bug 1238394 SUSE bug 1238395 SUSE bug 1238413 SUSE bug 1238416 SUSE bug 1238417 SUSE bug 1238419 SUSE bug 1238420 SUSE bug 1238429 SUSE bug 1238430 SUSE bug 1238435 SUSE bug 1238441 SUSE bug 1238443 SUSE bug 1238454 SUSE bug 1238462 SUSE bug 1238467 SUSE bug 1238469 SUSE bug 1238539 SUSE bug 1238543 SUSE bug 1238546 SUSE bug 1238599 SUSE bug 1238600 SUSE bug 1238612 SUSE bug 1238615 SUSE bug 1238617 SUSE bug 1238618 SUSE bug 1238621 SUSE bug 1238623 SUSE bug 1238625 SUSE bug 1238626 SUSE bug 1238630 SUSE bug 1238631 SUSE bug 1238633 SUSE bug 1238635 SUSE bug 1238638 SUSE bug 1238639 SUSE bug 1238641 SUSE bug 1238643 SUSE bug 1238645 SUSE bug 1238646 SUSE bug 1238653 SUSE bug 1238655 SUSE bug 1238663 SUSE bug 1238705 SUSE bug 1238707 SUSE bug 1238710 SUSE bug 1238712 SUSE bug 1238718 SUSE bug 1238719 SUSE bug 1238721 SUSE bug 1238722 SUSE bug 1238727 SUSE bug 1238729 SUSE bug 1238750 SUSE bug 1238787 SUSE bug 1238789 SUSE bug 1238805 SUSE bug 1238809 SUSE bug 1238814 SUSE bug 1238815 SUSE bug 1238819 SUSE bug 1238821 SUSE bug 1238822 SUSE bug 1238823 SUSE bug 1238825 SUSE bug 1238835 SUSE bug 1238838 SUSE bug 1238868 SUSE bug 1238869 SUSE bug 1238871 SUSE bug 1238892 SUSE bug 1238893 SUSE bug 1238911 SUSE bug 1238919 SUSE bug 1238925 SUSE bug 1238930 SUSE bug 1238933 SUSE bug 1238937 SUSE bug 1238938 SUSE bug 1238939 SUSE bug 1238948 SUSE bug 1238949 SUSE bug 1238952 SUSE bug 1239001 SUSE bug 1239035 SUSE bug 1239040 SUSE bug 1239041 SUSE bug 1239060 SUSE bug 1239070 SUSE bug 1239071 SUSE bug 1239076 SUSE bug 1239109 SUSE bug 1239115 SUSE bug 1239454 SUSE bug 1239969 SUSE bug 1240207 SUSE bug 1240213 SUSE bug 1240218 SUSE bug 1240227 SUSE bug 1240272 SUSE bug 1240276 SUSE bug 1240288 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-47248 at SUSE CVE-2021-47248 at NVD CVE-2021-47631 at SUSE CVE-2021-47631 at NVD CVE-2021-47641 at SUSE CVE-2021-47641 at NVD CVE-2021-47642 at SUSE CVE-2021-47642 at NVD CVE-2021-47650 at SUSE CVE-2021-47650 at NVD CVE-2021-47651 at SUSE CVE-2021-47651 at NVD CVE-2021-47652 at SUSE CVE-2021-47652 at NVD CVE-2021-47653 at SUSE CVE-2021-47653 at NVD CVE-2021-47659 at SUSE CVE-2021-47659 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-49044 at SUSE CVE-2022-49044 at NVD CVE-2022-49051 at SUSE CVE-2022-49051 at NVD CVE-2022-49053 at SUSE CVE-2022-49053 at NVD CVE-2022-49055 at SUSE CVE-2022-49055 at NVD CVE-2022-49058 at SUSE CVE-2022-49058 at NVD CVE-2022-49059 at SUSE CVE-2022-49059 at NVD CVE-2022-49063 at SUSE CVE-2022-49063 at NVD CVE-2022-49065 at SUSE CVE-2022-49065 at NVD CVE-2022-49073 at SUSE CVE-2022-49073 at NVD CVE-2022-49076 at SUSE CVE-2022-49076 at NVD CVE-2022-49078 at SUSE CVE-2022-49078 at NVD CVE-2022-49082 at SUSE CVE-2022-49082 at NVD CVE-2022-49083 at SUSE CVE-2022-49083 at NVD CVE-2022-49085 at SUSE CVE-2022-49085 at NVD CVE-2022-49091 at SUSE CVE-2022-49091 at NVD CVE-2022-49095 at SUSE CVE-2022-49095 at NVD CVE-2022-49098 at SUSE CVE-2022-49098 at NVD CVE-2022-49100 at SUSE CVE-2022-49100 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2022-49114 at SUSE CVE-2022-49114 at NVD CVE-2022-49122 at SUSE CVE-2022-49122 at NVD CVE-2022-49137 at SUSE CVE-2022-49137 at NVD CVE-2022-49145 at SUSE CVE-2022-49145 at NVD CVE-2022-49151 at SUSE CVE-2022-49151 at NVD CVE-2022-49153 at SUSE CVE-2022-49153 at NVD CVE-2022-49155 at SUSE CVE-2022-49155 at NVD CVE-2022-49156 at SUSE CVE-2022-49156 at NVD CVE-2022-49157 at SUSE CVE-2022-49157 at NVD CVE-2022-49158 at SUSE CVE-2022-49158 at NVD CVE-2022-49159 at SUSE CVE-2022-49159 at NVD CVE-2022-49160 at SUSE CVE-2022-49160 at NVD CVE-2022-49162 at SUSE CVE-2022-49162 at NVD CVE-2022-49164 at SUSE CVE-2022-49164 at NVD CVE-2022-49175 at SUSE CVE-2022-49175 at NVD CVE-2022-49185 at SUSE CVE-2022-49185 at NVD CVE-2022-49189 at SUSE CVE-2022-49189 at NVD CVE-2022-49196 at SUSE CVE-2022-49196 at NVD CVE-2022-49200 at SUSE CVE-2022-49200 at NVD CVE-2022-49201 at SUSE CVE-2022-49201 at NVD CVE-2022-49206 at SUSE CVE-2022-49206 at NVD CVE-2022-49212 at SUSE CVE-2022-49212 at NVD CVE-2022-49213 at SUSE CVE-2022-49213 at NVD CVE-2022-49216 at SUSE CVE-2022-49216 at NVD CVE-2022-49217 at SUSE CVE-2022-49217 at NVD CVE-2022-49224 at SUSE CVE-2022-49224 at NVD CVE-2022-49226 at SUSE CVE-2022-49226 at NVD CVE-2022-49232 at SUSE CVE-2022-49232 at NVD CVE-2022-49235 at SUSE CVE-2022-49235 at NVD CVE-2022-49239 at SUSE CVE-2022-49239 at NVD CVE-2022-49242 at SUSE CVE-2022-49242 at NVD CVE-2022-49243 at SUSE CVE-2022-49243 at NVD CVE-2022-49247 at SUSE CVE-2022-49247 at NVD CVE-2022-49248 at SUSE CVE-2022-49248 at NVD CVE-2022-49253 at SUSE CVE-2022-49253 at NVD CVE-2022-49259 at SUSE CVE-2022-49259 at NVD CVE-2022-49261 at SUSE CVE-2022-49261 at NVD CVE-2022-49263 at SUSE CVE-2022-49263 at NVD CVE-2022-49264 at SUSE CVE-2022-49264 at NVD CVE-2022-49271 at SUSE CVE-2022-49271 at NVD CVE-2022-49272 at SUSE CVE-2022-49272 at NVD CVE-2022-49275 at SUSE CVE-2022-49275 at NVD CVE-2022-49279 at SUSE CVE-2022-49279 at NVD CVE-2022-49280 at SUSE CVE-2022-49280 at NVD CVE-2022-49281 at SUSE CVE-2022-49281 at NVD CVE-2022-49285 at SUSE CVE-2022-49285 at NVD CVE-2022-49287 at SUSE CVE-2022-49287 at NVD CVE-2022-49288 at SUSE CVE-2022-49288 at NVD CVE-2022-49290 at SUSE CVE-2022-49290 at NVD CVE-2022-49291 at SUSE CVE-2022-49291 at NVD CVE-2022-49292 at SUSE CVE-2022-49292 at NVD CVE-2022-49293 at SUSE CVE-2022-49293 at NVD CVE-2022-49295 at SUSE CVE-2022-49295 at NVD CVE-2022-49297 at SUSE CVE-2022-49297 at NVD CVE-2022-49298 at SUSE CVE-2022-49298 at NVD CVE-2022-49299 at SUSE CVE-2022-49299 at NVD CVE-2022-49300 at SUSE CVE-2022-49300 at NVD CVE-2022-49301 at SUSE CVE-2022-49301 at NVD CVE-2022-49302 at SUSE CVE-2022-49302 at NVD CVE-2022-49304 at SUSE CVE-2022-49304 at NVD CVE-2022-49305 at SUSE CVE-2022-49305 at NVD CVE-2022-49307 at SUSE CVE-2022-49307 at NVD CVE-2022-49313 at SUSE CVE-2022-49313 at NVD CVE-2022-49314 at SUSE CVE-2022-49314 at NVD CVE-2022-49315 at SUSE CVE-2022-49315 at NVD CVE-2022-49316 at SUSE CVE-2022-49316 at NVD CVE-2022-49320 at SUSE CVE-2022-49320 at NVD CVE-2022-49321 at SUSE CVE-2022-49321 at NVD CVE-2022-49326 at SUSE CVE-2022-49326 at NVD CVE-2022-49327 at SUSE CVE-2022-49327 at NVD CVE-2022-49331 at SUSE CVE-2022-49331 at NVD CVE-2022-49332 at SUSE CVE-2022-49332 at NVD CVE-2022-49335 at SUSE CVE-2022-49335 at NVD CVE-2022-49343 at SUSE CVE-2022-49343 at NVD CVE-2022-49347 at SUSE CVE-2022-49347 at NVD CVE-2022-49349 at SUSE CVE-2022-49349 at NVD CVE-2022-49352 at SUSE CVE-2022-49352 at NVD CVE-2022-49357 at SUSE CVE-2022-49357 at NVD CVE-2022-49370 at SUSE CVE-2022-49370 at NVD CVE-2022-49371 at SUSE CVE-2022-49371 at NVD CVE-2022-49373 at SUSE CVE-2022-49373 at NVD CVE-2022-49375 at SUSE CVE-2022-49375 at NVD CVE-2022-49376 at SUSE CVE-2022-49376 at NVD CVE-2022-49382 at SUSE CVE-2022-49382 at NVD CVE-2022-49385 at SUSE CVE-2022-49385 at NVD CVE-2022-49389 at SUSE CVE-2022-49389 at NVD CVE-2022-49394 at SUSE CVE-2022-49394 at NVD CVE-2022-49396 at SUSE CVE-2022-49396 at NVD CVE-2022-49397 at SUSE CVE-2022-49397 at NVD CVE-2022-49398 at SUSE CVE-2022-49398 at NVD CVE-2022-49399 at SUSE CVE-2022-49399 at NVD CVE-2022-49402 at SUSE CVE-2022-49402 at NVD CVE-2022-49404 at SUSE CVE-2022-49404 at NVD CVE-2022-49409 at SUSE CVE-2022-49409 at NVD CVE-2022-49410 at SUSE CVE-2022-49410 at NVD CVE-2022-49411 at SUSE CVE-2022-49411 at NVD CVE-2022-49413 at SUSE CVE-2022-49413 at NVD CVE-2022-49414 at SUSE CVE-2022-49414 at NVD CVE-2022-49416 at SUSE CVE-2022-49416 at NVD CVE-2022-49421 at SUSE CVE-2022-49421 at NVD CVE-2022-49422 at SUSE CVE-2022-49422 at NVD CVE-2022-49437 at SUSE CVE-2022-49437 at NVD CVE-2022-49438 at SUSE CVE-2022-49438 at NVD CVE-2022-49441 at SUSE CVE-2022-49441 at NVD CVE-2022-49442 at SUSE CVE-2022-49442 at NVD CVE-2022-49446 at SUSE CVE-2022-49446 at NVD CVE-2022-49451 at SUSE CVE-2022-49451 at NVD CVE-2022-49455 at SUSE CVE-2022-49455 at NVD CVE-2022-49459 at SUSE CVE-2022-49459 at NVD CVE-2022-49460 at SUSE CVE-2022-49460 at NVD CVE-2022-49462 at SUSE CVE-2022-49462 at NVD CVE-2022-49465 at SUSE CVE-2022-49465 at NVD CVE-2022-49467 at SUSE CVE-2022-49467 at NVD CVE-2022-49473 at SUSE CVE-2022-49473 at NVD CVE-2022-49474 at SUSE CVE-2022-49474 at NVD CVE-2022-49475 at SUSE CVE-2022-49475 at NVD CVE-2022-49478 at SUSE CVE-2022-49478 at NVD CVE-2022-49481 at SUSE CVE-2022-49481 at NVD CVE-2022-49482 at SUSE CVE-2022-49482 at NVD CVE-2022-49488 at SUSE CVE-2022-49488 at NVD CVE-2022-49489 at SUSE CVE-2022-49489 at NVD CVE-2022-49490 at SUSE CVE-2022-49490 at NVD CVE-2022-49491 at SUSE CVE-2022-49491 at NVD CVE-2022-49493 at SUSE CVE-2022-49493 at NVD CVE-2022-49495 at SUSE CVE-2022-49495 at NVD CVE-2022-49498 at SUSE CVE-2022-49498 at NVD CVE-2022-49503 at SUSE CVE-2022-49503 at NVD CVE-2022-49504 at SUSE CVE-2022-49504 at NVD CVE-2022-49505 at SUSE CVE-2022-49505 at NVD CVE-2022-49508 at SUSE CVE-2022-49508 at NVD CVE-2022-49514 at SUSE CVE-2022-49514 at NVD CVE-2022-49517 at SUSE CVE-2022-49517 at NVD CVE-2022-49521 at SUSE CVE-2022-49521 at NVD CVE-2022-49522 at SUSE CVE-2022-49522 at NVD CVE-2022-49524 at SUSE CVE-2022-49524 at NVD CVE-2022-49525 at SUSE CVE-2022-49525 at NVD CVE-2022-49526 at SUSE CVE-2022-49526 at NVD CVE-2022-49527 at SUSE CVE-2022-49527 at NVD CVE-2022-49532 at SUSE CVE-2022-49532 at NVD CVE-2022-49534 at SUSE CVE-2022-49534 at NVD CVE-2022-49535 at SUSE CVE-2022-49535 at NVD CVE-2022-49536 at SUSE CVE-2022-49536 at NVD CVE-2022-49537 at SUSE CVE-2022-49537 at NVD CVE-2022-49541 at SUSE CVE-2022-49541 at NVD CVE-2022-49542 at SUSE CVE-2022-49542 at NVD CVE-2022-49544 at SUSE CVE-2022-49544 at NVD CVE-2022-49545 at SUSE CVE-2022-49545 at NVD CVE-2022-49546 at SUSE CVE-2022-49546 at NVD CVE-2022-49555 at SUSE CVE-2022-49555 at NVD CVE-2022-49563 at SUSE CVE-2022-49563 at NVD CVE-2022-49564 at SUSE CVE-2022-49564 at NVD CVE-2022-49566 at SUSE CVE-2022-49566 at NVD CVE-2022-49609 at SUSE CVE-2022-49609 at NVD CVE-2022-49610 at SUSE CVE-2022-49610 at NVD CVE-2022-49611 at SUSE CVE-2022-49611 at NVD CVE-2022-49623 at SUSE CVE-2022-49623 at NVD CVE-2022-49627 at SUSE CVE-2022-49627 at NVD CVE-2022-49631 at SUSE CVE-2022-49631 at NVD CVE-2022-49640 at SUSE CVE-2022-49640 at NVD CVE-2022-49641 at SUSE CVE-2022-49641 at NVD CVE-2022-49643 at SUSE CVE-2022-49643 at NVD CVE-2022-49644 at SUSE CVE-2022-49644 at NVD CVE-2022-49645 at SUSE CVE-2022-49645 at NVD CVE-2022-49646 at SUSE CVE-2022-49646 at NVD CVE-2022-49647 at SUSE CVE-2022-49647 at NVD CVE-2022-49648 at SUSE CVE-2022-49648 at NVD CVE-2022-49649 at SUSE CVE-2022-49649 at NVD CVE-2022-49652 at SUSE CVE-2022-49652 at NVD CVE-2022-49657 at SUSE CVE-2022-49657 at NVD CVE-2022-49661 at SUSE CVE-2022-49661 at NVD CVE-2022-49670 at SUSE CVE-2022-49670 at NVD CVE-2022-49671 at SUSE CVE-2022-49671 at NVD CVE-2022-49673 at SUSE CVE-2022-49673 at NVD CVE-2022-49674 at SUSE CVE-2022-49674 at NVD CVE-2022-49678 at SUSE CVE-2022-49678 at NVD CVE-2022-49685 at SUSE CVE-2022-49685 at NVD CVE-2022-49687 at SUSE CVE-2022-49687 at NVD CVE-2022-49693 at SUSE CVE-2022-49693 at NVD CVE-2022-49700 at SUSE CVE-2022-49700 at NVD CVE-2022-49701 at SUSE CVE-2022-49701 at NVD CVE-2022-49703 at SUSE CVE-2022-49703 at NVD CVE-2022-49707 at SUSE CVE-2022-49707 at NVD CVE-2022-49708 at SUSE CVE-2022-49708 at NVD CVE-2022-49710 at SUSE CVE-2022-49710 at NVD CVE-2022-49711 at SUSE CVE-2022-49711 at NVD CVE-2022-49712 at SUSE CVE-2022-49712 at NVD CVE-2022-49713 at SUSE CVE-2022-49713 at NVD CVE-2022-49720 at SUSE CVE-2022-49720 at NVD CVE-2022-49723 at SUSE CVE-2022-49723 at NVD CVE-2022-49724 at SUSE CVE-2022-49724 at NVD CVE-2022-49729 at SUSE CVE-2022-49729 at NVD CVE-2022-49730 at SUSE CVE-2022-49730 at NVD CVE-2022-49731 at SUSE CVE-2022-49731 at NVD CVE-2022-49733 at SUSE CVE-2022-49733 at NVD CVE-2022-49739 at SUSE CVE-2022-49739 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-52935 at SUSE CVE-2023-52935 at NVD CVE-2023-52973 at SUSE CVE-2023-52973 at NVD CVE-2023-52974 at SUSE CVE-2023-52974 at NVD CVE-2023-53000 at SUSE CVE-2023-53000 at NVD CVE-2023-53015 at SUSE CVE-2023-53015 at NVD CVE-2023-53024 at SUSE CVE-2023-53024 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719). - CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729). - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787). - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969). Important SUSE bug 1065729 SUSE bug 1179878 SUSE bug 1180814 SUSE bug 1185762 SUSE bug 1195823 SUSE bug 1196444 SUSE bug 1197158 SUSE bug 1197227 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197472 SUSE bug 1197661 SUSE bug 1197926 SUSE bug 1198577 SUSE bug 1198660 SUSE bug 1199657 SUSE bug 1200045 SUSE bug 1200217 SUSE bug 1200571 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200825 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1201193 SUSE bug 1201381 SUSE bug 1201610 SUSE bug 1202672 SUSE bug 1202711 SUSE bug 1203769 SUSE bug 1207186 SUSE bug 1209547 SUSE bug 1210647 SUSE bug 1213167 SUSE bug 1224867 SUSE bug 1225742 SUSE bug 1230326 SUSE bug 1231375 SUSE bug 1233479 SUSE bug 1233557 SUSE bug 1235433 SUSE bug 1235528 SUSE bug 1237530 SUSE bug 1237718 SUSE bug 1237721 SUSE bug 1237723 SUSE bug 1237726 SUSE bug 1237734 SUSE bug 1237735 SUSE bug 1237736 SUSE bug 1237738 SUSE bug 1237739 SUSE bug 1237740 SUSE bug 1237742 SUSE bug 1237746 SUSE bug 1237748 SUSE bug 1237752 SUSE bug 1237778 SUSE bug 1237782 SUSE bug 1237783 SUSE bug 1237784 SUSE bug 1237788 SUSE bug 1237798 SUSE bug 1237810 SUSE bug 1237813 SUSE bug 1237814 SUSE bug 1237815 SUSE bug 1237823 SUSE bug 1237829 SUSE bug 1237831 SUSE bug 1237839 SUSE bug 1237840 SUSE bug 1237846 SUSE bug 1237868 SUSE bug 1237872 SUSE bug 1237903 SUSE bug 1237916 SUSE bug 1237918 SUSE bug 1237932 SUSE bug 1237940 SUSE bug 1237941 SUSE bug 1237951 SUSE bug 1237954 SUSE bug 1237958 SUSE bug 1237963 SUSE bug 1237983 SUSE bug 1237984 SUSE bug 1237996 SUSE bug 1237997 SUSE bug 1237998 SUSE bug 1238000 SUSE bug 1238007 SUSE bug 1238013 SUSE bug 1238022 SUSE bug 1238030 SUSE bug 1238036 SUSE bug 1238046 SUSE bug 1238071 SUSE bug 1238079 SUSE bug 1238096 SUSE bug 1238099 SUSE bug 1238103 SUSE bug 1238108 SUSE bug 1238111 SUSE bug 1238123 SUSE bug 1238126 SUSE bug 1238131 SUSE bug 1238135 SUSE bug 1238139 SUSE bug 1238146 SUSE bug 1238149 SUSE bug 1238150 SUSE bug 1238155 SUSE bug 1238156 SUSE bug 1238158 SUSE bug 1238162 SUSE bug 1238166 SUSE bug 1238168 SUSE bug 1238169 SUSE bug 1238170 SUSE bug 1238171 SUSE bug 1238172 SUSE bug 1238175 SUSE bug 1238177 SUSE bug 1238181 SUSE bug 1238183 SUSE bug 1238184 SUSE bug 1238228 SUSE bug 1238229 SUSE bug 1238231 SUSE bug 1238235 SUSE bug 1238236 SUSE bug 1238239 SUSE bug 1238241 SUSE bug 1238242 SUSE bug 1238243 SUSE bug 1238244 SUSE bug 1238249 SUSE bug 1238255 SUSE bug 1238256 SUSE bug 1238257 SUSE bug 1238263 SUSE bug 1238264 SUSE bug 1238266 SUSE bug 1238267 SUSE bug 1238269 SUSE bug 1238271 SUSE bug 1238272 SUSE bug 1238274 SUSE bug 1238275 SUSE bug 1238276 SUSE bug 1238278 SUSE bug 1238279 SUSE bug 1238281 SUSE bug 1238284 SUSE bug 1238289 SUSE bug 1238293 SUSE bug 1238306 SUSE bug 1238307 SUSE bug 1238313 SUSE bug 1238327 SUSE bug 1238331 SUSE bug 1238333 SUSE bug 1238334 SUSE bug 1238336 SUSE bug 1238337 SUSE bug 1238338 SUSE bug 1238343 SUSE bug 1238372 SUSE bug 1238373 SUSE bug 1238377 SUSE bug 1238386 SUSE bug 1238393 SUSE bug 1238394 SUSE bug 1238395 SUSE bug 1238413 SUSE bug 1238416 SUSE bug 1238417 SUSE bug 1238419 SUSE bug 1238420 SUSE bug 1238429 SUSE bug 1238430 SUSE bug 1238435 SUSE bug 1238441 SUSE bug 1238443 SUSE bug 1238454 SUSE bug 1238462 SUSE bug 1238467 SUSE bug 1238469 SUSE bug 1238539 SUSE bug 1238543 SUSE bug 1238546 SUSE bug 1238599 SUSE bug 1238600 SUSE bug 1238612 SUSE bug 1238615 SUSE bug 1238617 SUSE bug 1238618 SUSE bug 1238621 SUSE bug 1238623 SUSE bug 1238625 SUSE bug 1238626 SUSE bug 1238630 SUSE bug 1238631 SUSE bug 1238633 SUSE bug 1238635 SUSE bug 1238638 SUSE bug 1238639 SUSE bug 1238641 SUSE bug 1238643 SUSE bug 1238645 SUSE bug 1238646 SUSE bug 1238653 SUSE bug 1238655 SUSE bug 1238662 SUSE bug 1238663 SUSE bug 1238705 SUSE bug 1238707 SUSE bug 1238710 SUSE bug 1238712 SUSE bug 1238718 SUSE bug 1238719 SUSE bug 1238721 SUSE bug 1238722 SUSE bug 1238727 SUSE bug 1238729 SUSE bug 1238750 SUSE bug 1238787 SUSE bug 1238789 SUSE bug 1238805 SUSE bug 1238809 SUSE bug 1238814 SUSE bug 1238815 SUSE bug 1238819 SUSE bug 1238821 SUSE bug 1238822 SUSE bug 1238823 SUSE bug 1238825 SUSE bug 1238835 SUSE bug 1238838 SUSE bug 1238868 SUSE bug 1238869 SUSE bug 1238871 SUSE bug 1238892 SUSE bug 1238893 SUSE bug 1238911 SUSE bug 1238919 SUSE bug 1238925 SUSE bug 1238930 SUSE bug 1238933 SUSE bug 1238937 SUSE bug 1238938 SUSE bug 1238939 SUSE bug 1238948 SUSE bug 1238949 SUSE bug 1238952 SUSE bug 1239001 SUSE bug 1239035 SUSE bug 1239040 SUSE bug 1239041 SUSE bug 1239060 SUSE bug 1239070 SUSE bug 1239071 SUSE bug 1239076 SUSE bug 1239109 SUSE bug 1239115 SUSE bug 1239454 SUSE bug 1239969 SUSE bug 1240207 SUSE bug 1240213 SUSE bug 1240218 SUSE bug 1240227 SUSE bug 1240272 SUSE bug 1240276 SUSE bug 1240288 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-47248 at SUSE CVE-2021-47248 at NVD CVE-2021-47631 at SUSE CVE-2021-47631 at NVD CVE-2021-47641 at SUSE CVE-2021-47641 at NVD CVE-2021-47642 at SUSE CVE-2021-47642 at NVD CVE-2021-47650 at SUSE CVE-2021-47650 at NVD CVE-2021-47651 at SUSE CVE-2021-47651 at NVD CVE-2021-47652 at SUSE CVE-2021-47652 at NVD CVE-2021-47653 at SUSE CVE-2021-47653 at NVD CVE-2021-47659 at SUSE CVE-2021-47659 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-49044 at SUSE CVE-2022-49044 at NVD CVE-2022-49051 at SUSE CVE-2022-49051 at NVD CVE-2022-49053 at SUSE CVE-2022-49053 at NVD CVE-2022-49055 at SUSE CVE-2022-49055 at NVD CVE-2022-49058 at SUSE CVE-2022-49058 at NVD CVE-2022-49059 at SUSE CVE-2022-49059 at NVD CVE-2022-49063 at SUSE CVE-2022-49063 at NVD CVE-2022-49065 at SUSE CVE-2022-49065 at NVD CVE-2022-49073 at SUSE CVE-2022-49073 at NVD CVE-2022-49076 at SUSE CVE-2022-49076 at NVD CVE-2022-49078 at SUSE CVE-2022-49078 at NVD CVE-2022-49082 at SUSE CVE-2022-49082 at NVD CVE-2022-49083 at SUSE CVE-2022-49083 at NVD CVE-2022-49085 at SUSE CVE-2022-49085 at NVD CVE-2022-49091 at SUSE CVE-2022-49091 at NVD CVE-2022-49095 at SUSE CVE-2022-49095 at NVD CVE-2022-49098 at SUSE CVE-2022-49098 at NVD CVE-2022-49100 at SUSE CVE-2022-49100 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2022-49114 at SUSE CVE-2022-49114 at NVD CVE-2022-49122 at SUSE CVE-2022-49122 at NVD CVE-2022-49137 at SUSE CVE-2022-49137 at NVD CVE-2022-49145 at SUSE CVE-2022-49145 at NVD CVE-2022-49151 at SUSE CVE-2022-49151 at NVD CVE-2022-49153 at SUSE CVE-2022-49153 at NVD CVE-2022-49155 at SUSE CVE-2022-49155 at NVD CVE-2022-49156 at SUSE CVE-2022-49156 at NVD CVE-2022-49157 at SUSE CVE-2022-49157 at NVD CVE-2022-49158 at SUSE CVE-2022-49158 at NVD CVE-2022-49159 at SUSE CVE-2022-49159 at NVD CVE-2022-49160 at SUSE CVE-2022-49160 at NVD CVE-2022-49162 at SUSE CVE-2022-49162 at NVD CVE-2022-49164 at SUSE CVE-2022-49164 at NVD CVE-2022-49175 at SUSE CVE-2022-49175 at NVD CVE-2022-49185 at SUSE CVE-2022-49185 at NVD CVE-2022-49189 at SUSE CVE-2022-49189 at NVD CVE-2022-49196 at SUSE CVE-2022-49196 at NVD CVE-2022-49200 at SUSE CVE-2022-49200 at NVD CVE-2022-49201 at SUSE CVE-2022-49201 at NVD CVE-2022-49206 at SUSE CVE-2022-49206 at NVD CVE-2022-49212 at SUSE CVE-2022-49212 at NVD CVE-2022-49213 at SUSE CVE-2022-49213 at NVD CVE-2022-49216 at SUSE CVE-2022-49216 at NVD CVE-2022-49217 at SUSE CVE-2022-49217 at NVD CVE-2022-49224 at SUSE CVE-2022-49224 at NVD CVE-2022-49226 at SUSE CVE-2022-49226 at NVD CVE-2022-49232 at SUSE CVE-2022-49232 at NVD CVE-2022-49235 at SUSE CVE-2022-49235 at NVD CVE-2022-49239 at SUSE CVE-2022-49239 at NVD CVE-2022-49242 at SUSE CVE-2022-49242 at NVD CVE-2022-49243 at SUSE CVE-2022-49243 at NVD CVE-2022-49247 at SUSE CVE-2022-49247 at NVD CVE-2022-49248 at SUSE CVE-2022-49248 at NVD CVE-2022-49253 at SUSE CVE-2022-49253 at NVD CVE-2022-49259 at SUSE CVE-2022-49259 at NVD CVE-2022-49261 at SUSE CVE-2022-49261 at NVD CVE-2022-49263 at SUSE CVE-2022-49263 at NVD CVE-2022-49264 at SUSE CVE-2022-49264 at NVD CVE-2022-49271 at SUSE CVE-2022-49271 at NVD CVE-2022-49272 at SUSE CVE-2022-49272 at NVD CVE-2022-49275 at SUSE CVE-2022-49275 at NVD CVE-2022-49279 at SUSE CVE-2022-49279 at NVD CVE-2022-49280 at SUSE CVE-2022-49280 at NVD CVE-2022-49281 at SUSE CVE-2022-49281 at NVD CVE-2022-49285 at SUSE CVE-2022-49285 at NVD CVE-2022-49287 at SUSE CVE-2022-49287 at NVD CVE-2022-49288 at SUSE CVE-2022-49288 at NVD CVE-2022-49290 at SUSE CVE-2022-49290 at NVD CVE-2022-49291 at SUSE CVE-2022-49291 at NVD CVE-2022-49292 at SUSE CVE-2022-49292 at NVD CVE-2022-49293 at SUSE CVE-2022-49293 at NVD CVE-2022-49295 at SUSE CVE-2022-49295 at NVD CVE-2022-49297 at SUSE CVE-2022-49297 at NVD CVE-2022-49298 at SUSE CVE-2022-49298 at NVD CVE-2022-49299 at SUSE CVE-2022-49299 at NVD CVE-2022-49300 at SUSE CVE-2022-49300 at NVD CVE-2022-49301 at SUSE CVE-2022-49301 at NVD CVE-2022-49302 at SUSE CVE-2022-49302 at NVD CVE-2022-49304 at SUSE CVE-2022-49304 at NVD CVE-2022-49305 at SUSE CVE-2022-49305 at NVD CVE-2022-49307 at SUSE CVE-2022-49307 at NVD CVE-2022-49313 at SUSE CVE-2022-49313 at NVD CVE-2022-49314 at SUSE CVE-2022-49314 at NVD CVE-2022-49315 at SUSE CVE-2022-49315 at NVD CVE-2022-49316 at SUSE CVE-2022-49316 at NVD CVE-2022-49320 at SUSE CVE-2022-49320 at NVD CVE-2022-49321 at SUSE CVE-2022-49321 at NVD CVE-2022-49326 at SUSE CVE-2022-49326 at NVD CVE-2022-49327 at SUSE CVE-2022-49327 at NVD CVE-2022-49331 at SUSE CVE-2022-49331 at NVD CVE-2022-49332 at SUSE CVE-2022-49332 at NVD CVE-2022-49335 at SUSE CVE-2022-49335 at NVD CVE-2022-49343 at SUSE CVE-2022-49343 at NVD CVE-2022-49347 at SUSE CVE-2022-49347 at NVD CVE-2022-49349 at SUSE CVE-2022-49349 at NVD CVE-2022-49352 at SUSE CVE-2022-49352 at NVD CVE-2022-49357 at SUSE CVE-2022-49357 at NVD CVE-2022-49370 at SUSE CVE-2022-49370 at NVD CVE-2022-49371 at SUSE CVE-2022-49371 at NVD CVE-2022-49373 at SUSE CVE-2022-49373 at NVD CVE-2022-49375 at SUSE CVE-2022-49375 at NVD CVE-2022-49376 at SUSE CVE-2022-49376 at NVD CVE-2022-49382 at SUSE CVE-2022-49382 at NVD CVE-2022-49385 at SUSE CVE-2022-49385 at NVD CVE-2022-49389 at SUSE CVE-2022-49389 at NVD CVE-2022-49394 at SUSE CVE-2022-49394 at NVD CVE-2022-49396 at SUSE CVE-2022-49396 at NVD CVE-2022-49397 at SUSE CVE-2022-49397 at NVD CVE-2022-49398 at SUSE CVE-2022-49398 at NVD CVE-2022-49399 at SUSE CVE-2022-49399 at NVD CVE-2022-49402 at SUSE CVE-2022-49402 at NVD CVE-2022-49404 at SUSE CVE-2022-49404 at NVD CVE-2022-49409 at SUSE CVE-2022-49409 at NVD CVE-2022-49410 at SUSE CVE-2022-49410 at NVD CVE-2022-49411 at SUSE CVE-2022-49411 at NVD CVE-2022-49413 at SUSE CVE-2022-49413 at NVD CVE-2022-49414 at SUSE CVE-2022-49414 at NVD CVE-2022-49416 at SUSE CVE-2022-49416 at NVD CVE-2022-49421 at SUSE CVE-2022-49421 at NVD CVE-2022-49422 at SUSE CVE-2022-49422 at NVD CVE-2022-49437 at SUSE CVE-2022-49437 at NVD CVE-2022-49438 at SUSE CVE-2022-49438 at NVD CVE-2022-49441 at SUSE CVE-2022-49441 at NVD CVE-2022-49442 at SUSE CVE-2022-49442 at NVD CVE-2022-49446 at SUSE CVE-2022-49446 at NVD CVE-2022-49451 at SUSE CVE-2022-49451 at NVD CVE-2022-49455 at SUSE CVE-2022-49455 at NVD CVE-2022-49459 at SUSE CVE-2022-49459 at NVD CVE-2022-49460 at SUSE CVE-2022-49460 at NVD CVE-2022-49462 at SUSE CVE-2022-49462 at NVD CVE-2022-49465 at SUSE CVE-2022-49465 at NVD CVE-2022-49467 at SUSE CVE-2022-49467 at NVD CVE-2022-49473 at SUSE CVE-2022-49473 at NVD CVE-2022-49474 at SUSE CVE-2022-49474 at NVD CVE-2022-49475 at SUSE CVE-2022-49475 at NVD CVE-2022-49478 at SUSE CVE-2022-49478 at NVD CVE-2022-49481 at SUSE CVE-2022-49481 at NVD CVE-2022-49482 at SUSE CVE-2022-49482 at NVD CVE-2022-49488 at SUSE CVE-2022-49488 at NVD CVE-2022-49489 at SUSE CVE-2022-49489 at NVD CVE-2022-49490 at SUSE CVE-2022-49490 at NVD CVE-2022-49491 at SUSE CVE-2022-49491 at NVD CVE-2022-49493 at SUSE CVE-2022-49493 at NVD CVE-2022-49495 at SUSE CVE-2022-49495 at NVD CVE-2022-49498 at SUSE CVE-2022-49498 at NVD CVE-2022-49503 at SUSE CVE-2022-49503 at NVD CVE-2022-49504 at SUSE CVE-2022-49504 at NVD CVE-2022-49505 at SUSE CVE-2022-49505 at NVD CVE-2022-49508 at SUSE CVE-2022-49508 at NVD CVE-2022-49514 at SUSE CVE-2022-49514 at NVD CVE-2022-49517 at SUSE CVE-2022-49517 at NVD CVE-2022-49521 at SUSE CVE-2022-49521 at NVD CVE-2022-49522 at SUSE CVE-2022-49522 at NVD CVE-2022-49524 at SUSE CVE-2022-49524 at NVD CVE-2022-49525 at SUSE CVE-2022-49525 at NVD CVE-2022-49526 at SUSE CVE-2022-49526 at NVD CVE-2022-49527 at SUSE CVE-2022-49527 at NVD CVE-2022-49532 at SUSE CVE-2022-49532 at NVD CVE-2022-49534 at SUSE CVE-2022-49534 at NVD CVE-2022-49535 at SUSE CVE-2022-49535 at NVD CVE-2022-49536 at SUSE CVE-2022-49536 at NVD CVE-2022-49537 at SUSE CVE-2022-49537 at NVD CVE-2022-49541 at SUSE CVE-2022-49541 at NVD CVE-2022-49542 at SUSE CVE-2022-49542 at NVD CVE-2022-49544 at SUSE CVE-2022-49544 at NVD CVE-2022-49545 at SUSE CVE-2022-49545 at NVD CVE-2022-49546 at SUSE CVE-2022-49546 at NVD CVE-2022-49555 at SUSE CVE-2022-49555 at NVD CVE-2022-49563 at SUSE CVE-2022-49563 at NVD CVE-2022-49564 at SUSE CVE-2022-49564 at NVD CVE-2022-49566 at SUSE CVE-2022-49566 at NVD CVE-2022-49609 at SUSE CVE-2022-49609 at NVD CVE-2022-49610 at SUSE CVE-2022-49610 at NVD CVE-2022-49611 at SUSE CVE-2022-49611 at NVD CVE-2022-49623 at SUSE CVE-2022-49623 at NVD CVE-2022-49627 at SUSE CVE-2022-49627 at NVD CVE-2022-49631 at SUSE CVE-2022-49631 at NVD CVE-2022-49640 at SUSE CVE-2022-49640 at NVD CVE-2022-49641 at SUSE CVE-2022-49641 at NVD CVE-2022-49643 at SUSE CVE-2022-49643 at NVD CVE-2022-49644 at SUSE CVE-2022-49644 at NVD CVE-2022-49645 at SUSE CVE-2022-49645 at NVD CVE-2022-49646 at SUSE CVE-2022-49646 at NVD CVE-2022-49647 at SUSE CVE-2022-49647 at NVD CVE-2022-49648 at SUSE CVE-2022-49648 at NVD CVE-2022-49649 at SUSE CVE-2022-49649 at NVD CVE-2022-49652 at SUSE CVE-2022-49652 at NVD CVE-2022-49657 at SUSE CVE-2022-49657 at NVD CVE-2022-49661 at SUSE CVE-2022-49661 at NVD CVE-2022-49670 at SUSE CVE-2022-49670 at NVD CVE-2022-49671 at SUSE CVE-2022-49671 at NVD CVE-2022-49673 at SUSE CVE-2022-49673 at NVD CVE-2022-49674 at SUSE CVE-2022-49674 at NVD CVE-2022-49678 at SUSE CVE-2022-49678 at NVD CVE-2022-49685 at SUSE CVE-2022-49685 at NVD CVE-2022-49687 at SUSE CVE-2022-49687 at NVD CVE-2022-49693 at SUSE CVE-2022-49693 at NVD CVE-2022-49700 at SUSE CVE-2022-49700 at NVD CVE-2022-49701 at SUSE CVE-2022-49701 at NVD CVE-2022-49703 at SUSE CVE-2022-49703 at NVD CVE-2022-49707 at SUSE CVE-2022-49707 at NVD CVE-2022-49708 at SUSE CVE-2022-49708 at NVD CVE-2022-49710 at SUSE CVE-2022-49710 at NVD CVE-2022-49711 at SUSE CVE-2022-49711 at NVD CVE-2022-49712 at SUSE CVE-2022-49712 at NVD CVE-2022-49713 at SUSE CVE-2022-49713 at NVD CVE-2022-49720 at SUSE CVE-2022-49720 at NVD CVE-2022-49723 at SUSE CVE-2022-49723 at NVD CVE-2022-49724 at SUSE CVE-2022-49724 at NVD CVE-2022-49729 at SUSE CVE-2022-49729 at NVD CVE-2022-49730 at SUSE CVE-2022-49730 at NVD CVE-2022-49731 at SUSE CVE-2022-49731 at NVD CVE-2022-49733 at SUSE CVE-2022-49733 at NVD CVE-2022-49739 at SUSE CVE-2022-49739 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-52935 at SUSE CVE-2023-52935 at NVD CVE-2023-52973 at SUSE CVE-2023-52973 at NVD CVE-2023-52974 at SUSE CVE-2023-52974 at NVD CVE-2023-53000 at SUSE CVE-2023-53000 at NVD CVE-2023-53015 at SUSE CVE-2023-53015 at NVD CVE-2023-53024 at SUSE CVE-2023-53024 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dnsmasq fixes the following issues: - Version update to 2.90: - CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823) - CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826) Important SUSE bug 1200344 SUSE bug 1207174 SUSE bug 1214884 SUSE bug 1219823 SUSE bug 1219826 SUSE bug 1235517 CVE-2023-50387 at SUSE CVE-2023-50387 at NVD CVE-2023-50868 at SUSE CVE-2023-50868 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) Moderate SUSE bug 1232234 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. Moderate SUSE bug 1239749 CVE-2024-40635 at SUSE CVE-2024-40635 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozjs60 fixes the following issues: - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) Moderate SUSE bug 1241453 SUSE bug 1241551 CVE-2025-32414 at SUSE CVE-2025-32414 at NVD CVE-2025-32415 at SUSE CVE-2025-32415 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) Moderate SUSE bug 1241020 SUSE bug 1241078 SUSE bug 1241189 CVE-2025-29087 at SUSE CVE-2025-29087 at NVD CVE-2025-29088 at SUSE CVE-2025-29088 at NVD CVE-2025-3277 at SUSE CVE-2025-3277 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) Moderate SUSE bug 1240897 CVE-2025-3360 at SUSE CVE-2025-3360 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) Moderate SUSE bug 1241678 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for rsync fixes the following issues: - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) - CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) - CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) - CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475) Important SUSE bug 1234101 SUSE bug 1234102 SUSE bug 1234103 SUSE bug 1234104 SUSE bug 1235475 SUSE bug 1235895 CVE-2024-12085 at SUSE CVE-2024-12085 at NVD CVE-2024-12086 at SUSE CVE-2024-12086 at NVD CVE-2024-12087 at SUSE CVE-2024-12087 at NVD CVE-2024-12088 at SUSE CVE-2024-12088 at NVD CVE-2024-12747 at SUSE CVE-2024-12747 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). Important SUSE bug 1207034 SUSE bug 1207878 SUSE bug 1221980 SUSE bug 1234931 SUSE bug 1235433 SUSE bug 1237984 SUSE bug 1238512 SUSE bug 1238747 SUSE bug 1238865 SUSE bug 1240210 SUSE bug 1240308 SUSE bug 1240835 SUSE bug 1241280 SUSE bug 1241371 SUSE bug 1241404 SUSE bug 1241405 SUSE bug 1241407 SUSE bug 1241408 CVE-2020-36789 at SUSE CVE-2020-36789 at NVD CVE-2021-47163 at SUSE CVE-2021-47163 at NVD CVE-2021-47668 at SUSE CVE-2021-47668 at NVD CVE-2021-47669 at SUSE CVE-2021-47669 at NVD CVE-2021-47670 at SUSE CVE-2021-47670 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD CVE-2023-53026 at SUSE CVE-2023-53026 at NVD CVE-2023-53033 at SUSE CVE-2023-53033 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) Moderate SUSE bug 1228634 SUSE bug 1232533 SUSE bug 1241012 SUSE bug 1241045 CVE-2025-32728 at SUSE CVE-2025-32728 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49111: Bluetooth: Fix use after free in hci_send_acl (bsc#1237984). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). Important SUSE bug 1207034 SUSE bug 1207878 SUSE bug 1221980 SUSE bug 1234931 SUSE bug 1235433 SUSE bug 1237984 SUSE bug 1238512 SUSE bug 1238747 SUSE bug 1238865 SUSE bug 1240210 SUSE bug 1240308 SUSE bug 1240835 SUSE bug 1241280 SUSE bug 1241371 SUSE bug 1241404 SUSE bug 1241405 SUSE bug 1241407 SUSE bug 1241408 CVE-2020-36789 at SUSE CVE-2020-36789 at NVD CVE-2021-47163 at SUSE CVE-2021-47163 at NVD CVE-2021-47668 at SUSE CVE-2021-47668 at NVD CVE-2021-47669 at SUSE CVE-2021-47669 at NVD CVE-2021-47670 at SUSE CVE-2021-47670 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD CVE-2023-53026 at SUSE CVE-2023-53026 at NVD CVE-2023-53033 at SUSE CVE-2023-53033 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250512 release (bsc#1243123) - CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. - Updates for functional issues. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2) | ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2) | GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6 | LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3 | EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5 | GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3 | MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores | TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile | TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile Moderate SUSE bug 1243123 CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-43420 at SUSE CVE-2024-43420 at NVD CVE-2024-45332 at SUSE CVE-2024-45332 at NVD CVE-2025-20012 at SUSE CVE-2025-20012 at NVD CVE-2025-20054 at SUSE CVE-2025-20054 at NVD CVE-2025-20103 at SUSE CVE-2025-20103 at NVD CVE-2025-20623 at SUSE CVE-2025-20623 at NVD CVE-2025-24495 at SUSE CVE-2025-24495 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling (bsc#1243106) Other fixes: - Fixed GCC 15 compile time error (bsc#1241938) - Fixed building with containerd 1.7.25+ (bsc#1237147) - Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180) Full changelog: https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog Moderate SUSE bug 1237147 SUSE bug 1237180 SUSE bug 1241938 SUSE bug 1243106 CVE-2025-22247 at SUSE CVE-2025-22247 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). Moderate SUSE bug 1175825 CVE-2020-8927 at SUSE CVE-2020-8927 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) Low SUSE bug 1239909 CVE-2025-2588 at SUSE CVE-2025-2588 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). Moderate SUSE bug 1242300 SUSE bug 1243284 CVE-2025-47268 at SUSE CVE-2025-47268 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). Important SUSE bug 1234128 SUSE bug 1243317 CVE-2025-4802 at SUSE CVE-2025-4802 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282) - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043) Moderate SUSE bug 1234282 SUSE bug 1238043 SUSE bug 1243117 CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-53241 at SUSE CVE-2024-53241 at NVD CVE-2025-1713 at SUSE CVE-2025-1713 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). Moderate SUSE bug 1243273 CVE-2025-4516 at SUSE CVE-2025-4516 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory corruption (bsc#1242844). Moderate SUSE bug 1242844 CVE-2025-4373 at SUSE CVE-2025-4373 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sysstat fixes the following issues: - CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) - CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) Moderate SUSE bug 1202473 SUSE bug 1205224 SUSE bug 1211507 CVE-2022-39377 at SUSE CVE-2022-39377 at NVD CVE-2023-33204 at SUSE CVE-2023-33204 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for grub2 fixes the following issues: - CVE-2023-4692: nfs: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (bsc#1215935). - CVE-2023-4693: nfs: out-of-bounds read at fs/ntfs.c (bsc#1215936). - CVE-2024-45774: heap overflows in JPEG parser (bsc#1233609). - CVE-2024-45775: missing NULL check in extcmd parser (bsc#1233610). - CVE-2024-45776: overflow in .MO file (gettext) handling (bsc#1233612). - CVE-2024-45777: integer overflow in gettext (bsc#1233613). - CVE-2024-45778: bfs filesystem not fuzzing stable (bsc#1233606). - CVE-2024-45779: bfs: heap overflow (bsc#1233608). - CVE-2024-45780: overflow in tar/cpio (bsc#1233614). - CVE-2024-45781: ufs: strcpy overflow (bsc#1233617). - CVE-2024-45782: hfs: strcpy overflow (bsc#1233615). - CVE-2024-45783: hfsplus: refcount overflow (bsc#1233616). - CVE-2024-56737: heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem (bsc#1234958). - CVE-2025-0622: command/gpg: Use-after-free due to hooks not being removed on module unload (bsc#1236317). - CVE-2025-0624: net: Out-of-bounds write in grub_net_search_config_file() (bsc#1236316). - CVE-2025-0677: ufs: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (bsc#1237002). - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data (bsc#1237006). - CVE-2025-0684: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237008). - CVE-2025-0685: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237009). - CVE-2025-0686: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237010). - CVE-2025-0689: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution (bsc#1237011). - CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write (bsc#1237012). - CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure boot is enabled (bsc#1237013). - CVE-2025-1125: fs/hfs: Interger overflow may lead to heap based out-of-bounds write (bsc#1237014). Other bugfixes: - Bump upstream SBAT generation to 5 Important SUSE bug 1215935 SUSE bug 1215936 SUSE bug 1233606 SUSE bug 1233608 SUSE bug 1233609 SUSE bug 1233610 SUSE bug 1233612 SUSE bug 1233613 SUSE bug 1233614 SUSE bug 1233615 SUSE bug 1233616 SUSE bug 1233617 SUSE bug 1234958 SUSE bug 1236316 SUSE bug 1236317 SUSE bug 1237002 SUSE bug 1237006 SUSE bug 1237008 SUSE bug 1237009 SUSE bug 1237010 SUSE bug 1237011 SUSE bug 1237012 SUSE bug 1237013 SUSE bug 1237014 CVE-2023-4692 at SUSE CVE-2023-4692 at NVD CVE-2023-4693 at SUSE CVE-2023-4693 at NVD CVE-2024-45774 at SUSE CVE-2024-45774 at NVD CVE-2024-45775 at SUSE CVE-2024-45775 at NVD CVE-2024-45776 at SUSE CVE-2024-45776 at NVD CVE-2024-45777 at SUSE CVE-2024-45777 at NVD CVE-2024-45778 at SUSE CVE-2024-45778 at NVD CVE-2024-45779 at SUSE CVE-2024-45779 at NVD CVE-2024-45780 at SUSE CVE-2024-45780 at NVD CVE-2024-45781 at SUSE CVE-2024-45781 at NVD CVE-2024-45782 at SUSE CVE-2024-45782 at NVD CVE-2024-45783 at SUSE CVE-2024-45783 at NVD CVE-2024-56737 at SUSE CVE-2024-56737 at NVD CVE-2025-0622 at SUSE CVE-2025-0622 at NVD CVE-2025-0624 at SUSE CVE-2025-0624 at NVD CVE-2025-0677 at SUSE CVE-2025-0677 at NVD CVE-2025-0678 at SUSE CVE-2025-0678 at NVD CVE-2025-0684 at SUSE CVE-2025-0684 at NVD CVE-2025-0685 at SUSE CVE-2025-0685 at NVD CVE-2025-0686 at SUSE CVE-2025-0686 at NVD CVE-2025-0689 at SUSE CVE-2025-0689 at NVD CVE-2025-0690 at SUSE CVE-2025-0690 at NVD CVE-2025-1118 at SUSE CVE-2025-1118 at NVD CVE-2025-1125 at SUSE CVE-2025-1125 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440). - CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366). - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745). - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2024-56705: media: atomisp: add check for rgby_data memory allocation failure (bsc#1235568). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22028: media: vimc: skip .s_stream() for stopped entities (bsc#1241362). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37846: arm64: mops: Do not dereference src reg for a set operation (bsc#1242963). - CVE-2025-40364: io_uring: fix io_req_prep_async with provided buffers (bsc#1241637). The following non-security bugs were fixed: - blk: Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139). - x86/entry: Remove skip_r11rcx (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745) - kernel: Remove debug flavor (bsc#1243919). - devm-helpers: Add resource managed version of work init (bsc#1242745). - rpm: fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358). - mtd: phram: Add the kernel lock down check (bsc#1232649). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - workqueue: Add resource managed version of delayed work init (bsc#1242745) Important SUSE bug 1154353 SUSE bug 1170891 SUSE bug 1173139 SUSE bug 1184350 SUSE bug 1184611 SUSE bug 1185010 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1206073 SUSE bug 1206649 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1207198 SUSE bug 1210337 SUSE bug 1213476 SUSE bug 1232649 SUSE bug 1234887 SUSE bug 1235100 SUSE bug 1235568 SUSE bug 1237981 SUSE bug 1238032 SUSE bug 1238394 SUSE bug 1238471 SUSE bug 1240802 SUSE bug 1241362 SUSE bug 1241593 SUSE bug 1241637 SUSE bug 1242145 SUSE bug 1242147 SUSE bug 1242150 SUSE bug 1242154 SUSE bug 1242215 SUSE bug 1242232 SUSE bug 1242245 SUSE bug 1242264 SUSE bug 1242270 SUSE bug 1242352 SUSE bug 1242353 SUSE bug 1242355 SUSE bug 1242366 SUSE bug 1242378 SUSE bug 1242385 SUSE bug 1242387 SUSE bug 1242391 SUSE bug 1242392 SUSE bug 1242402 SUSE bug 1242409 SUSE bug 1242416 SUSE bug 1242440 SUSE bug 1242443 SUSE bug 1242449 SUSE bug 1242452 SUSE bug 1242455 SUSE bug 1242464 SUSE bug 1242473 SUSE bug 1242481 SUSE bug 1242484 SUSE bug 1242493 SUSE bug 1242527 SUSE bug 1242542 SUSE bug 1242545 SUSE bug 1242547 SUSE bug 1242548 SUSE bug 1242549 SUSE bug 1242551 SUSE bug 1242580 SUSE bug 1242597 SUSE bug 1242686 SUSE bug 1242689 SUSE bug 1242716 SUSE bug 1242733 SUSE bug 1242734 SUSE bug 1242736 SUSE bug 1242745 SUSE bug 1242749 SUSE bug 1242762 SUSE bug 1242835 SUSE bug 1242963 SUSE bug 1243919 CVE-2020-36790 at SUSE CVE-2020-36790 at NVD CVE-2020-36791 at SUSE CVE-2020-36791 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-49110 at SUSE CVE-2022-49110 at NVD CVE-2022-49139 at SUSE CVE-2022-49139 at NVD CVE-2022-49320 at SUSE CVE-2022-49320 at NVD CVE-2022-49767 at SUSE CVE-2022-49767 at NVD CVE-2022-49769 at SUSE CVE-2022-49769 at NVD CVE-2022-49770 at SUSE CVE-2022-49770 at NVD CVE-2022-49771 at SUSE CVE-2022-49771 at NVD CVE-2022-49772 at SUSE CVE-2022-49772 at NVD CVE-2022-49775 at SUSE CVE-2022-49775 at NVD CVE-2022-49777 at SUSE CVE-2022-49777 at NVD CVE-2022-49787 at SUSE CVE-2022-49787 at NVD CVE-2022-49788 at SUSE CVE-2022-49788 at NVD CVE-2022-49789 at SUSE CVE-2022-49789 at NVD CVE-2022-49790 at SUSE CVE-2022-49790 at NVD CVE-2022-49793 at SUSE CVE-2022-49793 at NVD CVE-2022-49794 at SUSE CVE-2022-49794 at NVD CVE-2022-49799 at SUSE CVE-2022-49799 at NVD CVE-2022-49802 at SUSE CVE-2022-49802 at NVD CVE-2022-49809 at SUSE CVE-2022-49809 at NVD CVE-2022-49818 at SUSE CVE-2022-49818 at NVD CVE-2022-49821 at SUSE CVE-2022-49821 at NVD CVE-2022-49823 at SUSE CVE-2022-49823 at NVD CVE-2022-49824 at SUSE CVE-2022-49824 at NVD CVE-2022-49825 at SUSE CVE-2022-49825 at NVD CVE-2022-49826 at SUSE CVE-2022-49826 at NVD CVE-2022-49827 at SUSE CVE-2022-49827 at NVD CVE-2022-49830 at SUSE CVE-2022-49830 at NVD CVE-2022-49832 at SUSE CVE-2022-49832 at NVD CVE-2022-49835 at SUSE CVE-2022-49835 at NVD CVE-2022-49836 at SUSE CVE-2022-49836 at NVD CVE-2022-49839 at SUSE CVE-2022-49839 at NVD CVE-2022-49841 at SUSE CVE-2022-49841 at NVD CVE-2022-49842 at SUSE CVE-2022-49842 at NVD CVE-2022-49846 at SUSE CVE-2022-49846 at NVD CVE-2022-49861 at SUSE CVE-2022-49861 at NVD CVE-2022-49870 at SUSE CVE-2022-49870 at NVD CVE-2022-49879 at SUSE CVE-2022-49879 at NVD CVE-2022-49880 at SUSE CVE-2022-49880 at NVD CVE-2022-49881 at SUSE CVE-2022-49881 at NVD CVE-2022-49887 at SUSE CVE-2022-49887 at NVD CVE-2022-49889 at SUSE CVE-2022-49889 at NVD CVE-2022-49892 at SUSE CVE-2022-49892 at NVD CVE-2022-49906 at SUSE CVE-2022-49906 at NVD CVE-2022-49910 at SUSE CVE-2022-49910 at NVD CVE-2022-49915 at SUSE CVE-2022-49915 at NVD CVE-2022-49922 at SUSE CVE-2022-49922 at NVD CVE-2022-49927 at SUSE CVE-2022-49927 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-53039 at SUSE CVE-2023-53039 at NVD CVE-2023-53052 at SUSE CVE-2023-53052 at NVD CVE-2023-53106 at SUSE CVE-2023-53106 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2024-56705 at SUSE CVE-2024-56705 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-22028 at SUSE CVE-2025-22028 at NVD CVE-2025-22121 at SUSE CVE-2025-22121 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD CVE-2025-37846 at SUSE CVE-2025-37846 at NVD CVE-2025-40364 at SUSE CVE-2025-40364 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440). - CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366). - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745). - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). The following non-security bugs were fixed: - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745). - devm-helpers: Add resource managed version of work init (bsc#1242745). - mtd: phram: Add the kernel lock down check (bsc#1232649). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - workqueue: Add resource managed version of delayed work init (bsc#1242745). - Remove debug flavor (bsc#1243919). Important SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1170891 SUSE bug 1173139 SUSE bug 1184350 SUSE bug 1184611 SUSE bug 1185010 SUSE bug 1188772 SUSE bug 1189883 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1206073 SUSE bug 1206649 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1207198 SUSE bug 1209657 SUSE bug 1210337 SUSE bug 1213476 SUSE bug 1214842 SUSE bug 1216702 SUSE bug 1220754 SUSE bug 1220985 SUSE bug 1221015 SUSE bug 1221044 SUSE bug 1223932 SUSE bug 1224099 SUSE bug 1224482 SUSE bug 1224511 SUSE bug 1224592 SUSE bug 1224831 SUSE bug 1224832 SUSE bug 1224834 SUSE bug 1224841 SUSE bug 1224843 SUSE bug 1224846 SUSE bug 1224849 SUSE bug 1224854 SUSE bug 1224859 SUSE bug 1224882 SUSE bug 1224889 SUSE bug 1224891 SUSE bug 1224892 SUSE bug 1224893 SUSE bug 1224904 SUSE bug 1225360 SUSE bug 1225411 SUSE bug 1231193 SUSE bug 1232649 SUSE bug 1234887 SUSE bug 1235100 SUSE bug 1237981 SUSE bug 1238032 SUSE bug 1238471 SUSE bug 1240802 SUSE bug 1242145 SUSE bug 1242147 SUSE bug 1242150 SUSE bug 1242154 SUSE bug 1242215 SUSE bug 1242232 SUSE bug 1242245 SUSE bug 1242264 SUSE bug 1242270 SUSE bug 1242352 SUSE bug 1242353 SUSE bug 1242355 SUSE bug 1242366 SUSE bug 1242378 SUSE bug 1242385 SUSE bug 1242387 SUSE bug 1242391 SUSE bug 1242392 SUSE bug 1242402 SUSE bug 1242409 SUSE bug 1242416 SUSE bug 1242440 SUSE bug 1242443 SUSE bug 1242449 SUSE bug 1242452 SUSE bug 1242455 SUSE bug 1242464 SUSE bug 1242473 SUSE bug 1242481 SUSE bug 1242484 SUSE bug 1242493 SUSE bug 1242527 SUSE bug 1242542 SUSE bug 1242545 SUSE bug 1242547 SUSE bug 1242548 SUSE bug 1242549 SUSE bug 1242551 SUSE bug 1242580 SUSE bug 1242597 SUSE bug 1242686 SUSE bug 1242689 SUSE bug 1242716 SUSE bug 1242733 SUSE bug 1242734 SUSE bug 1242736 SUSE bug 1242745 SUSE bug 1242749 SUSE bug 1242762 SUSE bug 1242835 SUSE bug 1243919 CVE-2020-36790 at SUSE CVE-2020-36790 at NVD CVE-2020-36791 at SUSE CVE-2020-36791 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-47100 at SUSE CVE-2021-47100 at NVD CVE-2021-47220 at SUSE CVE-2021-47220 at NVD CVE-2021-47229 at SUSE CVE-2021-47229 at NVD CVE-2021-47231 at SUSE CVE-2021-47231 at NVD CVE-2021-47236 at SUSE CVE-2021-47236 at NVD CVE-2021-47239 at SUSE CVE-2021-47239 at NVD CVE-2021-47240 at SUSE CVE-2021-47240 at NVD CVE-2021-47246 at SUSE CVE-2021-47246 at NVD CVE-2021-47252 at SUSE CVE-2021-47252 at NVD CVE-2021-47255 at SUSE CVE-2021-47255 at NVD CVE-2021-47260 at SUSE CVE-2021-47260 at NVD CVE-2021-47288 at SUSE CVE-2021-47288 at NVD CVE-2021-47296 at SUSE CVE-2021-47296 at NVD CVE-2021-47314 at SUSE CVE-2021-47314 at NVD CVE-2021-47315 at SUSE CVE-2021-47315 at NVD CVE-2021-47485 at SUSE CVE-2021-47485 at NVD CVE-2021-47500 at SUSE CVE-2021-47500 at NVD CVE-2021-47511 at SUSE CVE-2021-47511 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-48704 at SUSE CVE-2022-48704 at NVD CVE-2022-49110 at SUSE CVE-2022-49110 at NVD CVE-2022-49139 at SUSE CVE-2022-49139 at NVD CVE-2022-49767 at SUSE CVE-2022-49767 at NVD CVE-2022-49769 at SUSE CVE-2022-49769 at NVD CVE-2022-49770 at SUSE CVE-2022-49770 at NVD CVE-2022-49771 at SUSE CVE-2022-49771 at NVD CVE-2022-49772 at SUSE CVE-2022-49772 at NVD CVE-2022-49775 at SUSE CVE-2022-49775 at NVD CVE-2022-49777 at SUSE CVE-2022-49777 at NVD CVE-2022-49787 at SUSE CVE-2022-49787 at NVD CVE-2022-49788 at SUSE CVE-2022-49788 at NVD CVE-2022-49789 at SUSE CVE-2022-49789 at NVD CVE-2022-49790 at SUSE CVE-2022-49790 at NVD CVE-2022-49793 at SUSE CVE-2022-49793 at NVD CVE-2022-49794 at SUSE CVE-2022-49794 at NVD CVE-2022-49799 at SUSE CVE-2022-49799 at NVD CVE-2022-49802 at SUSE CVE-2022-49802 at NVD CVE-2022-49809 at SUSE CVE-2022-49809 at NVD CVE-2022-49818 at SUSE CVE-2022-49818 at NVD CVE-2022-49821 at SUSE CVE-2022-49821 at NVD CVE-2022-49823 at SUSE CVE-2022-49823 at NVD CVE-2022-49824 at SUSE CVE-2022-49824 at NVD CVE-2022-49825 at SUSE CVE-2022-49825 at NVD CVE-2022-49826 at SUSE CVE-2022-49826 at NVD CVE-2022-49827 at SUSE CVE-2022-49827 at NVD CVE-2022-49830 at SUSE CVE-2022-49830 at NVD CVE-2022-49832 at SUSE CVE-2022-49832 at NVD CVE-2022-49835 at SUSE CVE-2022-49835 at NVD CVE-2022-49836 at SUSE CVE-2022-49836 at NVD CVE-2022-49839 at SUSE CVE-2022-49839 at NVD CVE-2022-49841 at SUSE CVE-2022-49841 at NVD CVE-2022-49842 at SUSE CVE-2022-49842 at NVD CVE-2022-49846 at SUSE CVE-2022-49846 at NVD CVE-2022-49861 at SUSE CVE-2022-49861 at NVD CVE-2022-49870 at SUSE CVE-2022-49870 at NVD CVE-2022-49879 at SUSE CVE-2022-49879 at NVD CVE-2022-49880 at SUSE CVE-2022-49880 at NVD CVE-2022-49881 at SUSE CVE-2022-49881 at NVD CVE-2022-49887 at SUSE CVE-2022-49887 at NVD CVE-2022-49889 at SUSE CVE-2022-49889 at NVD CVE-2022-49892 at SUSE CVE-2022-49892 at NVD CVE-2022-49906 at SUSE CVE-2022-49906 at NVD CVE-2022-49910 at SUSE CVE-2022-49910 at NVD CVE-2022-49915 at SUSE CVE-2022-49915 at NVD CVE-2022-49922 at SUSE CVE-2022-49922 at NVD CVE-2022-49927 at SUSE CVE-2022-49927 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52508 at SUSE CVE-2023-52508 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-53039 at SUSE CVE-2023-53039 at NVD CVE-2023-53052 at SUSE CVE-2023-53052 at NVD CVE-2023-53106 at SUSE CVE-2023-53106 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-requests fixes the following issues: - CVE-2024-47081: fixed netrc credential leak (bsc#1244039). Moderate SUSE bug 1244039 CVE-2024-47081 at SUSE CVE-2024-47081 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). Important SUSE bug 1243226 SUSE bug 1244509 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD CVE-2025-6020 at SUSE CVE-2025-6020 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for systemd fixes the following issues: - CVE-2025-4598: Race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). - CVE-2023-26604: Privilege escalation via the less pager (bsc#1208958). - CVE-2022-4415: systemd-coredump was not respecting fs.suid_dumpable kernel setting (bsc#1205000). Other bugfixes: - clarify passno and noauto combination in /etc/fstab (bsc#1211725) - handle -EINTR return from bus_poll() (bsc#1215241) - /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576) Important SUSE bug 1205000 SUSE bug 1208958 SUSE bug 1211576 SUSE bug 1211725 SUSE bug 1215241 SUSE bug 1243935 CVE-2022-4415 at SUSE CVE-2022-4415 at NVD CVE-2023-26604 at SUSE CVE-2023-26604 at NVD CVE-2025-4598 at SUSE CVE-2025-4598 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). The following non-security bugs were fixed: - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). Important SUSE bug 1215304 SUSE bug 1220927 SUSE bug 1220937 SUSE bug 1230697 SUSE bug 1232436 SUSE bug 1234281 SUSE bug 1234690 SUSE bug 1234846 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234921 SUSE bug 1234963 SUSE bug 1235004 SUSE bug 1235054 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235246 SUSE bug 1235480 SUSE bug 1235584 CVE-2022-49035 at SUSE CVE-2022-49035 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). Moderate SUSE bug 1244079 CVE-2025-40909 at SUSE CVE-2025-40909 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam_pkcs11 fixes the following issues: - CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ignition fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192). Important SUSE bug 1239192 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2025-4516: CPython DecodeError Handling Vulnerability (bsc#1243273) Other fixes: - Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15 migration (bsc#1233012) - Update vendored ipaddress module to 3.8 equivalent - Limit buffer size for IPv6 address parsing (bsc#1244401). Moderate SUSE bug 1233012 SUSE bug 1243273 SUSE bug 1244401 CVE-2025-4516 at SUSE CVE-2025-4516 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for icu fixes the following issues: - CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721). Important SUSE bug 1161007 SUSE bug 1167603 SUSE bug 1193951 SUSE bug 1243721 CVE-2020-21913 at SUSE CVE-2020-21913 at NVD CVE-2025-5222 at SUSE CVE-2025-5222 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - Added patch to remove using rw as a default mount option (bsc#1239776) Moderate SUSE bug 1239776 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). Important SUSE bug 1245274 CVE-2025-32462 at SUSE CVE-2025-32462 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. Low SUSE bug 1230092 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). Moderate SUSE bug 1228776 SUSE bug 1239602 CVE-2024-41965 at SUSE CVE-2024-41965 at NVD CVE-2025-29768 at SUSE CVE-2025-29768 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) Important SUSE bug 1244554 SUSE bug 1244557 SUSE bug 1244590 SUSE bug 1244700 CVE-2025-49794 at SUSE CVE-2025-49794 at NVD CVE-2025-49796 at SUSE CVE-2025-49796 at NVD CVE-2025-6021 at SUSE CVE-2025-6021 at NVD CVE-2025-6170 at SUSE CVE-2025-6170 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314). Important SUSE bug 1245309 SUSE bug 1245310 SUSE bug 1245311 SUSE bug 1245314 CVE-2025-4877 at SUSE CVE-2025-4877 at NVD CVE-2025-4878 at SUSE CVE-2025-4878 at NVD CVE-2025-5318 at SUSE CVE-2025-5318 at NVD CVE-2025-5372 at SUSE CVE-2025-5372 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: - Update to docker-buildx v0.22.0. - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). Moderate SUSE bug 1239765 SUSE bug 1240150 SUSE bug 1241830 SUSE bug 1242114 SUSE bug 1243833 SUSE bug 1244035 CVE-2025-0495 at SUSE CVE-2025-0495 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). The following non-security bugs were fixed: - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). Important SUSE bug 1215304 SUSE bug 1220927 SUSE bug 1220937 SUSE bug 1230697 SUSE bug 1232436 SUSE bug 1234281 SUSE bug 1234690 SUSE bug 1234846 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234921 SUSE bug 1234963 SUSE bug 1235004 SUSE bug 1235054 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235246 SUSE bug 1235480 SUSE bug 1235584 CVE-2022-49035 at SUSE CVE-2022-49035 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147). - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119). - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82 - Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch') - Use gcc-13 for build on SLE16 (jsc#PED-10028). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - check-for-config-changes: Fix flag name typo - drop ax25 drivers (bsc#1238471). - drop hamradio drivers (bsc#1238471). - drop netrom drivers (bsc#1238471). - drop rose drivers (bsc#1238471). - kabi/severities: workaround kABI checker complains after AX25 and HAMRADIO removals KABI: symbol asc2ax(mod:net/ax25/ax25) lost KABI: symbol ax25_bcast(mod:net/ax25/ax25) lost KABI: symbol ax25_defaddr(mod:net/ax25/ax25) lost KABI: symbol ax25_display_timer(mod:net/ax25/ax25) lost KABI: symbol ax25_find_cb(mod:net/ax25/ax25) lost KABI: symbol ax25_findbyuid(mod:net/ax25/ax25) lost KABI: symbol ax25_header_ops(mod:net/ax25/ax25) lost KABI: symbol ax25_ip_xmit(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_register(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_release(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_register(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_release(mod:net/ax25/ax25) lost KABI: symbol ax25_protocol_release(mod:net/ax25/ax25) lost KABI: symbol ax25_register_pid(mod:net/ax25/ax25) lost KABI: symbol ax25_send_frame(mod:net/ax25/ax25) lost KABI: symbol ax25_uid_policy(mod:net/ax25/ax25) lost KABI: symbol ax25cmp(mod:net/ax25/ax25) lost KABI: symbol ax2asc(mod:net/ax25/ax25) lost KABI: symbol hdlcdrv_arbitrate(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_receiver(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_register(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_transmitter(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_unregister(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol null_ax25_address(mod:net/ax25/ax25) lost - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - kernel-source: Also replace bin/env - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). When compiler different from the one which was used to configure the kernel is used to build modules a warning is issued and the build continues. This could be turned into an error but that would be too restrictive. The generated kernel-devel makefile could set the compiler but then the main Makefile as to be patched to assign CC with ?= This causes run_oldconfig failure on SUSE-2024 and kbuild config check failure on SUSE-2025. This cannot be hardcoded to one version in a regular patch because the value is expected to be configurable at mkspec time. Patch the Makefile after aplyin patches in rpm prep step instead. A check is added to verify that the sed command did indeed apply the change. - packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used - rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64. - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659) - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/package-descriptions: Add rt and rt_debug descriptions - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1199487 SUSE bug 1201160 SUSE bug 1201956 SUSE bug 1202095 SUSE bug 1202564 SUSE bug 1202716 SUSE bug 1202810 SUSE bug 1202860 SUSE bug 1205220 SUSE bug 1205514 SUSE bug 1206664 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1211226 SUSE bug 1212051 SUSE bug 1218184 SUSE bug 1224095 SUSE bug 1225820 SUSE bug 1226514 SUSE bug 1228659 SUSE bug 1230827 SUSE bug 1231293 SUSE bug 1232504 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1235637 SUSE bug 1237159 SUSE bug 1237312 SUSE bug 1237313 SUSE bug 1238303 SUSE bug 1238471 SUSE bug 1238570 SUSE bug 1239986 SUSE bug 1240785 SUSE bug 1241038 SUSE bug 1242414 SUSE bug 1242504 SUSE bug 1242924 SUSE bug 1243001 SUSE bug 1243330 SUSE bug 1243543 SUSE bug 1243627 SUSE bug 1243832 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244277 SUSE bug 1244337 SUSE bug 1244764 SUSE bug 1244767 SUSE bug 1244770 SUSE bug 1244771 SUSE bug 1244773 SUSE bug 1244774 SUSE bug 1244776 SUSE bug 1244779 SUSE bug 1244782 SUSE bug 1244783 SUSE bug 1244786 SUSE bug 1244788 SUSE bug 1244790 SUSE bug 1244793 SUSE bug 1244794 SUSE bug 1244796 SUSE bug 1244797 SUSE bug 1244804 SUSE bug 1244813 SUSE bug 1244815 SUSE bug 1244816 SUSE bug 1244825 SUSE bug 1244834 SUSE bug 1244836 SUSE bug 1244838 SUSE bug 1244839 SUSE bug 1244841 SUSE bug 1244842 SUSE bug 1244845 SUSE bug 1244848 SUSE bug 1244849 SUSE bug 1244851 SUSE bug 1244853 SUSE bug 1244856 SUSE bug 1244861 SUSE bug 1244867 SUSE bug 1244868 SUSE bug 1244869 SUSE bug 1244881 SUSE bug 1244883 SUSE bug 1244884 SUSE bug 1244885 SUSE bug 1244886 SUSE bug 1244887 SUSE bug 1244899 SUSE bug 1244901 SUSE bug 1244902 SUSE bug 1244908 SUSE bug 1244936 SUSE bug 1244941 SUSE bug 1244943 SUSE bug 1244945 SUSE bug 1244948 SUSE bug 1244950 SUSE bug 1244956 SUSE bug 1244958 SUSE bug 1244959 SUSE bug 1244967 SUSE bug 1244968 SUSE bug 1244969 SUSE bug 1244976 SUSE bug 1244979 SUSE bug 1244984 SUSE bug 1244986 SUSE bug 1244992 SUSE bug 1245006 SUSE bug 1245007 SUSE bug 1245024 SUSE bug 1245031 SUSE bug 1245033 SUSE bug 1245041 SUSE bug 1245047 SUSE bug 1245051 SUSE bug 1245057 SUSE bug 1245058 SUSE bug 1245072 SUSE bug 1245073 SUSE bug 1245098 SUSE bug 1245103 SUSE bug 1245117 SUSE bug 1245119 SUSE bug 1245121 SUSE bug 1245122 SUSE bug 1245125 SUSE bug 1245129 SUSE bug 1245131 SUSE bug 1245135 SUSE bug 1245136 SUSE bug 1245138 SUSE bug 1245139 SUSE bug 1245140 SUSE bug 1245146 SUSE bug 1245147 SUSE bug 1245149 SUSE bug 1245183 SUSE bug 1245195 SUSE bug 1245265 SUSE bug 1245348 SUSE bug 1245455 CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD CVE-2022-49934 at SUSE CVE-2022-49934 at NVD CVE-2022-49936 at SUSE CVE-2022-49936 at NVD CVE-2022-49937 at SUSE CVE-2022-49937 at NVD CVE-2022-49942 at SUSE CVE-2022-49942 at NVD CVE-2022-49945 at SUSE CVE-2022-49945 at NVD CVE-2022-49948 at SUSE CVE-2022-49948 at NVD CVE-2022-49950 at SUSE CVE-2022-49950 at NVD CVE-2022-49952 at SUSE CVE-2022-49952 at NVD CVE-2022-49954 at SUSE CVE-2022-49954 at NVD CVE-2022-49956 at SUSE CVE-2022-49956 at NVD CVE-2022-49968 at SUSE CVE-2022-49968 at NVD CVE-2022-49977 at SUSE CVE-2022-49977 at NVD CVE-2022-49978 at SUSE CVE-2022-49978 at NVD CVE-2022-49981 at SUSE CVE-2022-49981 at NVD CVE-2022-49984 at SUSE CVE-2022-49984 at NVD CVE-2022-49985 at SUSE CVE-2022-49985 at NVD CVE-2022-49986 at SUSE CVE-2022-49986 at NVD CVE-2022-49987 at SUSE CVE-2022-49987 at NVD CVE-2022-49989 at SUSE CVE-2022-49989 at NVD CVE-2022-49990 at SUSE CVE-2022-49990 at NVD CVE-2022-49993 at SUSE CVE-2022-49993 at NVD CVE-2022-50010 at SUSE CVE-2022-50010 at NVD CVE-2022-50012 at SUSE CVE-2022-50012 at NVD CVE-2022-50019 at SUSE CVE-2022-50019 at NVD CVE-2022-50020 at SUSE CVE-2022-50020 at NVD CVE-2022-50022 at SUSE CVE-2022-50022 at NVD CVE-2022-50027 at SUSE CVE-2022-50027 at NVD CVE-2022-50028 at SUSE CVE-2022-50028 at NVD CVE-2022-50029 at SUSE CVE-2022-50029 at NVD CVE-2022-50030 at SUSE CVE-2022-50030 at NVD CVE-2022-50032 at SUSE CVE-2022-50032 at NVD CVE-2022-50033 at SUSE CVE-2022-50033 at NVD CVE-2022-50036 at SUSE CVE-2022-50036 at NVD CVE-2022-50038 at SUSE CVE-2022-50038 at NVD CVE-2022-50045 at SUSE CVE-2022-50045 at NVD CVE-2022-50051 at SUSE CVE-2022-50051 at NVD CVE-2022-50059 at SUSE CVE-2022-50059 at NVD CVE-2022-50061 at SUSE CVE-2022-50061 at NVD CVE-2022-50065 at SUSE CVE-2022-50065 at NVD CVE-2022-50067 at SUSE CVE-2022-50067 at NVD CVE-2022-50072 at SUSE CVE-2022-50072 at NVD CVE-2022-50083 at SUSE CVE-2022-50083 at NVD CVE-2022-50084 at SUSE CVE-2022-50084 at NVD CVE-2022-50085 at SUSE CVE-2022-50085 at NVD CVE-2022-50087 at SUSE CVE-2022-50087 at NVD CVE-2022-50091 at SUSE CVE-2022-50091 at NVD CVE-2022-50092 at SUSE CVE-2022-50092 at NVD CVE-2022-50093 at SUSE CVE-2022-50093 at NVD CVE-2022-50094 at SUSE CVE-2022-50094 at NVD CVE-2022-50097 at SUSE CVE-2022-50097 at NVD CVE-2022-50098 at SUSE CVE-2022-50098 at NVD CVE-2022-50099 at SUSE CVE-2022-50099 at NVD CVE-2022-50101 at SUSE CVE-2022-50101 at NVD CVE-2022-50102 at SUSE CVE-2022-50102 at NVD CVE-2022-50104 at SUSE CVE-2022-50104 at NVD CVE-2022-50108 at SUSE CVE-2022-50108 at NVD CVE-2022-50109 at SUSE CVE-2022-50109 at NVD CVE-2022-50118 at SUSE CVE-2022-50118 at NVD CVE-2022-50124 at SUSE CVE-2022-50124 at NVD CVE-2022-50126 at SUSE CVE-2022-50126 at NVD CVE-2022-50127 at SUSE CVE-2022-50127 at NVD CVE-2022-50136 at SUSE CVE-2022-50136 at NVD CVE-2022-50138 at SUSE CVE-2022-50138 at NVD CVE-2022-50140 at SUSE CVE-2022-50140 at NVD CVE-2022-50141 at SUSE CVE-2022-50141 at NVD CVE-2022-50142 at SUSE CVE-2022-50142 at NVD CVE-2022-50143 at SUSE CVE-2022-50143 at NVD CVE-2022-50146 at SUSE CVE-2022-50146 at NVD CVE-2022-50149 at SUSE CVE-2022-50149 at NVD CVE-2022-50152 at SUSE CVE-2022-50152 at NVD CVE-2022-50153 at SUSE CVE-2022-50153 at NVD CVE-2022-50156 at SUSE CVE-2022-50156 at NVD CVE-2022-50158 at SUSE CVE-2022-50158 at NVD CVE-2022-50160 at SUSE CVE-2022-50160 at NVD CVE-2022-50161 at SUSE CVE-2022-50161 at NVD CVE-2022-50162 at SUSE CVE-2022-50162 at NVD CVE-2022-50164 at SUSE CVE-2022-50164 at NVD CVE-2022-50165 at SUSE CVE-2022-50165 at NVD CVE-2022-50169 at SUSE CVE-2022-50169 at NVD CVE-2022-50172 at SUSE CVE-2022-50172 at NVD CVE-2022-50173 at SUSE CVE-2022-50173 at NVD CVE-2022-50176 at SUSE CVE-2022-50176 at NVD CVE-2022-50179 at SUSE CVE-2022-50179 at NVD CVE-2022-50181 at SUSE CVE-2022-50181 at NVD CVE-2022-50185 at SUSE CVE-2022-50185 at NVD CVE-2022-50191 at SUSE CVE-2022-50191 at NVD CVE-2022-50200 at SUSE CVE-2022-50200 at NVD CVE-2022-50209 at SUSE CVE-2022-50209 at NVD CVE-2022-50211 at SUSE CVE-2022-50211 at NVD CVE-2022-50212 at SUSE CVE-2022-50212 at NVD CVE-2022-50213 at SUSE CVE-2022-50213 at NVD CVE-2022-50215 at SUSE CVE-2022-50215 at NVD CVE-2022-50218 at SUSE CVE-2022-50218 at NVD CVE-2022-50220 at SUSE CVE-2022-50220 at NVD CVE-2022-50222 at SUSE CVE-2022-50222 at NVD CVE-2022-50229 at SUSE CVE-2022-50229 at NVD CVE-2022-50231 at SUSE CVE-2022-50231 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) Important SUSE bug 1238896 SUSE bug 1244644 SUSE bug 1246112 CVE-2024-36350 at SUSE CVE-2024-36350 at NVD CVE-2024-36357 at SUSE CVE-2024-36357 at NVD CVE-2025-27465 at SUSE CVE-2025-27465 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147). - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119). - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1199487 SUSE bug 1201160 SUSE bug 1201956 SUSE bug 1202095 SUSE bug 1202564 SUSE bug 1202716 SUSE bug 1202810 SUSE bug 1202860 SUSE bug 1205220 SUSE bug 1205514 SUSE bug 1206664 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1211226 SUSE bug 1212051 SUSE bug 1218184 SUSE bug 1224095 SUSE bug 1225820 SUSE bug 1226514 SUSE bug 1228659 SUSE bug 1230827 SUSE bug 1231293 SUSE bug 1232504 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1235637 SUSE bug 1237159 SUSE bug 1237312 SUSE bug 1237313 SUSE bug 1238303 SUSE bug 1238471 SUSE bug 1238570 SUSE bug 1239986 SUSE bug 1240785 SUSE bug 1241038 SUSE bug 1242414 SUSE bug 1242504 SUSE bug 1242924 SUSE bug 1243001 SUSE bug 1243330 SUSE bug 1243543 SUSE bug 1243627 SUSE bug 1243832 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244277 SUSE bug 1244337 SUSE bug 1244764 SUSE bug 1244767 SUSE bug 1244770 SUSE bug 1244771 SUSE bug 1244773 SUSE bug 1244774 SUSE bug 1244776 SUSE bug 1244779 SUSE bug 1244782 SUSE bug 1244783 SUSE bug 1244786 SUSE bug 1244788 SUSE bug 1244790 SUSE bug 1244793 SUSE bug 1244794 SUSE bug 1244796 SUSE bug 1244797 SUSE bug 1244804 SUSE bug 1244813 SUSE bug 1244815 SUSE bug 1244816 SUSE bug 1244825 SUSE bug 1244834 SUSE bug 1244836 SUSE bug 1244838 SUSE bug 1244839 SUSE bug 1244841 SUSE bug 1244842 SUSE bug 1244845 SUSE bug 1244848 SUSE bug 1244849 SUSE bug 1244851 SUSE bug 1244853 SUSE bug 1244856 SUSE bug 1244861 SUSE bug 1244867 SUSE bug 1244868 SUSE bug 1244869 SUSE bug 1244881 SUSE bug 1244883 SUSE bug 1244884 SUSE bug 1244885 SUSE bug 1244886 SUSE bug 1244887 SUSE bug 1244899 SUSE bug 1244901 SUSE bug 1244902 SUSE bug 1244908 SUSE bug 1244936 SUSE bug 1244941 SUSE bug 1244943 SUSE bug 1244945 SUSE bug 1244948 SUSE bug 1244950 SUSE bug 1244956 SUSE bug 1244958 SUSE bug 1244959 SUSE bug 1244967 SUSE bug 1244968 SUSE bug 1244969 SUSE bug 1244976 SUSE bug 1244979 SUSE bug 1244984 SUSE bug 1244986 SUSE bug 1244992 SUSE bug 1245006 SUSE bug 1245007 SUSE bug 1245024 SUSE bug 1245031 SUSE bug 1245033 SUSE bug 1245041 SUSE bug 1245047 SUSE bug 1245051 SUSE bug 1245057 SUSE bug 1245058 SUSE bug 1245072 SUSE bug 1245073 SUSE bug 1245098 SUSE bug 1245103 SUSE bug 1245117 SUSE bug 1245119 SUSE bug 1245121 SUSE bug 1245122 SUSE bug 1245125 SUSE bug 1245129 SUSE bug 1245131 SUSE bug 1245135 SUSE bug 1245136 SUSE bug 1245138 SUSE bug 1245139 SUSE bug 1245140 SUSE bug 1245146 SUSE bug 1245147 SUSE bug 1245149 SUSE bug 1245183 SUSE bug 1245195 SUSE bug 1245265 SUSE bug 1245348 SUSE bug 1245455 CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD CVE-2022-49934 at SUSE CVE-2022-49934 at NVD CVE-2022-49936 at SUSE CVE-2022-49936 at NVD CVE-2022-49937 at SUSE CVE-2022-49937 at NVD CVE-2022-49942 at SUSE CVE-2022-49942 at NVD CVE-2022-49945 at SUSE CVE-2022-49945 at NVD CVE-2022-49948 at SUSE CVE-2022-49948 at NVD CVE-2022-49950 at SUSE CVE-2022-49950 at NVD CVE-2022-49952 at SUSE CVE-2022-49952 at NVD CVE-2022-49954 at SUSE CVE-2022-49954 at NVD CVE-2022-49956 at SUSE CVE-2022-49956 at NVD CVE-2022-49968 at SUSE CVE-2022-49968 at NVD CVE-2022-49977 at SUSE CVE-2022-49977 at NVD CVE-2022-49978 at SUSE CVE-2022-49978 at NVD CVE-2022-49981 at SUSE CVE-2022-49981 at NVD CVE-2022-49984 at SUSE CVE-2022-49984 at NVD CVE-2022-49985 at SUSE CVE-2022-49985 at NVD CVE-2022-49986 at SUSE CVE-2022-49986 at NVD CVE-2022-49987 at SUSE CVE-2022-49987 at NVD CVE-2022-49989 at SUSE CVE-2022-49989 at NVD CVE-2022-49990 at SUSE CVE-2022-49990 at NVD CVE-2022-49993 at SUSE CVE-2022-49993 at NVD CVE-2022-50010 at SUSE CVE-2022-50010 at NVD CVE-2022-50012 at SUSE CVE-2022-50012 at NVD CVE-2022-50019 at SUSE CVE-2022-50019 at NVD CVE-2022-50020 at SUSE CVE-2022-50020 at NVD CVE-2022-50022 at SUSE CVE-2022-50022 at NVD CVE-2022-50027 at SUSE CVE-2022-50027 at NVD CVE-2022-50028 at SUSE CVE-2022-50028 at NVD CVE-2022-50029 at SUSE CVE-2022-50029 at NVD CVE-2022-50030 at SUSE CVE-2022-50030 at NVD CVE-2022-50032 at SUSE CVE-2022-50032 at NVD CVE-2022-50033 at SUSE CVE-2022-50033 at NVD CVE-2022-50036 at SUSE CVE-2022-50036 at NVD CVE-2022-50038 at SUSE CVE-2022-50038 at NVD CVE-2022-50045 at SUSE CVE-2022-50045 at NVD CVE-2022-50051 at SUSE CVE-2022-50051 at NVD CVE-2022-50059 at SUSE CVE-2022-50059 at NVD CVE-2022-50061 at SUSE CVE-2022-50061 at NVD CVE-2022-50065 at SUSE CVE-2022-50065 at NVD CVE-2022-50067 at SUSE CVE-2022-50067 at NVD CVE-2022-50072 at SUSE CVE-2022-50072 at NVD CVE-2022-50083 at SUSE CVE-2022-50083 at NVD CVE-2022-50084 at SUSE CVE-2022-50084 at NVD CVE-2022-50085 at SUSE CVE-2022-50085 at NVD CVE-2022-50087 at SUSE CVE-2022-50087 at NVD CVE-2022-50091 at SUSE CVE-2022-50091 at NVD CVE-2022-50092 at SUSE CVE-2022-50092 at NVD CVE-2022-50093 at SUSE CVE-2022-50093 at NVD CVE-2022-50094 at SUSE CVE-2022-50094 at NVD CVE-2022-50097 at SUSE CVE-2022-50097 at NVD CVE-2022-50098 at SUSE CVE-2022-50098 at NVD CVE-2022-50099 at SUSE CVE-2022-50099 at NVD CVE-2022-50101 at SUSE CVE-2022-50101 at NVD CVE-2022-50102 at SUSE CVE-2022-50102 at NVD CVE-2022-50104 at SUSE CVE-2022-50104 at NVD CVE-2022-50108 at SUSE CVE-2022-50108 at NVD CVE-2022-50109 at SUSE CVE-2022-50109 at NVD CVE-2022-50118 at SUSE CVE-2022-50118 at NVD CVE-2022-50124 at SUSE CVE-2022-50124 at NVD CVE-2022-50126 at SUSE CVE-2022-50126 at NVD CVE-2022-50127 at SUSE CVE-2022-50127 at NVD CVE-2022-50136 at SUSE CVE-2022-50136 at NVD CVE-2022-50138 at SUSE CVE-2022-50138 at NVD CVE-2022-50140 at SUSE CVE-2022-50140 at NVD CVE-2022-50141 at SUSE CVE-2022-50141 at NVD CVE-2022-50142 at SUSE CVE-2022-50142 at NVD CVE-2022-50143 at SUSE CVE-2022-50143 at NVD CVE-2022-50146 at SUSE CVE-2022-50146 at NVD CVE-2022-50149 at SUSE CVE-2022-50149 at NVD CVE-2022-50152 at SUSE CVE-2022-50152 at NVD CVE-2022-50153 at SUSE CVE-2022-50153 at NVD CVE-2022-50156 at SUSE CVE-2022-50156 at NVD CVE-2022-50158 at SUSE CVE-2022-50158 at NVD CVE-2022-50160 at SUSE CVE-2022-50160 at NVD CVE-2022-50161 at SUSE CVE-2022-50161 at NVD CVE-2022-50162 at SUSE CVE-2022-50162 at NVD CVE-2022-50164 at SUSE CVE-2022-50164 at NVD CVE-2022-50165 at SUSE CVE-2022-50165 at NVD CVE-2022-50169 at SUSE CVE-2022-50169 at NVD CVE-2022-50172 at SUSE CVE-2022-50172 at NVD CVE-2022-50173 at SUSE CVE-2022-50173 at NVD CVE-2022-50176 at SUSE CVE-2022-50176 at NVD CVE-2022-50179 at SUSE CVE-2022-50179 at NVD CVE-2022-50181 at SUSE CVE-2022-50181 at NVD CVE-2022-50185 at SUSE CVE-2022-50185 at NVD CVE-2022-50191 at SUSE CVE-2022-50191 at NVD CVE-2022-50200 at SUSE CVE-2022-50200 at NVD CVE-2022-50209 at SUSE CVE-2022-50209 at NVD CVE-2022-50211 at SUSE CVE-2022-50211 at NVD CVE-2022-50212 at SUSE CVE-2022-50212 at NVD CVE-2022-50213 at SUSE CVE-2022-50213 at NVD CVE-2022-50215 at SUSE CVE-2022-50215 at NVD CVE-2022-50218 at SUSE CVE-2022-50218 at NVD CVE-2022-50220 at SUSE CVE-2022-50220 at NVD CVE-2022-50222 at SUSE CVE-2022-50222 at NVD CVE-2022-50229 at SUSE CVE-2022-50229 at NVD CVE-2022-50231 at SUSE CVE-2022-50231 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for coreutils fixes the following issues: Security fixes: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) Other fixes: - ls: avoid triggering automounts (bsc#1221632) - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) Moderate SUSE bug 1219321 SUSE bug 1221632 SUSE bug 1243767 CVE-2025-5278 at SUSE CVE-2025-5278 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). Moderate SUSE bug 1243450 CVE-2024-23337 at SUSE CVE-2024-23337 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) Important SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 SUSE bug 1244061 SUSE bug 1244705 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4435 at SUSE CVE-2025-4435 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD CVE-2025-6069 at SUSE CVE-2025-6069 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472) Important SUSE bug 1246472 CVE-2025-7519 at SUSE CVE-2025-7519 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation (bsc#1244561) - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564) - CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565) - CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566) - CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567) - CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568) - CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570) - CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571) - CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572) - CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574) - CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575) - CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268) - Other bugs fixed: - Added subsystem filter to udev.exportdb (bsc#1236621) - Fixed Ubuntu 24.04 test failures - Fixed refresh of osrelease and related grains on Python 3.10+ - Fixed issue requiring proper Python flavor for dependencies Important SUSE bug 1236621 SUSE bug 1243268 SUSE bug 1244561 SUSE bug 1244564 SUSE bug 1244565 SUSE bug 1244566 SUSE bug 1244567 SUSE bug 1244568 SUSE bug 1244570 SUSE bug 1244571 SUSE bug 1244572 SUSE bug 1244574 SUSE bug 1244575 CVE-2024-38822 at SUSE CVE-2024-38822 at NVD CVE-2024-38823 at SUSE CVE-2024-38823 at NVD CVE-2024-38824 at SUSE CVE-2024-38824 at NVD CVE-2024-38825 at SUSE CVE-2024-38825 at NVD CVE-2025-22236 at SUSE CVE-2025-22236 at NVD CVE-2025-22237 at SUSE CVE-2025-22237 at NVD CVE-2025-22238 at SUSE CVE-2025-22238 at NVD CVE-2025-22239 at SUSE CVE-2025-22239 at NVD CVE-2025-22240 at SUSE CVE-2025-22240 at NVD CVE-2025-22241 at SUSE CVE-2025-22241 at NVD CVE-2025-22242 at SUSE CVE-2025-22242 at NVD CVE-2025-47287 at SUSE CVE-2025-47287 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) Important SUSE bug 1245936 CVE-2016-9840 at SUSE CVE-2016-9840 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) Important SUSE bug 1246232 SUSE bug 1246267 SUSE bug 1246299 CVE-2025-32988 at SUSE CVE-2025-32988 at NVD CVE-2025-32990 at SUSE CVE-2025-32990 at NVD CVE-2025-6395 at SUSE CVE-2025-6395 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) Important SUSE bug 1246296 CVE-2025-7425 at SUSE CVE-2025-7425 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) Important SUSE bug 1246597 CVE-2025-6965 at SUSE CVE-2025-6965 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Moderate SUSE bug 1234959 CVE-2024-56738 at SUSE CVE-2024-56738 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) Moderate SUSE bug 1245573 CVE-2025-6297 at SUSE CVE-2025-6297 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). Moderate SUSE bug 1221107 CVE-2024-2236 at SUSE CVE-2024-2236 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). Moderate SUSE bug 1247249 CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). Other bugfixes: - Fixed ping on s390x that printed invalid ttl (bsc#1243284). Moderate SUSE bug 1243284 SUSE bug 1243772 CVE-2025-48964 at SUSE CVE-2025-48964 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) Important SUSE bug 1245320 CVE-2025-6032 at SUSE CVE-2025-6032 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50211: md-raid10: fix KASAN warning (bsc#1245140). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). Important SUSE bug 1210629 SUSE bug 1233551 SUSE bug 1234863 SUSE bug 1236104 SUSE bug 1236333 SUSE bug 1239644 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1245140 SUSE bug 1245217 SUSE bug 1245711 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246029 SUSE bug 1246037 SUSE bug 1246045 SUSE bug 1246186 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 CVE-2022-50211 at SUSE CVE-2022-50211 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). Important SUSE bug 1233551 SUSE bug 1234863 SUSE bug 1236333 SUSE bug 1239644 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1245217 SUSE bug 1245711 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246029 SUSE bug 1246037 SUSE bug 1246045 SUSE bug 1246186 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-Jinja2 fixes the following issues: - CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809) Important SUSE bug 1234809 CVE-2024-56326 at SUSE CVE-2024-56326 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) Moderate SUSE bug 1246556 SUSE bug 1247367 CVE-2025-54388 at SUSE CVE-2025-54388 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) Moderate SUSE bug 1244116 CVE-2025-48060 at SUSE CVE-2025-48060 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) Moderate SUSE bug 1232234 SUSE bug 1246221 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) Moderate SUSE bug 1244925 CVE-2025-50181 at SUSE CVE-2025-50181 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ignition fixes the following issues: - CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input (bsc#1248548) Moderate SUSE bug 1248548 CVE-2022-28948 at SUSE CVE-2022-28948 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) Important SUSE bug 1236460 CVE-2022-49043 at SUSE CVE-2022-49043 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124) Important SUSE bug 1248124 CVE-2025-50817 at SUSE CVE-2025-50817 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. - CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access - CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Update for functional issues. - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5 | GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6 | ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3 | LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor | MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. Important SUSE bug 1248438 CVE-2025-20053 at SUSE CVE-2025-20053 at NVD CVE-2025-20109 at SUSE CVE-2025-20109 at NVD CVE-2025-22839 at SUSE CVE-2025-22839 at NVD CVE-2025-22840 at SUSE CVE-2025-22840 at NVD CVE-2025-22889 at SUSE CVE-2025-22889 at NVD CVE-2025-26403 at SUSE CVE-2025-26403 at NVD CVE-2025-32086 at SUSE CVE-2025-32086 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in `krb5.conf`: ``` [libdefaults] allow_des3 = true allow_rc4 = true ``` Moderate SUSE bug 1241219 CVE-2025-3576 at SUSE CVE-2025-3576 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Update to version 9.1.1629. - CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604). - CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602). - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938). - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939). Moderate SUSE bug 1246602 SUSE bug 1246604 SUSE bug 1247938 SUSE bug 1247939 CVE-2025-53905 at SUSE CVE-2025-53905 at NVD CVE-2025-53906 at SUSE CVE-2025-53906 at NVD CVE-2025-55157 at SUSE CVE-2025-55157 at NVD CVE-2025-55158 at SUSE CVE-2025-55158 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. Moderate SUSE bug 1243581 SUSE bug 1246608 SUSE bug 1248410 SUSE bug 1248687 SUSE bug 142461 CVE-2025-46836 at SUSE CVE-2025-46836 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. Important SUSE bug 1246197 SUSE bug 1249191 SUSE bug 1249348 SUSE bug 1249367 CVE-2025-10148 at SUSE CVE-2025-10148 at NVD CVE-2025-9086 at SUSE CVE-2025-9086 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954). - CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - Disable N_GSM (jsc#PED-8240). Important SUSE bug 1199657 SUSE bug 1229334 SUSE bug 1238954 SUSE bug 1240799 SUSE bug 1241433 SUSE bug 1242780 SUSE bug 1243278 SUSE bug 1244824 SUSE bug 1245970 SUSE bug 1246073 SUSE bug 1246473 SUSE bug 1246781 SUSE bug 1246911 SUSE bug 1247143 SUSE bug 1247314 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247518 SUSE bug 1247976 SUSE bug 1248223 SUSE bug 1248306 SUSE bug 1248338 SUSE bug 1248511 SUSE bug 1248614 SUSE bug 1248621 SUSE bug 1248748 CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-49492 at SUSE CVE-2022-49492 at NVD CVE-2022-50116 at SUSE CVE-2022-50116 at NVD CVE-2023-53117 at SUSE CVE-2023-53117 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954). - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - Disable N_GSM (bsc#1244824 jsc#PED-8240). - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). Important SUSE bug 1229334 SUSE bug 1238954 SUSE bug 1240799 SUSE bug 1241433 SUSE bug 1242780 SUSE bug 1243278 SUSE bug 1244824 SUSE bug 1245970 SUSE bug 1246073 SUSE bug 1246473 SUSE bug 1246781 SUSE bug 1246911 SUSE bug 1247143 SUSE bug 1247314 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247518 SUSE bug 1247976 SUSE bug 1248223 SUSE bug 1248306 SUSE bug 1248338 SUSE bug 1248511 SUSE bug 1248614 SUSE bug 1248621 SUSE bug 1248748 CVE-2022-49492 at SUSE CVE-2022-49492 at NVD CVE-2022-50116 at SUSE CVE-2022-50116 at NVD CVE-2023-53117 at SUSE CVE-2023-53117 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). Important SUSE bug 1250373 CVE-2025-41244 at SUSE CVE-2025-41244 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). Important SUSE bug 1250232 CVE-2025-9230 at SUSE CVE-2025-9230 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518) Moderate SUSE bug 1236518 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxslt fixes the following issues: - CVE-2025-10911: fixed use-after-free with key data stored cross-RVT (bsc#1250553) Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2025-9566: fixed an issue where kube play command could cause host files to get overwritten (bsc#1249154) Important SUSE bug 1249154 CVE-2025-9566 at SUSE CVE-2025-9566 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). Important SUSE bug 1249584 CVE-2025-59375 at SUSE CVE-2025-59375 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) Moderate SUSE bug 1226463 SUSE bug 1236136 CVE-2024-13176 at SUSE CVE-2024-13176 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxslt fixes the following issues: - last fix caused a regression, patch was temporary disabled [bsc#1250553] Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947). - CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257). - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301). - CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140). - CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - use uniform permission checks for all mount propagation changes (git-fixes). Important SUSE bug 1202700 SUSE bug 1203063 SUSE bug 1203332 SUSE bug 1204228 SUSE bug 1205128 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1209287 SUSE bug 1209291 SUSE bug 1210124 SUSE bug 1210584 SUSE bug 1213061 SUSE bug 1213666 SUSE bug 1215150 SUSE bug 1216976 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1240784 SUSE bug 1241353 SUSE bug 1243278 SUSE bug 1244337 SUSE bug 1245110 SUSE bug 1245956 SUSE bug 1246879 SUSE bug 1246968 SUSE bug 1247172 SUSE bug 1247239 SUSE bug 1248108 SUSE bug 1248255 SUSE bug 1248399 SUSE bug 1248628 SUSE bug 1248847 SUSE bug 1249186 SUSE bug 1249200 SUSE bug 1249220 SUSE bug 1249346 SUSE bug 1249538 SUSE bug 1249604 SUSE bug 1249664 SUSE bug 1249667 SUSE bug 1249700 SUSE bug 1249713 SUSE bug 1249716 SUSE bug 1249718 SUSE bug 1249734 SUSE bug 1249740 SUSE bug 1249743 SUSE bug 1249747 SUSE bug 1249808 SUSE bug 1249825 SUSE bug 1249827 SUSE bug 1249840 SUSE bug 1249846 SUSE bug 1249880 SUSE bug 1249885 SUSE bug 1249908 SUSE bug 1249918 SUSE bug 1249923 SUSE bug 1249930 SUSE bug 1249947 SUSE bug 1249949 SUSE bug 1250002 SUSE bug 1250009 SUSE bug 1250014 SUSE bug 1250041 SUSE bug 1250131 SUSE bug 1250132 SUSE bug 1250140 SUSE bug 1250180 SUSE bug 1250183 SUSE bug 1250187 SUSE bug 1250257 SUSE bug 1250269 SUSE bug 1250277 SUSE bug 1250301 SUSE bug 1250313 SUSE bug 1250391 SUSE bug 1250392 SUSE bug 1250394 SUSE bug 1250522 SUSE bug 1250764 SUSE bug 1250767 SUSE bug 1250774 SUSE bug 1250787 SUSE bug 1250790 SUSE bug 1250797 SUSE bug 1250799 SUSE bug 1250823 SUSE bug 1250847 SUSE bug 1250850 SUSE bug 1250853 SUSE bug 1250868 SUSE bug 1250890 SUSE bug 1250891 CVE-2021-4460 at SUSE CVE-2021-4460 at NVD CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-49980 at SUSE CVE-2022-49980 at NVD CVE-2022-50233 at SUSE CVE-2022-50233 at NVD CVE-2022-50234 at SUSE CVE-2022-50234 at NVD CVE-2022-50235 at SUSE CVE-2022-50235 at NVD CVE-2022-50248 at SUSE CVE-2022-50248 at NVD CVE-2022-50249 at SUSE CVE-2022-50249 at NVD CVE-2022-50252 at SUSE CVE-2022-50252 at NVD CVE-2022-50257 at SUSE CVE-2022-50257 at NVD CVE-2022-50258 at SUSE CVE-2022-50258 at NVD CVE-2022-50260 at SUSE CVE-2022-50260 at NVD CVE-2022-50271 at SUSE CVE-2022-50271 at NVD CVE-2022-50272 at SUSE CVE-2022-50272 at NVD CVE-2022-50299 at SUSE CVE-2022-50299 at NVD CVE-2022-50309 at SUSE CVE-2022-50309 at NVD CVE-2022-50312 at SUSE CVE-2022-50312 at NVD CVE-2022-50317 at SUSE CVE-2022-50317 at NVD CVE-2022-50330 at SUSE CVE-2022-50330 at NVD CVE-2022-50344 at SUSE CVE-2022-50344 at NVD CVE-2022-50355 at SUSE CVE-2022-50355 at NVD CVE-2022-50359 at SUSE CVE-2022-50359 at NVD CVE-2022-50367 at SUSE CVE-2022-50367 at NVD CVE-2022-50368 at SUSE CVE-2022-50368 at NVD CVE-2022-50375 at SUSE CVE-2022-50375 at NVD CVE-2022-50381 at SUSE CVE-2022-50381 at NVD CVE-2022-50385 at SUSE CVE-2022-50385 at NVD CVE-2022-50386 at SUSE CVE-2022-50386 at NVD CVE-2022-50401 at SUSE CVE-2022-50401 at NVD CVE-2022-50408 at SUSE CVE-2022-50408 at NVD CVE-2022-50409 at SUSE CVE-2022-50409 at NVD CVE-2022-50410 at SUSE CVE-2022-50410 at NVD CVE-2022-50414 at SUSE CVE-2022-50414 at NVD CVE-2022-50419 at SUSE CVE-2022-50419 at NVD CVE-2022-50422 at SUSE CVE-2022-50422 at NVD CVE-2022-50427 at SUSE CVE-2022-50427 at NVD CVE-2022-50431 at SUSE CVE-2022-50431 at NVD CVE-2022-50435 at SUSE CVE-2022-50435 at NVD CVE-2022-50437 at SUSE CVE-2022-50437 at NVD CVE-2022-50440 at SUSE CVE-2022-50440 at NVD CVE-2022-50444 at SUSE CVE-2022-50444 at NVD CVE-2022-50454 at SUSE CVE-2022-50454 at NVD CVE-2022-50458 at SUSE CVE-2022-50458 at NVD CVE-2022-50459 at SUSE CVE-2022-50459 at NVD CVE-2022-50467 at SUSE CVE-2022-50467 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53178 at SUSE CVE-2023-53178 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53213 at SUSE CVE-2023-53213 at NVD CVE-2023-53265 at SUSE CVE-2023-53265 at NVD CVE-2023-53273 at SUSE CVE-2023-53273 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53464 at SUSE CVE-2023-53464 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947). - CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257). - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301). - CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140). - CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - git_sort: Make tests independent of environment. - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - scripts/python/kss-dashboard: attempt getting smash data - scripts/python/kss-dashboard: fetch into repos if stale - scripts/python/kss-dashboard: implement CVSSv3.1 score consistency check - scripts/python/kss-dashboard: prepare for the alternative CVE branch - scripts/python/kss-dashboard: simplify control flow - scripts/python/kss-dashboard: speed up patch checking a bit - scripts/python/kss-dashboard: use decorator to handle exceptions - scripts/tar-up: Remove mkspec only affter running it. - scripts: Import arch-symbols script from packaging - scripts: Import guards script from packaging - scripts: test_linux_git.py: Do not complain about missing cwd - sequence-patch: Use arch-symbols - suse_git/header: Complain about patch filenames over 100 characters. - tar-up: Also sort generated tar archives - tar-up: Handle multiple levels of symlinks - tar-up: Normalize file modes to ones supported by git - tar-up: Remove mkspec and its inputs as from target directory (bsc#1250522). - tar-up: Remove the $build_dir prefix when in $build_dir - tar-up: Set owner of files in generated tar archives to root rather than nobody - tar_up: Handle symlinks in rpm directory - use uniform permission checks for all mount propagation changes (git-fixes). Important SUSE bug 1202700 SUSE bug 1203063 SUSE bug 1203332 SUSE bug 1204228 SUSE bug 1205128 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1209287 SUSE bug 1209291 SUSE bug 1210124 SUSE bug 1210584 SUSE bug 1213061 SUSE bug 1213666 SUSE bug 1215150 SUSE bug 1216976 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1233640 SUSE bug 1240784 SUSE bug 1241353 SUSE bug 1243278 SUSE bug 1244337 SUSE bug 1244729 SUSE bug 1245110 SUSE bug 1245956 SUSE bug 1245963 SUSE bug 1246879 SUSE bug 1246968 SUSE bug 1247172 SUSE bug 1247239 SUSE bug 1248108 SUSE bug 1248255 SUSE bug 1248399 SUSE bug 1248628 SUSE bug 1248847 SUSE bug 1249186 SUSE bug 1249200 SUSE bug 1249220 SUSE bug 1249346 SUSE bug 1249538 SUSE bug 1249604 SUSE bug 1249664 SUSE bug 1249667 SUSE bug 1249700 SUSE bug 1249713 SUSE bug 1249716 SUSE bug 1249718 SUSE bug 1249734 SUSE bug 1249740 SUSE bug 1249743 SUSE bug 1249747 SUSE bug 1249808 SUSE bug 1249825 SUSE bug 1249827 SUSE bug 1249840 SUSE bug 1249846 SUSE bug 1249880 SUSE bug 1249885 SUSE bug 1249908 SUSE bug 1249918 SUSE bug 1249923 SUSE bug 1249930 SUSE bug 1249947 SUSE bug 1249949 SUSE bug 1250002 SUSE bug 1250009 SUSE bug 1250014 SUSE bug 1250041 SUSE bug 1250131 SUSE bug 1250132 SUSE bug 1250140 SUSE bug 1250180 SUSE bug 1250183 SUSE bug 1250187 SUSE bug 1250189 SUSE bug 1250257 SUSE bug 1250269 SUSE bug 1250277 SUSE bug 1250301 SUSE bug 1250313 SUSE bug 1250337 SUSE bug 1250391 SUSE bug 1250392 SUSE bug 1250394 SUSE bug 1250522 SUSE bug 1250764 SUSE bug 1250767 SUSE bug 1250774 SUSE bug 1250787 SUSE bug 1250790 SUSE bug 1250797 SUSE bug 1250799 SUSE bug 1250823 SUSE bug 1250847 SUSE bug 1250850 SUSE bug 1250853 SUSE bug 1250868 SUSE bug 1250890 SUSE bug 1250891 CVE-2021-4460 at SUSE CVE-2021-4460 at NVD CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-49980 at SUSE CVE-2022-49980 at NVD CVE-2022-50233 at SUSE CVE-2022-50233 at NVD CVE-2022-50234 at SUSE CVE-2022-50234 at NVD CVE-2022-50235 at SUSE CVE-2022-50235 at NVD CVE-2022-50248 at SUSE CVE-2022-50248 at NVD CVE-2022-50249 at SUSE CVE-2022-50249 at NVD CVE-2022-50252 at SUSE CVE-2022-50252 at NVD CVE-2022-50257 at SUSE CVE-2022-50257 at NVD CVE-2022-50258 at SUSE CVE-2022-50258 at NVD CVE-2022-50260 at SUSE CVE-2022-50260 at NVD CVE-2022-50271 at SUSE CVE-2022-50271 at NVD CVE-2022-50272 at SUSE CVE-2022-50272 at NVD CVE-2022-50299 at SUSE CVE-2022-50299 at NVD CVE-2022-50309 at SUSE CVE-2022-50309 at NVD CVE-2022-50312 at SUSE CVE-2022-50312 at NVD CVE-2022-50317 at SUSE CVE-2022-50317 at NVD CVE-2022-50330 at SUSE CVE-2022-50330 at NVD CVE-2022-50344 at SUSE CVE-2022-50344 at NVD CVE-2022-50355 at SUSE CVE-2022-50355 at NVD CVE-2022-50359 at SUSE CVE-2022-50359 at NVD CVE-2022-50367 at SUSE CVE-2022-50367 at NVD CVE-2022-50368 at SUSE CVE-2022-50368 at NVD CVE-2022-50375 at SUSE CVE-2022-50375 at NVD CVE-2022-50381 at SUSE CVE-2022-50381 at NVD CVE-2022-50385 at SUSE CVE-2022-50385 at NVD CVE-2022-50386 at SUSE CVE-2022-50386 at NVD CVE-2022-50401 at SUSE CVE-2022-50401 at NVD CVE-2022-50408 at SUSE CVE-2022-50408 at NVD CVE-2022-50409 at SUSE CVE-2022-50409 at NVD CVE-2022-50410 at SUSE CVE-2022-50410 at NVD CVE-2022-50412 at SUSE CVE-2022-50412 at NVD CVE-2022-50414 at SUSE CVE-2022-50414 at NVD CVE-2022-50419 at SUSE CVE-2022-50419 at NVD CVE-2022-50422 at SUSE CVE-2022-50422 at NVD CVE-2022-50427 at SUSE CVE-2022-50427 at NVD CVE-2022-50431 at SUSE CVE-2022-50431 at NVD CVE-2022-50435 at SUSE CVE-2022-50435 at NVD CVE-2022-50437 at SUSE CVE-2022-50437 at NVD CVE-2022-50440 at SUSE CVE-2022-50440 at NVD CVE-2022-50444 at SUSE CVE-2022-50444 at NVD CVE-2022-50454 at SUSE CVE-2022-50454 at NVD CVE-2022-50458 at SUSE CVE-2022-50458 at NVD CVE-2022-50459 at SUSE CVE-2022-50459 at NVD CVE-2022-50467 at SUSE CVE-2022-50467 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53178 at SUSE CVE-2023-53178 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53213 at SUSE CVE-2023-53213 at NVD CVE-2023-53220 at SUSE CVE-2023-53220 at NVD CVE-2023-53265 at SUSE CVE-2023-53265 at NVD CVE-2023-53273 at SUSE CVE-2023-53273 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53464 at SUSE CVE-2023-53464 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-53093 at SUSE CVE-2024-53093 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-38011 at SUSE CVE-2025-38011 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38216 at SUSE CVE-2025-38216 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Moderate SUSE bug 1236588 SUSE bug 1236590 CVE-2025-0167 at SUSE CVE-2025-0167 at NVD CVE-2025-0725 at SUSE CVE-2025-0725 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for protobuf fixes the following issues: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to a `RecursionError` (bsc#1244663). Moderate SUSE bug 1244663 CVE-2025-4565 at SUSE CVE-2025-4565 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function that could cause a denial of service (bsc#1251979) Important SUSE bug 1251979 CVE-2025-11731 at SUSE CVE-2025-11731 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1. Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Important SUSE bug 1251263 CVE-2025-9187 at SUSE CVE-2025-9187 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). Moderate SUSE bug 1246974 SUSE bug 1249375 CVE-2025-8114 at SUSE CVE-2025-8114 at NVD CVE-2025-8277 at SUSE CVE-2025-8277 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376) - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376) - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376) Other fixes: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) Important SUSE bug 1248988 SUSE bug 1252376 SUSE bug 1252543 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Moderate SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) Important SUSE bug 1236878 CVE-2024-12133 at SUSE CVE-2024-12133 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) Low SUSE bug 1236282 CVE-2025-0395 at SUSE CVE-2025-0395 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250211 release (bsc#1237096) - CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access. - CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability. - CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability. - CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E | EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13 | RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11 | SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E ### New Disclosures Updated in Prior Releases | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Moderate SUSE bug 1237096 CVE-2024-31068 at SUSE CVE-2024-31068 at NVD CVE-2024-36293 at SUSE CVE-2024-36293 at NVD CVE-2024-37020 at SUSE CVE-2024-37020 at NVD CVE-2024-39355 at SUSE CVE-2024-39355 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). Moderate SUSE bug 1237040 CVE-2025-26465 at SUSE CVE-2025-26465 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for qemu fixes the following issues: - CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915). - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007). - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845). Other fixes: - Fix ipxe build with new binutils (bsc#1219733, bsc#1219722). Important SUSE bug 1219722 SUSE bug 1219733 SUSE bug 1222845 SUSE bug 1229007 SUSE bug 1230915 CVE-2024-3447 at SUSE CVE-2024-3447 at NVD CVE-2024-7409 at SUSE CVE-2024-7409 at NVD CVE-2024-8612 at SUSE CVE-2024-8612 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for pam_pkcs11 fixes the following issues: - CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062). - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058). Moderate SUSE bug 1237058 SUSE bug 1237062 CVE-2025-24031 at SUSE CVE-2025-24031 at NVD CVE-2025-24032 at SUSE CVE-2025-24032 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). Moderate SUSE bug 1229685 SUSE bug 1229822 SUSE bug 1230078 SUSE bug 1235695 SUSE bug 1236151 SUSE bug 1237137 CVE-2024-43790 at SUSE CVE-2024-43790 at NVD CVE-2024-43802 at SUSE CVE-2024-43802 at NVD CVE-2024-45306 at SUSE CVE-2024-45306 at NVD CVE-2025-1215 at SUSE CVE-2025-1215 at NVD CVE-2025-22134 at SUSE CVE-2025-22134 at NVD CVE-2025-24014 at SUSE CVE-2025-24014 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). Moderate SUSE bug 1236974 CVE-2024-12243 at SUSE CVE-2024-12243 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). Important SUSE bug 1214290 SUSE bug 1236842 CVE-2023-4016 at SUSE CVE-2023-4016 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages. (bsc#1218879) - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880) - CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881) - CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882) - CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883) - CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message. (bsc#1218884) - CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message. (bsc#1218885) Important SUSE bug 1218879 SUSE bug 1218880 SUSE bug 1218881 SUSE bug 1218882 SUSE bug 1218883 SUSE bug 1218884 SUSE bug 1218885 CVE-2023-45229 at SUSE CVE-2023-45229 at NVD CVE-2023-45230 at SUSE CVE-2023-45230 at NVD CVE-2023-45231 at SUSE CVE-2023-45231 at NVD CVE-2023-45232 at SUSE CVE-2023-45232 at NVD CVE-2023-45233 at SUSE CVE-2023-45233 at NVD CVE-2023-45234 at SUSE CVE-2023-45234 at NVD CVE-2023-45235 at SUSE CVE-2023-45235 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847, bsc#1231847, bsc#1237389). - NFS: Reduce readdir stack usage (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847). Important SUSE bug 1215420 SUSE bug 1224763 SUSE bug 1231847 SUSE bug 1233112 SUSE bug 1234025 SUSE bug 1235217 SUSE bug 1235230 SUSE bug 1235249 SUSE bug 1235430 SUSE bug 1235441 SUSE bug 1235466 SUSE bug 1235645 SUSE bug 1235759 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235920 SUSE bug 1236104 SUSE bug 1237389 CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for podman fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641) - CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698) - CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499) - CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208) - CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) - CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677) - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270) - CVE-2024-6104: Fixed hashicorp/go-retryablehttp writing sensitive information to log files (bsc#1227052) - CVE-2023-45288: Fixed golang.org/x/net/http2 excessive resource consumption when receiving too many headers (bsc#1236507) - Load ip_tables and ip6_tables kernel module (bsc#1214612) * Required for rootless mode as a regular user has no permission to load kernel modules - Refactor network backend dependencies: * podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. * This fixes missing cni-plugins in some scenarios * Default to netavark everywhere where it's available Important SUSE bug 1214612 SUSE bug 1215807 SUSE bug 1215926 SUSE bug 1217828 SUSE bug 1221677 SUSE bug 1227052 SUSE bug 1231208 SUSE bug 1231230 SUSE bug 1231499 SUSE bug 1231698 SUSE bug 1236270 SUSE bug 1236507 SUSE bug 1237641 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-11218 at SUSE CVE-2024-11218 at NVD CVE-2024-1753 at SUSE CVE-2024-1753 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2024-9341 at SUSE CVE-2024-9341 at NVD CVE-2024-9407 at SUSE CVE-2024-9407 at NVD CVE-2024-9675 at SUSE CVE-2024-9675 at NVD CVE-2024-9676 at SUSE CVE-2024-9676 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). Moderate SUSE bug 1234089 SUSE bug 1237335 CVE-2024-29018 at SUSE CVE-2024-29018 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Moderate SUSE bug 1236619 CVE-2025-24528 at SUSE CVE-2025-24528 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768). - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: netvsc: Update default VMBus channels (bsc#1236757). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). Important SUSE bug 1215420 SUSE bug 1224700 SUSE bug 1225742 SUSE bug 1232919 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234963 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1236757 SUSE bug 1236761 SUSE bug 1236821 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237139 SUSE bug 1237768 SUSE bug 1238033 CVE-2021-47633 at SUSE CVE-2021-47633 at NVD CVE-2022-49080 at SUSE CVE-2022-49080 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768). - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: netvsc: Update default VMBus channels (bsc#1236757). - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus -revert (bsc#1237160). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Reduce readdir stack usage (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). Important SUSE bug 1215420 SUSE bug 1224700 SUSE bug 1224763 SUSE bug 1225742 SUSE bug 1231847 SUSE bug 1232919 SUSE bug 1233112 SUSE bug 1234025 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234963 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235217 SUSE bug 1235230 SUSE bug 1235249 SUSE bug 1235430 SUSE bug 1235441 SUSE bug 1235466 SUSE bug 1235645 SUSE bug 1235759 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235920 SUSE bug 1236104 SUSE bug 1236757 SUSE bug 1236761 SUSE bug 1236821 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237139 SUSE bug 1237160 SUSE bug 1237389 SUSE bug 1237768 SUSE bug 1238033 CVE-2021-47633 at SUSE CVE-2021-47633 at NVD CVE-2022-49080 at SUSE CVE-2022-49080 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). Low SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418). Important SUSE bug 1237363 SUSE bug 1237370 SUSE bug 1237418 CVE-2024-56171 at SUSE CVE-2024-56171 at NVD CVE-2025-24928 at SUSE CVE-2025-24928 at NVD CVE-2025-27113 at SUSE CVE-2025-27113 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for rsync fixes the following issues: - CVE-2024-12747: Fixed race condition in handling symbolic links (bsc#1235475) - Broken rsyncd after protocol bump, regression reported (bsc#1237187). - Bump protocol version to 32 - make it easier to show server is patched. Moderate SUSE bug 1235475 SUSE bug 1237187 CVE-2024-12747 at SUSE CVE-2024-12747 at NVD cpe:/o:suse:suse-microos:5.1 SUSE Linux Enterprise Micro 5.1 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). Important SUSE bug 1239465 CVE-2025-27363 at SUSE CVE-2025-27363 at NVD cpe:/o:suse:suse-microos:5.1