Marcus Updateinfo to OVAL Converter 5.5 2026-04-14T06:45:48 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the afterburn-5.2.0-150300.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-35905 at SUSE CVE-2020-35905 at NVD CVE-2020-36465 at SUSE CVE-2020-36465 at NVD CVE-2021-27378 at SUSE CVE-2021-27378 at NVD CVE-2021-32714 at SUSE CVE-2021-32714 at NVD CVE-2021-32715 at SUSE CVE-2021-32715 at NVD CVE-2021-38191 at SUSE CVE-2021-38191 at NVD CVE-2021-45710 at SUSE CVE-2021-45710 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the aide-0.16-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2021-45417 at SUSE CVE-2021-45417 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the apparmor-parser-2.13.6-150300.3.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-6507 at SUSE CVE-2017-6507 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the augeas-1.10.1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8119 at SUSE CVE-2014-8119 at NVD CVE-2017-7555 at SUSE CVE-2017-7555 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the avahi-0.7-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-1000845 at SUSE CVE-2018-1000845 at NVD CVE-2021-26720 at SUSE CVE-2021-26720 at NVD CVE-2021-3468 at SUSE CVE-2021-3468 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the aws-cli-1.20.7-30.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-15869 at SUSE CVE-2018-15869 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the bash-4.4-19.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9401 at SUSE CVE-2016-9401 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-14722 at SUSE CVE-2018-14722 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the bzip2-1.0.6-5.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-3189 at SUSE CVE-2016-3189 at NVD CVE-2019-12900 at SUSE CVE-2019-12900 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the chrony-3.2-9.24.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-1567 at SUSE CVE-2016-1567 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cifs-utils-6.9-5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-14342 at SUSE CVE-2020-14342 at NVD CVE-2021-20208 at SUSE CVE-2021-20208 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-10749 at SUSE CVE-2020-10749 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the conntrack-tools-1.4.5-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-6496 at SUSE CVE-2015-6496 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the containerd-1.4.12-60.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD CVE-2020-15157 at SUSE CVE-2020-15157 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD CVE-2021-21334 at SUSE CVE-2021-21334 at NVD CVE-2021-32760 at SUSE CVE-2021-32760 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2007-4129 at SUSE CVE-2007-4129 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the coreutils-8.32-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-4041 at SUSE CVE-2015-4041 at NVD CVE-2015-4042 at SUSE CVE-2015-4042 at NVD CVE-2017-7476 at SUSE CVE-2017-7476 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cpio-2.12-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9112 at SUSE CVE-2014-9112 at NVD CVE-2016-2037 at SUSE CVE-2016-2037 at NVD CVE-2019-14866 at SUSE CVE-2019-14866 at NVD CVE-2021-38185 at SUSE CVE-2021-38185 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-6318 at SUSE CVE-2016-6318 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cryptsetup-2.3.7-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-14382 at SUSE CVE-2020-14382 at NVD CVE-2021-4122 at SUSE CVE-2021-4122 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cups-config-2.2.7-3.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2012-5519 at SUSE CVE-2012-5519 at NVD CVE-2014-3537 at SUSE CVE-2014-3537 at NVD CVE-2014-5029 at SUSE CVE-2014-5029 at NVD CVE-2014-5030 at SUSE CVE-2014-5030 at NVD CVE-2014-5031 at SUSE CVE-2014-5031 at NVD CVE-2015-1158 at SUSE CVE-2015-1158 at NVD CVE-2015-1159 at SUSE CVE-2015-1159 at NVD CVE-2017-18248 at SUSE CVE-2017-18248 at NVD CVE-2018-4180 at SUSE CVE-2018-4180 at NVD CVE-2018-4181 at SUSE CVE-2018-4181 at NVD CVE-2018-4182 at SUSE CVE-2018-4182 at NVD CVE-2018-4183 at SUSE CVE-2018-4183 at NVD CVE-2018-4700 at SUSE CVE-2018-4700 at NVD CVE-2019-8675 at SUSE CVE-2019-8675 at NVD CVE-2019-8696 at SUSE CVE-2019-8696 at NVD CVE-2019-8842 at SUSE CVE-2019-8842 at NVD CVE-2020-10001 at SUSE CVE-2020-10001 at NVD CVE-2020-3898 at SUSE CVE-2020-3898 at NVD CVE-2021-25317 at SUSE CVE-2021-25317 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the curl-7.66.0-4.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8150 at SUSE CVE-2014-8150 at NVD CVE-2015-3143 at SUSE CVE-2015-3143 at NVD CVE-2015-3144 at SUSE CVE-2015-3144 at NVD CVE-2015-3145 at SUSE CVE-2015-3145 at NVD CVE-2015-3148 at SUSE CVE-2015-3148 at NVD CVE-2015-3153 at SUSE CVE-2015-3153 at NVD CVE-2015-3236 at SUSE CVE-2015-3236 at NVD CVE-2015-3237 at SUSE CVE-2015-3237 at NVD CVE-2016-0755 at SUSE CVE-2016-0755 at NVD CVE-2016-7167 at SUSE CVE-2016-7167 at NVD CVE-2016-8615 at SUSE CVE-2016-8615 at NVD CVE-2016-8616 at SUSE CVE-2016-8616 at NVD CVE-2016-8617 at SUSE CVE-2016-8617 at NVD CVE-2016-8618 at SUSE CVE-2016-8618 at NVD CVE-2016-8619 at SUSE CVE-2016-8619 at NVD CVE-2016-8620 at SUSE CVE-2016-8620 at NVD CVE-2016-8621 at SUSE CVE-2016-8621 at NVD CVE-2016-8622 at SUSE CVE-2016-8622 at NVD CVE-2016-8623 at SUSE CVE-2016-8623 at NVD CVE-2016-8624 at SUSE CVE-2016-8624 at NVD CVE-2016-8625 at SUSE CVE-2016-8625 at NVD CVE-2016-9586 at SUSE CVE-2016-9586 at NVD CVE-2016-9594 at SUSE CVE-2016-9594 at NVD CVE-2017-1000099 at SUSE CVE-2017-1000099 at NVD CVE-2017-1000100 at SUSE CVE-2017-1000100 at NVD CVE-2017-1000101 at SUSE CVE-2017-1000101 at NVD CVE-2017-1000254 at SUSE CVE-2017-1000254 at NVD CVE-2017-1000257 at SUSE CVE-2017-1000257 at NVD CVE-2017-2629 at SUSE CVE-2017-2629 at NVD CVE-2017-7468 at SUSE CVE-2017-7468 at NVD CVE-2017-8816 at SUSE CVE-2017-8816 at NVD CVE-2017-8817 at SUSE CVE-2017-8817 at NVD CVE-2017-8818 at SUSE CVE-2017-8818 at NVD CVE-2017-9502 at SUSE CVE-2017-9502 at NVD CVE-2018-0500 at SUSE CVE-2018-0500 at NVD CVE-2018-1000005 at SUSE CVE-2018-1000005 at NVD CVE-2018-1000007 at SUSE CVE-2018-1000007 at NVD CVE-2018-1000120 at SUSE CVE-2018-1000120 at NVD CVE-2018-1000121 at SUSE CVE-2018-1000121 at NVD CVE-2018-1000122 at SUSE CVE-2018-1000122 at NVD CVE-2018-1000300 at SUSE CVE-2018-1000300 at NVD CVE-2018-1000301 at SUSE CVE-2018-1000301 at NVD CVE-2018-14618 at SUSE CVE-2018-14618 at NVD CVE-2018-16839 at SUSE CVE-2018-16839 at NVD CVE-2018-16840 at SUSE CVE-2018-16840 at NVD CVE-2018-16842 at SUSE CVE-2018-16842 at NVD CVE-2018-16890 at SUSE CVE-2018-16890 at NVD CVE-2019-3822 at SUSE CVE-2019-3822 at NVD CVE-2019-3823 at SUSE CVE-2019-3823 at NVD CVE-2019-5435 at SUSE CVE-2019-5435 at NVD CVE-2019-5436 at SUSE CVE-2019-5436 at NVD CVE-2019-5481 at SUSE CVE-2019-5481 at NVD CVE-2019-5482 at SUSE CVE-2019-5482 at NVD CVE-2020-8169 at SUSE CVE-2020-8169 at NVD CVE-2020-8177 at SUSE CVE-2020-8177 at NVD CVE-2020-8231 at SUSE CVE-2020-8231 at NVD CVE-2020-8284 at SUSE CVE-2020-8284 at NVD CVE-2020-8285 at SUSE CVE-2020-8285 at NVD CVE-2020-8286 at SUSE CVE-2020-8286 at NVD CVE-2021-22876 at SUSE CVE-2021-22876 at NVD CVE-2021-22890 at SUSE CVE-2021-22890 at NVD CVE-2021-22898 at SUSE CVE-2021-22898 at NVD CVE-2021-22922 at SUSE CVE-2021-22922 at NVD CVE-2021-22923 at SUSE CVE-2021-22923 at NVD CVE-2021-22924 at SUSE CVE-2021-22924 at NVD CVE-2021-22925 at SUSE CVE-2021-22925 at NVD CVE-2021-22946 at SUSE CVE-2021-22946 at NVD CVE-2021-22947 at SUSE CVE-2021-22947 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the cyrus-sasl-2.1.27-150300.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-19906 at SUSE CVE-2019-19906 at NVD CVE-2020-8032 at SUSE CVE-2020-8032 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the dbus-1-1.12.2-8.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3636 at SUSE CVE-2014-3636 at NVD CVE-2014-3637 at SUSE CVE-2014-3637 at NVD CVE-2014-3639 at SUSE CVE-2014-3639 at NVD CVE-2014-7824 at SUSE CVE-2014-7824 at NVD CVE-2014-8148 at SUSE CVE-2014-8148 at NVD CVE-2015-0245 at SUSE CVE-2015-0245 at NVD CVE-2019-12749 at SUSE CVE-2019-12749 at NVD CVE-2020-12049 at SUSE CVE-2020-12049 at NVD CVE-2020-35512 at SUSE CVE-2020-35512 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the dnsmasq-2.86-7.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-3294 at SUSE CVE-2015-3294 at NVD CVE-2015-8899 at SUSE CVE-2015-8899 at NVD CVE-2017-14491 at SUSE CVE-2017-14491 at NVD CVE-2017-14492 at SUSE CVE-2017-14492 at NVD CVE-2017-14493 at SUSE CVE-2017-14493 at NVD CVE-2017-14494 at SUSE CVE-2017-14494 at NVD CVE-2017-14495 at SUSE CVE-2017-14495 at NVD CVE-2017-14496 at SUSE CVE-2017-14496 at NVD CVE-2017-15107 at SUSE CVE-2017-15107 at NVD CVE-2019-14834 at SUSE CVE-2019-14834 at NVD CVE-2020-14312 at SUSE CVE-2020-14312 at NVD CVE-2020-25681 at SUSE CVE-2020-25681 at NVD CVE-2020-25682 at SUSE CVE-2020-25682 at NVD CVE-2020-25683 at SUSE CVE-2020-25683 at NVD CVE-2020-25684 at SUSE CVE-2020-25684 at NVD CVE-2020-25685 at SUSE CVE-2020-25685 at NVD CVE-2020-25686 at SUSE CVE-2020-25686 at NVD CVE-2020-25687 at SUSE CVE-2020-25687 at NVD CVE-2021-3448 at SUSE CVE-2021-3448 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the docker-20.10.12_ce-159.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-5277 at SUSE CVE-2014-5277 at NVD CVE-2014-6407 at SUSE CVE-2014-6407 at NVD CVE-2014-6408 at SUSE CVE-2014-6408 at NVD CVE-2014-8178 at SUSE CVE-2014-8178 at NVD CVE-2014-8179 at SUSE CVE-2014-8179 at NVD CVE-2014-9356 at SUSE CVE-2014-9356 at NVD CVE-2014-9357 at SUSE CVE-2014-9357 at NVD CVE-2014-9358 at SUSE CVE-2014-9358 at NVD CVE-2015-3627 at SUSE CVE-2015-3627 at NVD CVE-2015-3629 at SUSE CVE-2015-3629 at NVD CVE-2015-3630 at SUSE CVE-2015-3630 at NVD CVE-2015-3631 at SUSE CVE-2015-3631 at NVD CVE-2016-3697 at SUSE CVE-2016-3697 at NVD CVE-2016-8867 at SUSE CVE-2016-8867 at NVD CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2017-14992 at SUSE CVE-2017-14992 at NVD CVE-2017-16539 at SUSE CVE-2017-16539 at NVD CVE-2018-10892 at SUSE CVE-2018-10892 at NVD CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2018-20699 at SUSE CVE-2018-20699 at NVD CVE-2019-13509 at SUSE CVE-2019-13509 at NVD CVE-2019-14271 at SUSE CVE-2019-14271 at NVD CVE-2020-13401 at SUSE CVE-2020-13401 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD CVE-2021-21284 at SUSE CVE-2021-21284 at NVD CVE-2021-21285 at SUSE CVE-2021-21285 at NVD CVE-2021-41089 at SUSE CVE-2021-41089 at NVD CVE-2021-41091 at SUSE CVE-2021-41091 at NVD CVE-2021-41092 at SUSE CVE-2021-41092 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-16884 at SUSE CVE-2019-16884 at NVD CVE-2019-19921 at SUSE CVE-2019-19921 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the dracut-049.1+suse.228.g07676562-3.54.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-8637 at SUSE CVE-2016-8637 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the e2fsprogs-1.43.8-4.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-0247 at SUSE CVE-2015-0247 at NVD CVE-2015-1572 at SUSE CVE-2015-1572 at NVD CVE-2019-5094 at SUSE CVE-2019-5094 at NVD CVE-2019-5188 at SUSE CVE-2019-5188 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9447 at SUSE CVE-2014-9447 at NVD CVE-2017-7607 at SUSE CVE-2017-7607 at NVD CVE-2017-7608 at SUSE CVE-2017-7608 at NVD CVE-2017-7609 at SUSE CVE-2017-7609 at NVD CVE-2017-7610 at SUSE CVE-2017-7610 at NVD CVE-2017-7611 at SUSE CVE-2017-7611 at NVD CVE-2017-7612 at SUSE CVE-2017-7612 at NVD CVE-2017-7613 at SUSE CVE-2017-7613 at NVD CVE-2018-16062 at SUSE CVE-2018-16062 at NVD CVE-2018-16402 at SUSE CVE-2018-16402 at NVD CVE-2018-16403 at SUSE CVE-2018-16403 at NVD CVE-2018-18310 at SUSE CVE-2018-18310 at NVD CVE-2018-18520 at SUSE CVE-2018-18520 at NVD CVE-2018-18521 at SUSE CVE-2018-18521 at NVD CVE-2019-7150 at SUSE CVE-2019-7150 at NVD CVE-2019-7665 at SUSE CVE-2019-7665 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3710 at SUSE CVE-2014-3710 at NVD CVE-2014-8116 at SUSE CVE-2014-8116 at NVD CVE-2014-8117 at SUSE CVE-2014-8117 at NVD CVE-2017-1000249 at SUSE CVE-2017-1000249 at NVD CVE-2018-10360 at SUSE CVE-2018-10360 at NVD CVE-2019-18218 at SUSE CVE-2019-18218 at NVD CVE-2019-8905 at SUSE CVE-2019-8905 at NVD CVE-2019-8906 at SUSE CVE-2019-8906 at NVD CVE-2019-8907 at SUSE CVE-2019-8907 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the firewalld-0.9.3-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-5410 at SUSE CVE-2016-5410 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2009-3297 at SUSE CVE-2009-3297 at NVD CVE-2011-0541 at SUSE CVE-2011-0541 at NVD CVE-2015-3202 at SUSE CVE-2015-3202 at NVD CVE-2018-10906 at SUSE CVE-2018-10906 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.46.5-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-11464 at SUSE CVE-2017-11464 at NVD CVE-2021-25900 at SUSE CVE-2021-25900 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the gdk-pixbuf-query-loaders-2.40.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-4491 at SUSE CVE-2015-4491 at NVD CVE-2015-7552 at SUSE CVE-2015-7552 at NVD CVE-2015-7673 at SUSE CVE-2015-7673 at NVD CVE-2015-7674 at SUSE CVE-2015-7674 at NVD CVE-2016-6352 at SUSE CVE-2016-6352 at NVD CVE-2017-2862 at SUSE CVE-2017-2862 at NVD CVE-2017-2870 at SUSE CVE-2017-2870 at NVD CVE-2017-6312 at SUSE CVE-2017-6312 at NVD CVE-2017-6313 at SUSE CVE-2017-6313 at NVD CVE-2020-29385 at SUSE CVE-2020-29385 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the glib-networking-2.62.4-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-13645 at SUSE CVE-2020-13645 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the glib2-tools-2.62.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-16428 at SUSE CVE-2018-16428 at NVD CVE-2018-16429 at SUSE CVE-2018-16429 at NVD CVE-2019-12450 at SUSE CVE-2019-12450 at NVD CVE-2020-6750 at SUSE CVE-2020-6750 at NVD CVE-2021-27218 at SUSE CVE-2021-27218 at NVD CVE-2021-27219 at SUSE CVE-2021-27219 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the glibc-2.31-150300.9.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2009-5155 at SUSE CVE-2009-5155 at NVD CVE-2010-3192 at SUSE CVE-2010-3192 at NVD CVE-2012-3406 at SUSE CVE-2012-3406 at NVD CVE-2013-4458 at SUSE CVE-2013-4458 at NVD CVE-2014-7817 at SUSE CVE-2014-7817 at NVD CVE-2014-8121 at SUSE CVE-2014-8121 at NVD CVE-2014-9402 at SUSE CVE-2014-9402 at NVD CVE-2014-9761 at SUSE CVE-2014-9761 at NVD CVE-2015-1472 at SUSE CVE-2015-1472 at NVD CVE-2015-1473 at SUSE CVE-2015-1473 at NVD CVE-2015-1781 at SUSE CVE-2015-1781 at NVD CVE-2015-5180 at SUSE CVE-2015-5180 at NVD CVE-2015-7547 at SUSE CVE-2015-7547 at NVD CVE-2015-8776 at SUSE CVE-2015-8776 at NVD CVE-2015-8777 at SUSE CVE-2015-8777 at NVD CVE-2015-8778 at SUSE CVE-2015-8778 at NVD CVE-2015-8779 at SUSE CVE-2015-8779 at NVD CVE-2016-10228 at SUSE CVE-2016-10228 at NVD CVE-2016-10739 at SUSE CVE-2016-10739 at NVD CVE-2016-1234 at SUSE CVE-2016-1234 at NVD CVE-2016-3075 at SUSE CVE-2016-3075 at NVD CVE-2016-3706 at SUSE CVE-2016-3706 at NVD CVE-2016-4429 at SUSE CVE-2016-4429 at NVD CVE-2016-5417 at SUSE CVE-2016-5417 at NVD CVE-2016-6323 at SUSE CVE-2016-6323 at NVD CVE-2017-1000366 at SUSE CVE-2017-1000366 at NVD CVE-2017-1000408 at SUSE CVE-2017-1000408 at NVD CVE-2017-1000409 at SUSE CVE-2017-1000409 at NVD CVE-2017-12132 at SUSE CVE-2017-12132 at NVD CVE-2017-12133 at SUSE CVE-2017-12133 at NVD CVE-2017-15670 at SUSE CVE-2017-15670 at NVD CVE-2017-15671 at SUSE CVE-2017-15671 at NVD CVE-2017-15804 at SUSE CVE-2017-15804 at NVD CVE-2017-16997 at SUSE CVE-2017-16997 at NVD CVE-2017-17426 at SUSE CVE-2017-17426 at NVD CVE-2017-18269 at SUSE CVE-2017-18269 at NVD CVE-2018-1000001 at SUSE CVE-2018-1000001 at NVD CVE-2018-11236 at SUSE CVE-2018-11236 at NVD CVE-2018-11237 at SUSE CVE-2018-11237 at NVD CVE-2018-6485 at SUSE CVE-2018-6485 at NVD CVE-2018-6551 at SUSE CVE-2018-6551 at NVD CVE-2019-19126 at SUSE CVE-2019-19126 at NVD CVE-2019-9169 at SUSE CVE-2019-9169 at NVD CVE-2020-10029 at SUSE CVE-2020-10029 at NVD CVE-2020-1751 at SUSE CVE-2020-1751 at NVD CVE-2020-1752 at SUSE CVE-2020-1752 at NVD CVE-2020-27618 at SUSE CVE-2020-27618 at NVD CVE-2020-29562 at SUSE CVE-2020-29562 at NVD CVE-2020-29573 at SUSE CVE-2020-29573 at NVD CVE-2021-27645 at SUSE CVE-2021-27645 at NVD CVE-2021-3326 at SUSE CVE-2021-3326 at NVD CVE-2021-33574 at SUSE CVE-2021-33574 at NVD CVE-2021-35942 at SUSE CVE-2021-35942 at NVD CVE-2021-3999 at SUSE CVE-2021-3999 at NVD CVE-2022-23218 at SUSE CVE-2022-23218 at NVD CVE-2022-23219 at SUSE CVE-2022-23219 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the gnutls-3.6.7-14.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8564 at SUSE CVE-2014-8564 at NVD CVE-2015-6251 at SUSE CVE-2015-6251 at NVD CVE-2016-8610 at SUSE CVE-2016-8610 at NVD CVE-2017-7869 at SUSE CVE-2017-7869 at NVD CVE-2018-10844 at SUSE CVE-2018-10844 at NVD CVE-2018-10845 at SUSE CVE-2018-10845 at NVD CVE-2018-10846 at SUSE CVE-2018-10846 at NVD CVE-2018-16868 at SUSE CVE-2018-16868 at NVD CVE-2019-3829 at SUSE CVE-2019-3829 at NVD CVE-2019-3836 at SUSE CVE-2019-3836 at NVD CVE-2020-11501 at SUSE CVE-2020-11501 at NVD CVE-2020-13777 at SUSE CVE-2020-13777 at NVD CVE-2020-24659 at SUSE CVE-2020-24659 at NVD CVE-2021-20231 at SUSE CVE-2021-20231 at NVD CVE-2021-20232 at SUSE CVE-2021-20232 at NVD CVE-2021-4209 at SUSE CVE-2021-4209 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the gpg2-2.2.27-1.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-1000858 at SUSE CVE-2018-1000858 at NVD CVE-2018-12020 at SUSE CVE-2018-12020 at NVD CVE-2018-9234 at SUSE CVE-2018-9234 at NVD CVE-2019-13050 at SUSE CVE-2019-13050 at NVD CVE-2019-14855 at SUSE CVE-2019-14855 at NVD CVE-2020-25125 at SUSE CVE-2020-25125 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-1345 at SUSE CVE-2015-1345 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the groff-1.22.3-5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2009-5081 at SUSE CVE-2009-5081 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the grub2-2.04-150300.22.12.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-8370 at SUSE CVE-2015-8370 at NVD CVE-2020-10713 at SUSE CVE-2020-10713 at NVD CVE-2020-14308 at SUSE CVE-2020-14308 at NVD CVE-2020-14309 at SUSE CVE-2020-14309 at NVD CVE-2020-14310 at SUSE CVE-2020-14310 at NVD CVE-2020-14311 at SUSE CVE-2020-14311 at NVD CVE-2020-14372 at SUSE CVE-2020-14372 at NVD CVE-2020-15705 at SUSE CVE-2020-15705 at NVD CVE-2020-15706 at SUSE CVE-2020-15706 at NVD CVE-2020-15707 at SUSE CVE-2020-15707 at NVD CVE-2020-25632 at SUSE CVE-2020-25632 at NVD CVE-2020-25647 at SUSE CVE-2020-25647 at NVD CVE-2020-27749 at SUSE CVE-2020-27749 at NVD CVE-2020-27779 at SUSE CVE-2020-27779 at NVD CVE-2021-20225 at SUSE CVE-2021-20225 at NVD CVE-2021-20233 at SUSE CVE-2021-20233 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the gstreamer-1.16.3-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-10198 at SUSE CVE-2016-10198 at NVD CVE-2016-10199 at SUSE CVE-2016-10199 at NVD CVE-2017-5837 at SUSE CVE-2017-5837 at NVD CVE-2017-5838 at SUSE CVE-2017-5838 at NVD CVE-2017-5839 at SUSE CVE-2017-5839 at NVD CVE-2017-5840 at SUSE CVE-2017-5840 at NVD CVE-2017-5841 at SUSE CVE-2017-5841 at NVD CVE-2017-5842 at SUSE CVE-2017-5842 at NVD CVE-2017-5843 at SUSE CVE-2017-5843 at NVD CVE-2017-5844 at SUSE CVE-2017-5844 at NVD CVE-2017-5845 at SUSE CVE-2017-5845 at NVD CVE-2017-5846 at SUSE CVE-2017-5846 at NVD CVE-2017-5847 at SUSE CVE-2017-5847 at NVD CVE-2017-5848 at SUSE CVE-2017-5848 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the gstreamer-plugins-base-1.16.3-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-9928 at SUSE CVE-2019-9928 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the iscsiuio-0.7.8.6-32.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-13987 at SUSE CVE-2020-13987 at NVD CVE-2020-13988 at SUSE CVE-2020-13988 at NVD CVE-2020-17437 at SUSE CVE-2020-17437 at NVD CVE-2020-17438 at SUSE CVE-2020-17438 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-8863 at SUSE CVE-2015-8863 at NVD CVE-2016-4074 at SUSE CVE-2016-4074 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the kdump-0.9.0-18.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-5759 at SUSE CVE-2016-5759 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the kernel-default-5.3.18-150300.59.49.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-1000251 at SUSE CVE-2017-1000251 at NVD CVE-2017-12153 at SUSE CVE-2017-12153 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-14051 at SUSE CVE-2017-14051 at NVD CVE-2017-16536 at SUSE CVE-2017-16536 at NVD CVE-2017-16537 at SUSE CVE-2017-16537 at NVD CVE-2017-16646 at SUSE CVE-2017-16646 at NVD CVE-2017-16648 at SUSE CVE-2017-16648 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2018-10323 at SUSE CVE-2018-10323 at NVD CVE-2018-12232 at SUSE CVE-2018-12232 at NVD CVE-2018-13053 at SUSE CVE-2018-13053 at NVD CVE-2018-13405 at SUSE CVE-2018-13405 at NVD CVE-2018-20669 at SUSE CVE-2018-20669 at NVD CVE-2019-0154 at SUSE CVE-2019-0154 at NVD CVE-2019-0155 at SUSE CVE-2019-0155 at NVD CVE-2019-10220 at SUSE CVE-2019-10220 at NVD CVE-2019-11477 at SUSE CVE-2019-11477 at NVD CVE-2019-11478 at SUSE CVE-2019-11478 at NVD CVE-2019-11479 at SUSE CVE-2019-11479 at NVD CVE-2019-14615 at SUSE CVE-2019-14615 at NVD CVE-2019-14814 at SUSE CVE-2019-14814 at NVD CVE-2019-14815 at SUSE CVE-2019-14815 at NVD CVE-2019-14816 at SUSE CVE-2019-14816 at NVD CVE-2019-14895 at SUSE CVE-2019-14895 at NVD CVE-2019-14896 at SUSE CVE-2019-14896 at NVD CVE-2019-14897 at SUSE CVE-2019-14897 at NVD CVE-2019-14901 at SUSE CVE-2019-14901 at NVD CVE-2019-15030 at SUSE CVE-2019-15030 at NVD CVE-2019-15031 at SUSE CVE-2019-15031 at NVD CVE-2019-15098 at SUSE CVE-2019-15098 at NVD CVE-2019-15099 at SUSE CVE-2019-15099 at NVD CVE-2019-15290 at SUSE CVE-2019-15290 at NVD CVE-2019-15291 at SUSE CVE-2019-15291 at NVD CVE-2019-15504 at SUSE CVE-2019-15504 at NVD CVE-2019-16231 at SUSE CVE-2019-16231 at NVD CVE-2019-16232 at SUSE CVE-2019-16232 at NVD CVE-2019-16233 at SUSE CVE-2019-16233 at NVD CVE-2019-16234 at SUSE CVE-2019-16234 at NVD CVE-2019-17133 at SUSE CVE-2019-17133 at NVD CVE-2019-17666 at SUSE CVE-2019-17666 at NVD CVE-2019-18198 at SUSE CVE-2019-18198 at NVD CVE-2019-18660 at SUSE CVE-2019-18660 at NVD CVE-2019-18683 at SUSE CVE-2019-18683 at NVD CVE-2019-18786 at SUSE CVE-2019-18786 at NVD CVE-2019-18808 at SUSE CVE-2019-18808 at NVD CVE-2019-18809 at SUSE CVE-2019-18809 at NVD CVE-2019-18811 at SUSE CVE-2019-18811 at NVD CVE-2019-18812 at SUSE CVE-2019-18812 at NVD CVE-2019-18813 at SUSE CVE-2019-18813 at NVD CVE-2019-18814 at SUSE CVE-2019-18814 at NVD CVE-2019-19037 at SUSE CVE-2019-19037 at NVD CVE-2019-19043 at SUSE CVE-2019-19043 at NVD CVE-2019-19044 at SUSE CVE-2019-19044 at NVD CVE-2019-19045 at SUSE CVE-2019-19045 at NVD CVE-2019-19046 at SUSE CVE-2019-19046 at NVD CVE-2019-19047 at SUSE CVE-2019-19047 at NVD CVE-2019-19048 at SUSE CVE-2019-19048 at NVD CVE-2019-19049 at SUSE CVE-2019-19049 at NVD CVE-2019-19050 at SUSE CVE-2019-19050 at NVD CVE-2019-19051 at SUSE CVE-2019-19051 at NVD CVE-2019-19052 at SUSE CVE-2019-19052 at NVD CVE-2019-19053 at SUSE CVE-2019-19053 at NVD CVE-2019-19054 at SUSE CVE-2019-19054 at NVD CVE-2019-19055 at SUSE CVE-2019-19055 at NVD CVE-2019-19056 at SUSE CVE-2019-19056 at NVD CVE-2019-19057 at SUSE CVE-2019-19057 at NVD CVE-2019-19058 at SUSE CVE-2019-19058 at NVD CVE-2019-19060 at SUSE CVE-2019-19060 at NVD CVE-2019-19061 at SUSE CVE-2019-19061 at NVD CVE-2019-19062 at SUSE CVE-2019-19062 at NVD CVE-2019-19063 at SUSE CVE-2019-19063 at NVD CVE-2019-19064 at SUSE CVE-2019-19064 at NVD CVE-2019-19065 at SUSE CVE-2019-19065 at NVD CVE-2019-19066 at SUSE CVE-2019-19066 at NVD CVE-2019-19067 at SUSE CVE-2019-19067 at NVD CVE-2019-19068 at SUSE CVE-2019-19068 at NVD CVE-2019-19069 at SUSE CVE-2019-19069 at NVD CVE-2019-19070 at SUSE CVE-2019-19070 at NVD CVE-2019-19071 at SUSE CVE-2019-19071 at NVD CVE-2019-19072 at SUSE CVE-2019-19072 at NVD CVE-2019-19073 at SUSE CVE-2019-19073 at NVD CVE-2019-19074 at SUSE CVE-2019-19074 at NVD CVE-2019-19075 at SUSE CVE-2019-19075 at NVD CVE-2019-19077 at SUSE CVE-2019-19077 at NVD CVE-2019-19078 at SUSE CVE-2019-19078 at NVD CVE-2019-19080 at SUSE CVE-2019-19080 at NVD CVE-2019-19081 at SUSE CVE-2019-19081 at NVD CVE-2019-19082 at SUSE CVE-2019-19082 at NVD CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2019-19241 at SUSE CVE-2019-19241 at NVD CVE-2019-19252 at SUSE CVE-2019-19252 at NVD CVE-2019-19332 at SUSE CVE-2019-19332 at NVD CVE-2019-19338 at SUSE CVE-2019-19338 at NVD CVE-2019-19447 at SUSE CVE-2019-19447 at NVD CVE-2019-19462 at SUSE CVE-2019-19462 at NVD CVE-2019-19523 at SUSE CVE-2019-19523 at NVD CVE-2019-19524 at SUSE CVE-2019-19524 at NVD CVE-2019-19525 at SUSE CVE-2019-19525 at NVD CVE-2019-19526 at SUSE CVE-2019-19526 at NVD CVE-2019-19528 at SUSE CVE-2019-19528 at NVD CVE-2019-19529 at SUSE CVE-2019-19529 at NVD CVE-2019-19532 at SUSE CVE-2019-19532 at NVD CVE-2019-19533 at SUSE CVE-2019-19533 at NVD CVE-2019-19534 at SUSE CVE-2019-19534 at NVD CVE-2019-19602 at SUSE CVE-2019-19602 at NVD CVE-2019-19767 at SUSE CVE-2019-19767 at NVD CVE-2019-19768 at SUSE CVE-2019-19768 at NVD CVE-2019-19769 at SUSE CVE-2019-19769 at NVD CVE-2019-19770 at SUSE CVE-2019-19770 at NVD CVE-2019-19807 at SUSE CVE-2019-19807 at NVD CVE-2019-19922 at SUSE CVE-2019-19922 at NVD CVE-2019-19947 at SUSE CVE-2019-19947 at NVD CVE-2019-19965 at SUSE CVE-2019-19965 at NVD CVE-2019-20422 at SUSE CVE-2019-20422 at NVD CVE-2019-20810 at SUSE CVE-2019-20810 at NVD CVE-2019-20812 at SUSE CVE-2019-20812 at NVD CVE-2019-3016 at SUSE CVE-2019-3016 at NVD CVE-2019-8912 at SUSE CVE-2019-8912 at NVD CVE-2020-0110 at SUSE CVE-2020-0110 at NVD CVE-2020-0305 at SUSE CVE-2020-0305 at NVD CVE-2020-0404 at SUSE CVE-2020-0404 at NVD CVE-2020-0427 at SUSE CVE-2020-0427 at NVD CVE-2020-0431 at SUSE CVE-2020-0431 at NVD CVE-2020-0432 at SUSE CVE-2020-0432 at NVD CVE-2020-0444 at SUSE CVE-2020-0444 at NVD CVE-2020-0465 at SUSE CVE-2020-0465 at NVD CVE-2020-0466 at SUSE CVE-2020-0466 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-10135 at SUSE CVE-2020-10135 at NVD CVE-2020-10690 at SUSE CVE-2020-10690 at NVD CVE-2020-10711 at SUSE CVE-2020-10711 at NVD CVE-2020-10732 at SUSE CVE-2020-10732 at NVD CVE-2020-10751 at SUSE CVE-2020-10751 at NVD CVE-2020-10757 at SUSE CVE-2020-10757 at NVD CVE-2020-10766 at SUSE CVE-2020-10766 at NVD CVE-2020-10767 at SUSE CVE-2020-10767 at NVD CVE-2020-10768 at SUSE CVE-2020-10768 at NVD CVE-2020-10773 at SUSE CVE-2020-10773 at NVD CVE-2020-10781 at SUSE CVE-2020-10781 at NVD CVE-2020-10942 at SUSE CVE-2020-10942 at NVD CVE-2020-11494 at SUSE CVE-2020-11494 at NVD CVE-2020-11608 at SUSE CVE-2020-11608 at NVD CVE-2020-11668 at SUSE CVE-2020-11668 at NVD CVE-2020-11884 at SUSE CVE-2020-11884 at NVD CVE-2020-12351 at SUSE CVE-2020-12351 at NVD CVE-2020-12352 at SUSE CVE-2020-12352 at NVD CVE-2020-12362 at SUSE CVE-2020-12362 at NVD CVE-2020-12363 at SUSE CVE-2020-12363 at NVD CVE-2020-12364 at SUSE CVE-2020-12364 at NVD CVE-2020-12373 at SUSE CVE-2020-12373 at NVD CVE-2020-12464 at SUSE CVE-2020-12464 at NVD CVE-2020-12465 at SUSE CVE-2020-12465 at NVD CVE-2020-12652 at SUSE CVE-2020-12652 at NVD CVE-2020-12653 at SUSE CVE-2020-12653 at NVD CVE-2020-12654 at SUSE CVE-2020-12654 at NVD CVE-2020-12655 at SUSE CVE-2020-12655 at NVD CVE-2020-12656 at SUSE CVE-2020-12656 at NVD CVE-2020-12657 at SUSE CVE-2020-12657 at NVD CVE-2020-12659 at SUSE CVE-2020-12659 at NVD CVE-2020-12769 at SUSE CVE-2020-12769 at NVD CVE-2020-12771 at SUSE CVE-2020-12771 at NVD CVE-2020-12888 at SUSE CVE-2020-12888 at NVD CVE-2020-13143 at SUSE CVE-2020-13143 at NVD CVE-2020-13974 at SUSE CVE-2020-13974 at NVD CVE-2020-14314 at SUSE CVE-2020-14314 at NVD CVE-2020-14331 at SUSE CVE-2020-14331 at NVD CVE-2020-14351 at SUSE CVE-2020-14351 at NVD CVE-2020-14356 at SUSE CVE-2020-14356 at NVD CVE-2020-14385 at SUSE CVE-2020-14385 at NVD CVE-2020-14386 at SUSE CVE-2020-14386 at NVD CVE-2020-14390 at SUSE CVE-2020-14390 at NVD CVE-2020-14416 at SUSE CVE-2020-14416 at NVD CVE-2020-15393 at SUSE CVE-2020-15393 at NVD CVE-2020-15436 at SUSE CVE-2020-15436 at NVD CVE-2020-15437 at SUSE CVE-2020-15437 at NVD CVE-2020-15780 at SUSE CVE-2020-15780 at NVD CVE-2020-16120 at SUSE CVE-2020-16120 at NVD CVE-2020-16166 at SUSE CVE-2020-16166 at NVD CVE-2020-1749 at SUSE CVE-2020-1749 at NVD CVE-2020-24490 at SUSE CVE-2020-24490 at NVD CVE-2020-24504 at SUSE CVE-2020-24504 at NVD CVE-2020-24586 at SUSE CVE-2020-24586 at NVD CVE-2020-24587 at SUSE CVE-2020-24587 at NVD CVE-2020-24588 at SUSE CVE-2020-24588 at NVD CVE-2020-2521 at SUSE CVE-2020-2521 at NVD CVE-2020-25211 at SUSE CVE-2020-25211 at NVD CVE-2020-25212 at SUSE CVE-2020-25212 at NVD CVE-2020-25284 at SUSE CVE-2020-25284 at NVD CVE-2020-25285 at SUSE CVE-2020-25285 at NVD CVE-2020-25639 at SUSE CVE-2020-25639 at NVD CVE-2020-25641 at SUSE CVE-2020-25641 at NVD CVE-2020-25643 at SUSE CVE-2020-25643 at NVD CVE-2020-25645 at SUSE CVE-2020-25645 at NVD CVE-2020-25656 at SUSE CVE-2020-25656 at NVD CVE-2020-25668 at SUSE CVE-2020-25668 at NVD CVE-2020-25669 at SUSE CVE-2020-25669 at NVD CVE-2020-25670 at SUSE CVE-2020-25670 at NVD CVE-2020-25671 at SUSE CVE-2020-25671 at NVD CVE-2020-25672 at SUSE CVE-2020-25672 at NVD CVE-2020-25673 at SUSE CVE-2020-25673 at NVD CVE-2020-25704 at SUSE CVE-2020-25704 at NVD CVE-2020-25705 at SUSE CVE-2020-25705 at NVD CVE-2020-26088 at SUSE CVE-2020-26088 at NVD CVE-2020-26139 at SUSE CVE-2020-26139 at NVD CVE-2020-26141 at SUSE CVE-2020-26141 at NVD CVE-2020-26145 at SUSE CVE-2020-26145 at NVD CVE-2020-26147 at SUSE CVE-2020-26147 at NVD CVE-2020-26558 at SUSE CVE-2020-26558 at NVD CVE-2020-27068 at SUSE CVE-2020-27068 at NVD CVE-2020-27170 at SUSE CVE-2020-27170 at NVD CVE-2020-27171 at SUSE CVE-2020-27171 at NVD CVE-2020-27194 at SUSE CVE-2020-27194 at NVD CVE-2020-2732 at SUSE CVE-2020-2732 at NVD CVE-2020-27673 at SUSE CVE-2020-27673 at NVD CVE-2020-27675 at SUSE CVE-2020-27675 at NVD CVE-2020-27777 at SUSE CVE-2020-27777 at NVD CVE-2020-27786 at SUSE CVE-2020-27786 at NVD CVE-2020-27815 at SUSE CVE-2020-27815 at NVD CVE-2020-27820 at SUSE CVE-2020-27820 at NVD CVE-2020-27825 at SUSE CVE-2020-27825 at NVD CVE-2020-27830 at SUSE CVE-2020-27830 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2020-28097 at SUSE CVE-2020-28097 at NVD CVE-2020-28374 at SUSE CVE-2020-28374 at NVD CVE-2020-28915 at SUSE CVE-2020-28915 at NVD CVE-2020-28941 at SUSE CVE-2020-28941 at NVD CVE-2020-28974 at SUSE CVE-2020-28974 at NVD CVE-2020-29368 at SUSE CVE-2020-29368 at NVD CVE-2020-29369 at SUSE CVE-2020-29369 at NVD CVE-2020-29370 at SUSE CVE-2020-29370 at NVD CVE-2020-29371 at SUSE CVE-2020-29371 at NVD CVE-2020-29373 at SUSE CVE-2020-29373 at NVD CVE-2020-29568 at SUSE CVE-2020-29568 at NVD CVE-2020-29569 at SUSE CVE-2020-29569 at NVD CVE-2020-29660 at SUSE CVE-2020-29660 at NVD CVE-2020-29661 at SUSE CVE-2020-29661 at NVD CVE-2020-35519 at SUSE CVE-2020-35519 at NVD CVE-2020-36158 at SUSE CVE-2020-36158 at NVD CVE-2020-36310 at SUSE CVE-2020-36310 at NVD CVE-2020-36311 at SUSE CVE-2020-36311 at NVD CVE-2020-36312 at SUSE CVE-2020-36312 at NVD CVE-2020-36322 at SUSE CVE-2020-36322 at NVD CVE-2020-36385 at SUSE CVE-2020-36385 at NVD CVE-2020-36386 at SUSE CVE-2020-36386 at NVD CVE-2020-3702 at SUSE CVE-2020-3702 at NVD CVE-2020-4788 at SUSE CVE-2020-4788 at NVD CVE-2020-8428 at SUSE CVE-2020-8428 at NVD CVE-2020-8647 at SUSE CVE-2020-8647 at NVD CVE-2020-8648 at SUSE CVE-2020-8648 at NVD CVE-2020-8649 at SUSE CVE-2020-8649 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8835 at SUSE CVE-2020-8835 at NVD CVE-2020-8992 at SUSE CVE-2020-8992 at NVD CVE-2020-9383 at SUSE CVE-2020-9383 at NVD CVE-2021-0129 at SUSE CVE-2021-0129 at NVD CVE-2021-0342 at SUSE CVE-2021-0342 at NVD CVE-2021-0512 at SUSE CVE-2021-0512 at NVD CVE-2021-0605 at SUSE CVE-2021-0605 at NVD CVE-2021-0941 at SUSE CVE-2021-0941 at NVD CVE-2021-20177 at SUSE CVE-2021-20177 at NVD CVE-2021-20268 at SUSE CVE-2021-20268 at NVD CVE-2021-20322 at SUSE CVE-2021-20322 at NVD CVE-2021-21781 at SUSE CVE-2021-21781 at NVD CVE-2021-22543 at SUSE CVE-2021-22543 at NVD CVE-2021-22555 at SUSE CVE-2021-22555 at NVD CVE-2021-22600 at SUSE CVE-2021-22600 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-26930 at SUSE CVE-2021-26930 at NVD CVE-2021-26931 at SUSE CVE-2021-26931 at NVD CVE-2021-26932 at SUSE CVE-2021-26932 at NVD CVE-2021-27363 at SUSE CVE-2021-27363 at NVD CVE-2021-27364 at SUSE CVE-2021-27364 at NVD CVE-2021-27365 at SUSE CVE-2021-27365 at NVD CVE-2021-28038 at SUSE CVE-2021-28038 at NVD CVE-2021-28375 at SUSE CVE-2021-28375 at NVD CVE-2021-28660 at SUSE CVE-2021-28660 at NVD CVE-2021-28688 at SUSE CVE-2021-28688 at NVD CVE-2021-28711 at SUSE CVE-2021-28711 at NVD CVE-2021-28712 at SUSE CVE-2021-28712 at NVD CVE-2021-28713 at SUSE CVE-2021-28713 at NVD CVE-2021-28714 at SUSE CVE-2021-28714 at NVD CVE-2021-28715 at SUSE CVE-2021-28715 at NVD CVE-2021-28950 at SUSE CVE-2021-28950 at NVD CVE-2021-28952 at SUSE CVE-2021-28952 at NVD CVE-2021-28964 at SUSE CVE-2021-28964 at NVD CVE-2021-28971 at SUSE CVE-2021-28971 at NVD CVE-2021-28972 at SUSE CVE-2021-28972 at NVD CVE-2021-29154 at SUSE CVE-2021-29154 at NVD CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-29264 at SUSE CVE-2021-29264 at NVD CVE-2021-29265 at SUSE CVE-2021-29265 at NVD CVE-2021-29647 at SUSE CVE-2021-29647 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD CVE-2021-30002 at SUSE CVE-2021-30002 at NVD CVE-2021-31916 at SUSE CVE-2021-31916 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-33033 at SUSE CVE-2021-33033 at NVD CVE-2021-33034 at SUSE CVE-2021-33034 at NVD CVE-2021-33098 at SUSE CVE-2021-33098 at NVD CVE-2021-33200 at SUSE CVE-2021-33200 at NVD CVE-2021-3347 at SUSE CVE-2021-3347 at NVD CVE-2021-3348 at SUSE CVE-2021-3348 at NVD CVE-2021-33624 at SUSE CVE-2021-33624 at NVD CVE-2021-33909 at SUSE CVE-2021-33909 at NVD CVE-2021-3428 at SUSE CVE-2021-3428 at NVD CVE-2021-3444 at SUSE CVE-2021-3444 at NVD CVE-2021-34556 at SUSE CVE-2021-34556 at NVD CVE-2021-34693 at SUSE CVE-2021-34693 at NVD CVE-2021-3483 at SUSE CVE-2021-3483 at NVD CVE-2021-34866 at SUSE CVE-2021-34866 at NVD CVE-2021-3489 at SUSE CVE-2021-3489 at NVD CVE-2021-3490 at SUSE CVE-2021-3490 at NVD CVE-2021-3491 at SUSE CVE-2021-3491 at NVD CVE-2021-34981 at SUSE CVE-2021-34981 at NVD CVE-2021-35039 at SUSE CVE-2021-35039 at NVD CVE-2021-3542 at SUSE CVE-2021-3542 at NVD CVE-2021-35477 at SUSE CVE-2021-35477 at NVD CVE-2021-3573 at SUSE CVE-2021-3573 at NVD CVE-2021-3609 at SUSE CVE-2021-3609 at NVD CVE-2021-3612 at SUSE CVE-2021-3612 at NVD CVE-2021-3640 at SUSE CVE-2021-3640 at NVD CVE-2021-3653 at SUSE CVE-2021-3653 at NVD CVE-2021-3655 at SUSE CVE-2021-3655 at NVD CVE-2021-3656 at SUSE CVE-2021-3656 at NVD CVE-2021-3659 at SUSE CVE-2021-3659 at NVD CVE-2021-3669 at SUSE CVE-2021-3669 at NVD CVE-2021-3679 at SUSE CVE-2021-3679 at NVD CVE-2021-3715 at SUSE CVE-2021-3715 at NVD CVE-2021-37159 at SUSE CVE-2021-37159 at NVD CVE-2021-3732 at SUSE CVE-2021-3732 at NVD CVE-2021-3739 at SUSE CVE-2021-3739 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-3744 at SUSE CVE-2021-3744 at NVD CVE-2021-3752 at SUSE CVE-2021-3752 at NVD CVE-2021-3753 at SUSE CVE-2021-3753 at NVD CVE-2021-37576 at SUSE CVE-2021-37576 at NVD CVE-2021-3759 at SUSE CVE-2021-3759 at NVD CVE-2021-3760 at SUSE CVE-2021-3760 at NVD CVE-2021-3764 at SUSE CVE-2021-3764 at NVD CVE-2021-3772 at SUSE CVE-2021-3772 at NVD CVE-2021-38160 at SUSE CVE-2021-38160 at NVD CVE-2021-38166 at SUSE CVE-2021-38166 at NVD CVE-2021-38198 at SUSE CVE-2021-38198 at NVD CVE-2021-38204 at SUSE CVE-2021-38204 at NVD CVE-2021-38205 at SUSE CVE-2021-38205 at NVD CVE-2021-38206 at SUSE CVE-2021-38206 at NVD CVE-2021-38207 at SUSE CVE-2021-38207 at NVD CVE-2021-38209 at SUSE CVE-2021-38209 at NVD CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-39648 at SUSE CVE-2021-39648 at NVD CVE-2021-39657 at SUSE CVE-2021-39657 at NVD CVE-2021-39685 at SUSE CVE-2021-39685 at NVD CVE-2021-4001 at SUSE CVE-2021-4001 at NVD CVE-2021-4002 at SUSE CVE-2021-4002 at NVD CVE-2021-40490 at SUSE CVE-2021-40490 at NVD CVE-2021-4083 at SUSE CVE-2021-4083 at NVD CVE-2021-4135 at SUSE CVE-2021-4135 at NVD CVE-2021-4149 at SUSE CVE-2021-4149 at NVD CVE-2021-41864 at SUSE CVE-2021-41864 at NVD CVE-2021-4197 at SUSE CVE-2021-4197 at NVD CVE-2021-42008 at SUSE CVE-2021-42008 at NVD CVE-2021-4202 at SUSE CVE-2021-4202 at NVD CVE-2021-42252 at SUSE CVE-2021-42252 at NVD CVE-2021-42739 at SUSE CVE-2021-42739 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD CVE-2021-43389 at SUSE CVE-2021-43389 at NVD CVE-2021-43975 at SUSE CVE-2021-43975 at NVD CVE-2021-43976 at SUSE CVE-2021-43976 at NVD CVE-2021-44733 at SUSE CVE-2021-44733 at NVD CVE-2021-45095 at SUSE CVE-2021-45095 at NVD CVE-2021-45485 at SUSE CVE-2021-45485 at NVD CVE-2021-45486 at SUSE CVE-2021-45486 at NVD CVE-2021-46283 at SUSE CVE-2021-46283 at NVD CVE-2022-0185 at SUSE CVE-2022-0185 at NVD CVE-2022-0286 at SUSE CVE-2022-0286 at NVD CVE-2022-0322 at SUSE CVE-2022-0322 at NVD CVE-2022-0330 at SUSE CVE-2022-0330 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the kernel-firmware-all-20210208-2.4 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-13081 at SUSE CVE-2017-13081 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2019-9836 at SUSE CVE-2019-9836 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the krb5-1.19.2-150300.8.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-5351 at SUSE CVE-2014-5351 at NVD CVE-2014-5352 at SUSE CVE-2014-5352 at NVD CVE-2014-5353 at SUSE CVE-2014-5353 at NVD CVE-2014-5354 at SUSE CVE-2014-5354 at NVD CVE-2014-5355 at SUSE CVE-2014-5355 at NVD CVE-2014-9421 at SUSE CVE-2014-9421 at NVD CVE-2014-9422 at SUSE CVE-2014-9422 at NVD CVE-2014-9423 at SUSE CVE-2014-9423 at NVD CVE-2015-2694 at SUSE CVE-2015-2694 at NVD CVE-2015-2695 at SUSE CVE-2015-2695 at NVD CVE-2015-2696 at SUSE CVE-2015-2696 at NVD CVE-2015-2697 at SUSE CVE-2015-2697 at NVD CVE-2015-2698 at SUSE CVE-2015-2698 at NVD CVE-2015-8629 at SUSE CVE-2015-8629 at NVD CVE-2015-8630 at SUSE CVE-2015-8630 at NVD CVE-2015-8631 at SUSE CVE-2015-8631 at NVD CVE-2016-3119 at SUSE CVE-2016-3119 at NVD CVE-2016-3120 at SUSE CVE-2016-3120 at NVD CVE-2017-11368 at SUSE CVE-2017-11368 at NVD CVE-2017-11462 at SUSE CVE-2017-11462 at NVD CVE-2018-20217 at SUSE CVE-2018-20217 at NVD CVE-2018-5729 at SUSE CVE-2018-5729 at NVD CVE-2018-5730 at SUSE CVE-2018-5730 at NVD CVE-2020-28196 at SUSE CVE-2020-28196 at NVD CVE-2021-36222 at SUSE CVE-2021-36222 at NVD CVE-2021-37750 at SUSE CVE-2021-37750 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the less-530-3.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9488 at SUSE CVE-2014-9488 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libX11-6-1.6.5-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-14598 at SUSE CVE-2018-14598 at NVD CVE-2018-14599 at SUSE CVE-2018-14599 at NVD CVE-2018-14600 at SUSE CVE-2018-14600 at NVD CVE-2020-14344 at SUSE CVE-2020-14344 at NVD CVE-2020-14363 at SUSE CVE-2020-14363 at NVD CVE-2021-31535 at SUSE CVE-2021-31535 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-2003 at SUSE CVE-2013-2003 at NVD CVE-2017-16612 at SUSE CVE-2017-16612 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1982 at SUSE CVE-2013-1982 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXfixes3-5.0.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1983 at SUSE CVE-2013-1983 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1984 at SUSE CVE-2013-1984 at NVD CVE-2013-1995 at SUSE CVE-2013-1995 at NVD CVE-2013-1998 at SUSE CVE-2013-1998 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1985 at SUSE CVE-2013-1985 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1986 at SUSE CVE-2013-1986 at NVD CVE-2016-7947 at SUSE CVE-2016-7947 at NVD CVE-2016-7948 at SUSE CVE-2016-7948 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1987 at SUSE CVE-2013-1987 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-2063 at SUSE CVE-2013-2063 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-1989 at SUSE CVE-2013-1989 at NVD CVE-2013-2066 at SUSE CVE-2013-2066 at NVD CVE-2016-5407 at SUSE CVE-2016-5407 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libaudit1-2.8.5-3.43 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-5186 at SUSE CVE-2015-5186 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libblkid1-2.36.2-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9114 at SUSE CVE-2014-9114 at NVD CVE-2015-5218 at SUSE CVE-2015-5218 at NVD CVE-2016-2779 at SUSE CVE-2016-2779 at NVD CVE-2016-5011 at SUSE CVE-2016-5011 at NVD CVE-2017-2616 at SUSE CVE-2017-2616 at NVD CVE-2021-37600 at SUSE CVE-2021-37600 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-8927 at SUSE CVE-2020-8927 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-20367 at SUSE CVE-2019-20367 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libcairo-gobject2-1.16.0-5.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9082 at SUSE CVE-2016-9082 at NVD CVE-2017-7475 at SUSE CVE-2017-7475 at NVD CVE-2017-9814 at SUSE CVE-2017-9814 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libcares2-1.17.1+20200724-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-5180 at SUSE CVE-2016-5180 at NVD CVE-2017-1000381 at SUSE CVE-2017-1000381 at NVD CVE-2020-8277 at SUSE CVE-2020-8277 at NVD CVE-2021-3672 at SUSE CVE-2021-3672 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libcontainers-common-20210626-150300.8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2019-10152 at SUSE CVE-2019-10152 at NVD CVE-2020-14370 at SUSE CVE-2020-14370 at NVD CVE-2020-15157 at SUSE CVE-2020-15157 at NVD CVE-2021-20199 at SUSE CVE-2021-20199 at NVD CVE-2021-20291 at SUSE CVE-2021-20291 at NVD CVE-2021-3602 at SUSE CVE-2021-3602 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libcroco-0_6-3-0.6.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-7960 at SUSE CVE-2017-7960 at NVD CVE-2017-7961 at SUSE CVE-2017-7961 at NVD CVE-2017-8834 at SUSE CVE-2017-8834 at NVD CVE-2017-8871 at SUSE CVE-2017-8871 at NVD CVE-2020-12825 at SUSE CVE-2020-12825 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libekmfweb1-2.15.1-150300.8.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2021-25316 at SUSE CVE-2021-25316 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-6272 at SUSE CVE-2014-6272 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libexpat1-2.2.5-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2012-0876 at SUSE CVE-2012-0876 at NVD CVE-2012-6702 at SUSE CVE-2012-6702 at NVD CVE-2015-1283 at SUSE CVE-2015-1283 at NVD CVE-2016-0718 at SUSE CVE-2016-0718 at NVD CVE-2016-4472 at SUSE CVE-2016-4472 at NVD CVE-2016-5300 at SUSE CVE-2016-5300 at NVD CVE-2016-9063 at SUSE CVE-2016-9063 at NVD CVE-2017-9233 at SUSE CVE-2017-9233 at NVD CVE-2018-20843 at SUSE CVE-2018-20843 at NVD CVE-2019-15903 at SUSE CVE-2019-15903 at NVD CVE-2021-45960 at SUSE CVE-2021-45960 at NVD CVE-2021-46143 at SUSE CVE-2021-46143 at NVD CVE-2022-22822 at SUSE CVE-2022-22822 at NVD CVE-2022-22823 at SUSE CVE-2022-22823 at NVD CVE-2022-22824 at SUSE CVE-2022-22824 at NVD CVE-2022-22825 at SUSE CVE-2022-22825 at NVD CVE-2022-22826 at SUSE CVE-2022-22826 at NVD CVE-2022-22827 at SUSE CVE-2022-22827 at NVD CVE-2022-23852 at SUSE CVE-2022-23852 at NVD CVE-2022-23990 at SUSE CVE-2022-23990 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libfreebl3-3.68.2-3.64.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-1569 at SUSE CVE-2014-1569 at NVD CVE-2015-2721 at SUSE CVE-2015-2721 at NVD CVE-2015-4000 at SUSE CVE-2015-4000 at NVD CVE-2015-7181 at SUSE CVE-2015-7181 at NVD CVE-2015-7182 at SUSE CVE-2015-7182 at NVD CVE-2015-7575 at SUSE CVE-2015-7575 at NVD CVE-2016-1950 at SUSE CVE-2016-1950 at NVD CVE-2016-1979 at SUSE CVE-2016-1979 at NVD CVE-2016-2834 at SUSE CVE-2016-2834 at NVD CVE-2018-0495 at SUSE CVE-2018-0495 at NVD CVE-2018-12384 at SUSE CVE-2018-12384 at NVD CVE-2018-12404 at SUSE CVE-2018-12404 at NVD CVE-2018-18508 at SUSE CVE-2018-18508 at NVD CVE-2019-11745 at SUSE CVE-2019-11745 at NVD CVE-2019-17006 at SUSE CVE-2019-17006 at NVD CVE-2020-12399 at SUSE CVE-2020-12399 at NVD CVE-2020-12400 at SUSE CVE-2020-12400 at NVD CVE-2020-12401 at SUSE CVE-2020-12401 at NVD CVE-2020-12402 at SUSE CVE-2020-12402 at NVD CVE-2020-12403 at SUSE CVE-2020-12403 at NVD CVE-2020-25648 at SUSE CVE-2020-25648 at NVD CVE-2020-6829 at SUSE CVE-2020-6829 at NVD CVE-2021-43527 at SUSE CVE-2021-43527 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-2240 at SUSE CVE-2014-2240 at NVD CVE-2014-9656 at SUSE CVE-2014-9656 at NVD CVE-2014-9657 at SUSE CVE-2014-9657 at NVD CVE-2014-9658 at SUSE CVE-2014-9658 at NVD CVE-2014-9659 at SUSE CVE-2014-9659 at NVD CVE-2014-9660 at SUSE CVE-2014-9660 at NVD CVE-2014-9661 at SUSE CVE-2014-9661 at NVD CVE-2014-9662 at SUSE CVE-2014-9662 at NVD CVE-2014-9663 at SUSE CVE-2014-9663 at NVD CVE-2014-9664 at SUSE CVE-2014-9664 at NVD CVE-2014-9665 at SUSE CVE-2014-9665 at NVD CVE-2014-9666 at SUSE CVE-2014-9666 at NVD CVE-2014-9667 at SUSE CVE-2014-9667 at NVD CVE-2014-9668 at SUSE CVE-2014-9668 at NVD CVE-2014-9669 at SUSE CVE-2014-9669 at NVD CVE-2014-9670 at SUSE CVE-2014-9670 at NVD CVE-2014-9671 at SUSE CVE-2014-9671 at NVD CVE-2014-9672 at SUSE CVE-2014-9672 at NVD CVE-2014-9673 at SUSE CVE-2014-9673 at NVD CVE-2014-9674 at SUSE CVE-2014-9674 at NVD CVE-2014-9675 at SUSE CVE-2014-9675 at NVD CVE-2017-8105 at SUSE CVE-2017-8105 at NVD CVE-2017-8287 at SUSE CVE-2017-8287 at NVD CVE-2018-6942 at SUSE CVE-2018-6942 at NVD CVE-2020-15999 at SUSE CVE-2020-15999 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libfribidi0-1.0.5-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-18397 at SUSE CVE-2019-18397 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libgbm1-20.2.4-57.13 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-5068 at SUSE CVE-2019-5068 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libgcrypt20-1.8.2-8.42.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3591 at SUSE CVE-2014-3591 at NVD CVE-2015-0837 at SUSE CVE-2015-0837 at NVD CVE-2015-5738 at SUSE CVE-2015-5738 at NVD CVE-2015-7511 at SUSE CVE-2015-7511 at NVD CVE-2016-6313 at SUSE CVE-2016-6313 at NVD CVE-2017-0379 at SUSE CVE-2017-0379 at NVD CVE-2017-7526 at SUSE CVE-2017-7526 at NVD CVE-2018-0495 at SUSE CVE-2018-0495 at NVD CVE-2019-12904 at SUSE CVE-2019-12904 at NVD CVE-2019-13627 at SUSE CVE-2019-13627 at NVD CVE-2021-33560 at SUSE CVE-2021-33560 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libgmp10-6.1.2-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2021-43618 at SUSE CVE-2021-43618 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-1521 at SUSE CVE-2016-1521 at NVD CVE-2017-5436 at SUSE CVE-2017-5436 at NVD CVE-2018-7999 at SUSE CVE-2018-7999 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libhivex0-1.3.14-5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2021-3504 at SUSE CVE-2021-3504 at NVD CVE-2021-3622 at SUSE CVE-2021-3622 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libhogweed4-3.4.1-4.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-8803 at SUSE CVE-2015-8803 at NVD CVE-2015-8804 at SUSE CVE-2015-8804 at NVD CVE-2015-8805 at SUSE CVE-2015-8805 at NVD CVE-2016-6489 at SUSE CVE-2016-6489 at NVD CVE-2018-16869 at SUSE CVE-2018-16869 at NVD CVE-2021-20305 at SUSE CVE-2021-20305 at NVD CVE-2021-3580 at SUSE CVE-2021-3580 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-2059 at SUSE CVE-2015-2059 at NVD CVE-2015-8948 at SUSE CVE-2015-8948 at NVD CVE-2016-6261 at SUSE CVE-2016-6261 at NVD CVE-2016-6262 at SUSE CVE-2016-6262 at NVD CVE-2016-6263 at SUSE CVE-2016-6263 at NVD CVE-2017-14062 at SUSE CVE-2017-14062 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-2059 at SUSE CVE-2015-2059 at NVD CVE-2015-8948 at SUSE CVE-2015-8948 at NVD CVE-2016-6261 at SUSE CVE-2016-6261 at NVD CVE-2016-6262 at SUSE CVE-2016-6262 at NVD CVE-2016-6263 at SUSE CVE-2016-6263 at NVD CVE-2019-12290 at SUSE CVE-2019-12290 at NVD CVE-2019-18224 at SUSE CVE-2019-18224 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-6401 at SUSE CVE-2013-6401 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-6369 at SUSE CVE-2013-6369 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libjpeg8-8.1.2-32.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9092 at SUSE CVE-2014-9092 at NVD CVE-2017-15232 at SUSE CVE-2017-15232 at NVD CVE-2018-1152 at SUSE CVE-2018-1152 at NVD CVE-2018-11813 at SUSE CVE-2018-11813 at NVD CVE-2018-14498 at SUSE CVE-2018-14498 at NVD CVE-2019-2201 at SUSE CVE-2019-2201 at NVD CVE-2020-13790 at SUSE CVE-2020-13790 at NVD CVE-2020-17541 at SUSE CVE-2020-17541 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-6370 at SUSE CVE-2013-6370 at NVD CVE-2013-6371 at SUSE CVE-2013-6371 at NVD CVE-2020-12762 at SUSE CVE-2020-12762 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9087 at SUSE CVE-2014-9087 at NVD CVE-2016-4574 at SUSE CVE-2016-4574 at NVD CVE-2016-4579 at SUSE CVE-2016-4579 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the liblcms2-2-2.9-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-16435 at SUSE CVE-2018-16435 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libldap-2_4-2-2.4.46-9.58.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-1545 at SUSE CVE-2015-1545 at NVD CVE-2015-1546 at SUSE CVE-2015-1546 at NVD CVE-2015-6908 at SUSE CVE-2015-6908 at NVD CVE-2017-17740 at SUSE CVE-2017-17740 at NVD CVE-2019-13057 at SUSE CVE-2019-13057 at NVD CVE-2019-13565 at SUSE CVE-2019-13565 at NVD CVE-2020-12243 at SUSE CVE-2020-12243 at NVD CVE-2020-15719 at SUSE CVE-2020-15719 at NVD CVE-2020-25692 at SUSE CVE-2020-25692 at NVD CVE-2020-25709 at SUSE CVE-2020-25709 at NVD CVE-2020-25710 at SUSE CVE-2020-25710 at NVD CVE-2020-36221 at SUSE CVE-2020-36221 at NVD CVE-2020-36222 at SUSE CVE-2020-36222 at NVD CVE-2020-36223 at SUSE CVE-2020-36223 at NVD CVE-2020-36224 at SUSE CVE-2020-36224 at NVD CVE-2020-36225 at SUSE CVE-2020-36225 at NVD CVE-2020-36226 at SUSE CVE-2020-36226 at NVD CVE-2020-36227 at SUSE CVE-2020-36227 at NVD CVE-2020-36228 at SUSE CVE-2020-36228 at NVD CVE-2020-36229 at SUSE CVE-2020-36229 at NVD CVE-2020-36230 at SUSE CVE-2020-36230 at NVD CVE-2020-8023 at SUSE CVE-2020-8023 at NVD CVE-2020-8027 at SUSE CVE-2020-8027 at NVD CVE-2021-27212 at SUSE CVE-2021-27212 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libldb2-2.4.1-150300.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-3223 at SUSE CVE-2015-3223 at NVD CVE-2015-5330 at SUSE CVE-2015-5330 at NVD CVE-2018-1140 at SUSE CVE-2018-1140 at NVD CVE-2019-3824 at SUSE CVE-2019-3824 at NVD CVE-2020-10700 at SUSE CVE-2020-10700 at NVD CVE-2020-10730 at SUSE CVE-2020-10730 at NVD CVE-2020-25718 at SUSE CVE-2020-25718 at NVD CVE-2020-27840 at SUSE CVE-2020-27840 at NVD CVE-2021-20277 at SUSE CVE-2021-20277 at NVD CVE-2021-3738 at SUSE CVE-2021-3738 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-6706 at SUSE CVE-2019-6706 at NVD CVE-2020-24370 at SUSE CVE-2020-24370 at NVD CVE-2020-24371 at SUSE CVE-2020-24371 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the liblz4-1-1.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-17543 at SUSE CVE-2019-17543 at NVD CVE-2021-3520 at SUSE CVE-2021-3520 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-4607 at SUSE CVE-2014-4607 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-7038 at SUSE CVE-2013-7038 at NVD CVE-2013-7039 at SUSE CVE-2013-7039 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9556 at SUSE CVE-2014-9556 at NVD CVE-2017-11423 at SUSE CVE-2017-11423 at NVD CVE-2017-6419 at SUSE CVE-2017-6419 at NVD CVE-2018-14679 at SUSE CVE-2018-14679 at NVD CVE-2018-14681 at SUSE CVE-2018-14681 at NVD CVE-2018-14682 at SUSE CVE-2018-14682 at NVD CVE-2018-18584 at SUSE CVE-2018-18584 at NVD CVE-2018-18585 at SUSE CVE-2018-18585 at NVD CVE-2018-18586 at SUSE CVE-2018-18586 at NVD CVE-2019-1010305 at SUSE CVE-2019-1010305 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libncurses6-6.1-5.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-19211 at SUSE CVE-2018-19211 at NVD CVE-2019-17594 at SUSE CVE-2019-17594 at NVD CVE-2019-17595 at SUSE CVE-2019-17595 at NVD CVE-2021-39537 at SUSE CVE-2021-39537 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-1544 at SUSE CVE-2016-1544 at NVD CVE-2018-1000168 at SUSE CVE-2018-1000168 at NVD CVE-2019-18802 at SUSE CVE-2019-18802 at NVD CVE-2019-9511 at SUSE CVE-2019-9511 at NVD CVE-2019-9513 at SUSE CVE-2019-9513 at NVD CVE-2020-11080 at SUSE CVE-2020-11080 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libnm0-1.22.10-3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2006-7246 at SUSE CVE-2006-7246 at NVD CVE-2015-2924 at SUSE CVE-2015-2924 at NVD CVE-2016-0764 at SUSE CVE-2016-0764 at NVD CVE-2018-1000135 at SUSE CVE-2018-1000135 at NVD CVE-2018-15688 at SUSE CVE-2018-15688 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libopenssl-1_1-devel-1.1.1d-11.38.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3513 at SUSE CVE-2014-3513 at NVD CVE-2014-3567 at SUSE CVE-2014-3567 at NVD CVE-2014-3568 at SUSE CVE-2014-3568 at NVD CVE-2014-3569 at SUSE CVE-2014-3569 at NVD CVE-2014-3570 at SUSE CVE-2014-3570 at NVD CVE-2014-3571 at SUSE CVE-2014-3571 at NVD CVE-2014-3572 at SUSE CVE-2014-3572 at NVD CVE-2014-8275 at SUSE CVE-2014-8275 at NVD CVE-2015-0204 at SUSE CVE-2015-0204 at NVD CVE-2015-0205 at SUSE CVE-2015-0205 at NVD CVE-2015-0206 at SUSE CVE-2015-0206 at NVD CVE-2015-0209 at SUSE CVE-2015-0209 at NVD CVE-2015-0286 at SUSE CVE-2015-0286 at NVD CVE-2015-0287 at SUSE CVE-2015-0287 at NVD CVE-2015-0288 at SUSE CVE-2015-0288 at NVD CVE-2015-0289 at SUSE CVE-2015-0289 at NVD CVE-2015-0293 at SUSE CVE-2015-0293 at NVD CVE-2015-1788 at SUSE CVE-2015-1788 at NVD CVE-2015-1789 at SUSE CVE-2015-1789 at NVD CVE-2015-1790 at SUSE CVE-2015-1790 at NVD CVE-2015-1791 at SUSE CVE-2015-1791 at NVD CVE-2015-1792 at SUSE CVE-2015-1792 at NVD CVE-2015-1793 at SUSE CVE-2015-1793 at NVD CVE-2015-1794 at SUSE CVE-2015-1794 at NVD CVE-2015-3193 at SUSE CVE-2015-3193 at NVD CVE-2015-3194 at SUSE CVE-2015-3194 at NVD CVE-2015-3195 at SUSE CVE-2015-3195 at NVD CVE-2015-3196 at SUSE CVE-2015-3196 at NVD CVE-2015-3197 at SUSE CVE-2015-3197 at NVD CVE-2016-0701 at SUSE CVE-2016-0701 at NVD CVE-2016-0702 at SUSE CVE-2016-0702 at NVD CVE-2016-0705 at SUSE CVE-2016-0705 at NVD CVE-2016-0797 at SUSE CVE-2016-0797 at NVD CVE-2016-0798 at SUSE CVE-2016-0798 at NVD CVE-2016-0800 at SUSE CVE-2016-0800 at NVD CVE-2016-2105 at SUSE CVE-2016-2105 at NVD CVE-2016-2106 at SUSE CVE-2016-2106 at NVD CVE-2016-2107 at SUSE CVE-2016-2107 at NVD CVE-2016-2109 at SUSE CVE-2016-2109 at NVD CVE-2016-2176 at SUSE CVE-2016-2176 at NVD CVE-2016-2177 at SUSE CVE-2016-2177 at NVD CVE-2016-2178 at SUSE CVE-2016-2178 at NVD CVE-2016-2179 at SUSE CVE-2016-2179 at NVD CVE-2016-2180 at SUSE CVE-2016-2180 at NVD CVE-2016-2181 at SUSE CVE-2016-2181 at NVD CVE-2016-2182 at SUSE CVE-2016-2182 at NVD CVE-2016-2183 at SUSE CVE-2016-2183 at NVD CVE-2016-6302 at SUSE CVE-2016-6302 at NVD CVE-2016-6303 at SUSE CVE-2016-6303 at NVD CVE-2016-6304 at SUSE CVE-2016-6304 at NVD CVE-2016-6306 at SUSE CVE-2016-6306 at NVD CVE-2016-7052 at SUSE CVE-2016-7052 at NVD CVE-2016-7055 at SUSE CVE-2016-7055 at NVD CVE-2016-7056 at SUSE CVE-2016-7056 at NVD CVE-2017-3731 at SUSE CVE-2017-3731 at NVD CVE-2017-3732 at SUSE CVE-2017-3732 at NVD CVE-2017-3735 at SUSE CVE-2017-3735 at NVD CVE-2017-3736 at SUSE CVE-2017-3736 at NVD CVE-2017-3738 at SUSE CVE-2017-3738 at NVD CVE-2018-0732 at SUSE CVE-2018-0732 at NVD CVE-2018-0734 at SUSE CVE-2018-0734 at NVD CVE-2018-0735 at SUSE CVE-2018-0735 at NVD CVE-2018-0737 at SUSE CVE-2018-0737 at NVD CVE-2018-0739 at SUSE CVE-2018-0739 at NVD CVE-2019-1543 at SUSE CVE-2019-1543 at NVD CVE-2019-1547 at SUSE CVE-2019-1547 at NVD CVE-2019-1549 at SUSE CVE-2019-1549 at NVD CVE-2019-1551 at SUSE CVE-2019-1551 at NVD CVE-2019-1563 at SUSE CVE-2019-1563 at NVD CVE-2020-1967 at SUSE CVE-2020-1967 at NVD CVE-2020-1971 at SUSE CVE-2020-1971 at NVD CVE-2021-23840 at SUSE CVE-2021-23840 at NVD CVE-2021-23841 at SUSE CVE-2021-23841 at NVD CVE-2021-3449 at SUSE CVE-2021-3449 at NVD CVE-2021-3711 at SUSE CVE-2021-3711 at NVD CVE-2021-3712 at SUSE CVE-2021-3712 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libopus0-1.3.1-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-0381 at SUSE CVE-2017-0381 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libosinfo-1.7.1-1.52 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-13313 at SUSE CVE-2019-13313 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libp11-kit0-0.23.2-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-29361 at SUSE CVE-2020-29361 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpango-1_0-0-1.44.7+11-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-15120 at SUSE CVE-2018-15120 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpcap1-1.9.1-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-16301 at SUSE CVE-2018-16301 at NVD CVE-2019-15161 at SUSE CVE-2019-15161 at NVD CVE-2019-15162 at SUSE CVE-2019-15162 at NVD CVE-2019-15163 at SUSE CVE-2019-15163 at NVD CVE-2019-15164 at SUSE CVE-2019-15164 at NVD CVE-2019-15165 at SUSE CVE-2019-15165 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpcre1-8.45-20.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8964 at SUSE CVE-2014-8964 at NVD CVE-2015-2325 at SUSE CVE-2015-2325 at NVD CVE-2015-2326 at SUSE CVE-2015-2326 at NVD CVE-2015-3217 at SUSE CVE-2015-3217 at NVD CVE-2016-1283 at SUSE CVE-2016-1283 at NVD CVE-2016-3191 at SUSE CVE-2016-3191 at NVD CVE-2017-6004 at SUSE CVE-2017-6004 at NVD CVE-2017-7186 at SUSE CVE-2017-7186 at NVD CVE-2017-7244 at SUSE CVE-2017-7244 at NVD CVE-2017-7245 at SUSE CVE-2017-7245 at NVD CVE-2017-7246 at SUSE CVE-2017-7246 at NVD CVE-2019-20838 at SUSE CVE-2019-20838 at NVD CVE-2020-14155 at SUSE CVE-2020-14155 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpcre2-8-0-10.31-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8964 at SUSE CVE-2014-8964 at NVD CVE-2015-2325 at SUSE CVE-2015-2325 at NVD CVE-2015-2326 at SUSE CVE-2015-2326 at NVD CVE-2016-3191 at SUSE CVE-2016-3191 at NVD CVE-2017-7186 at SUSE CVE-2017-7186 at NVD CVE-2017-8786 at SUSE CVE-2017-8786 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpcsclite1-1.8.24-1.14 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-10109 at SUSE CVE-2016-10109 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-8126 at SUSE CVE-2015-8126 at NVD CVE-2016-10087 at SUSE CVE-2016-10087 at NVD CVE-2016-5735 at SUSE CVE-2016-5735 at NVD CVE-2017-12652 at SUSE CVE-2017-12652 at NVD CVE-2018-13785 at SUSE CVE-2018-13785 at NVD CVE-2019-7317 at SUSE CVE-2019-7317 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpolkit0-0.116-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-3218 at SUSE CVE-2015-3218 at NVD CVE-2015-3255 at SUSE CVE-2015-3255 at NVD CVE-2015-3256 at SUSE CVE-2015-3256 at NVD CVE-2015-4625 at SUSE CVE-2015-4625 at NVD CVE-2018-1116 at SUSE CVE-2018-1116 at NVD CVE-2018-19788 at SUSE CVE-2018-19788 at NVD CVE-2019-6133 at SUSE CVE-2019-6133 at NVD CVE-2021-3560 at SUSE CVE-2021-3560 at NVD CVE-2021-4034 at SUSE CVE-2021-4034 at NVD CVE-2021-4115 at SUSE CVE-2021-4115 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libprocps7-3.3.15-7.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-1122 at SUSE CVE-2018-1122 at NVD CVE-2018-1123 at SUSE CVE-2018-1123 at NVD CVE-2018-1124 at SUSE CVE-2018-1124 at NVD CVE-2018-1125 at SUSE CVE-2018-1125 at NVD CVE-2018-1126 at SUSE CVE-2018-1126 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libproxy1-0.4.15-12.41 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-25219 at SUSE CVE-2020-25219 at NVD CVE-2020-26154 at SUSE CVE-2020-26154 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libpython3_6m1_0-3.6.15-10.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-4650 at SUSE CVE-2014-4650 at NVD CVE-2016-0772 at SUSE CVE-2016-0772 at NVD CVE-2016-1000110 at SUSE CVE-2016-1000110 at NVD CVE-2016-5636 at SUSE CVE-2016-5636 at NVD CVE-2016-5699 at SUSE CVE-2016-5699 at NVD CVE-2017-18207 at SUSE CVE-2017-18207 at NVD CVE-2018-1000802 at SUSE CVE-2018-1000802 at NVD CVE-2018-1060 at SUSE CVE-2018-1060 at NVD CVE-2018-1061 at SUSE CVE-2018-1061 at NVD CVE-2018-14647 at SUSE CVE-2018-14647 at NVD CVE-2018-20406 at SUSE CVE-2018-20406 at NVD CVE-2018-20852 at SUSE CVE-2018-20852 at NVD CVE-2019-10160 at SUSE CVE-2019-10160 at NVD CVE-2019-15903 at SUSE CVE-2019-15903 at NVD CVE-2019-16056 at SUSE CVE-2019-16056 at NVD CVE-2019-16935 at SUSE CVE-2019-16935 at NVD CVE-2019-18348 at SUSE CVE-2019-18348 at NVD CVE-2019-20907 at SUSE CVE-2019-20907 at NVD CVE-2019-20916 at SUSE CVE-2019-20916 at NVD CVE-2019-5010 at SUSE CVE-2019-5010 at NVD CVE-2019-9636 at SUSE CVE-2019-9636 at NVD CVE-2019-9674 at SUSE CVE-2019-9674 at NVD CVE-2019-9947 at SUSE CVE-2019-9947 at NVD CVE-2020-14422 at SUSE CVE-2020-14422 at NVD CVE-2020-26116 at SUSE CVE-2020-26116 at NVD CVE-2020-27619 at SUSE CVE-2020-27619 at NVD CVE-2020-8492 at SUSE CVE-2020-8492 at NVD CVE-2021-23336 at SUSE CVE-2021-23336 at NVD CVE-2021-3177 at SUSE CVE-2021-3177 at NVD CVE-2021-3426 at SUSE CVE-2021-3426 at NVD CVE-2021-3733 at SUSE CVE-2021-3733 at NVD CVE-2021-3737 at SUSE CVE-2021-3737 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the librados2-15.2.15.83+gf72054fa653-3.34.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-16818 at SUSE CVE-2017-16818 at NVD CVE-2018-10861 at SUSE CVE-2018-10861 at NVD CVE-2018-1128 at SUSE CVE-2018-1128 at NVD CVE-2018-1129 at SUSE CVE-2018-1129 at NVD CVE-2018-16889 at SUSE CVE-2018-16889 at NVD CVE-2019-10222 at SUSE CVE-2019-10222 at NVD CVE-2019-3821 at SUSE CVE-2019-3821 at NVD CVE-2020-10736 at SUSE CVE-2020-10736 at NVD CVE-2020-1759 at SUSE CVE-2020-1759 at NVD CVE-2020-1760 at SUSE CVE-2020-1760 at NVD CVE-2020-25660 at SUSE CVE-2020-25660 at NVD CVE-2020-25678 at SUSE CVE-2020-25678 at NVD CVE-2020-27781 at SUSE CVE-2020-27781 at NVD CVE-2020-27839 at SUSE CVE-2020-27839 at NVD CVE-2021-20288 at SUSE CVE-2021-20288 at NVD CVE-2021-3509 at SUSE CVE-2021-3509 at NVD CVE-2021-3524 at SUSE CVE-2021-3524 at NVD CVE-2021-3531 at SUSE CVE-2021-3531 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libseccomp2-2.5.3-150300.10.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-9893 at SUSE CVE-2019-9893 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libslirp0-4.3.1-1.51 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-10756 at SUSE CVE-2020-10756 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libsolv-tools-0.7.20-9.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-20532 at SUSE CVE-2018-20532 at NVD CVE-2018-20533 at SUSE CVE-2018-20533 at NVD CVE-2018-20534 at SUSE CVE-2018-20534 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libsoup-2_4-1-2.68.3-2.32 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-2885 at SUSE CVE-2017-2885 at NVD CVE-2018-12910 at SUSE CVE-2018-12910 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libspice-server1-0.14.3-1.48 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-4282 at SUSE CVE-2013-4282 at NVD CVE-2015-3247 at SUSE CVE-2015-3247 at NVD CVE-2015-5260 at SUSE CVE-2015-5260 at NVD CVE-2015-5261 at SUSE CVE-2015-5261 at NVD CVE-2016-0749 at SUSE CVE-2016-0749 at NVD CVE-2016-2150 at SUSE CVE-2016-2150 at NVD CVE-2016-9577 at SUSE CVE-2016-9577 at NVD CVE-2016-9578 at SUSE CVE-2016-9578 at NVD CVE-2018-10873 at SUSE CVE-2018-10873 at NVD CVE-2018-10893 at SUSE CVE-2018-10893 at NVD CVE-2019-3813 at SUSE CVE-2019-3813 at NVD CVE-2020-14355 at SUSE CVE-2020-14355 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libsqlite3-0-3.36.0-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-3414 at SUSE CVE-2015-3414 at NVD CVE-2015-3415 at SUSE CVE-2015-3415 at NVD CVE-2018-20346 at SUSE CVE-2018-20346 at NVD CVE-2018-8740 at SUSE CVE-2018-8740 at NVD CVE-2019-16168 at SUSE CVE-2019-16168 at NVD CVE-2019-19244 at SUSE CVE-2019-19244 at NVD CVE-2019-19317 at SUSE CVE-2019-19317 at NVD CVE-2019-19603 at SUSE CVE-2019-19603 at NVD CVE-2019-19645 at SUSE CVE-2019-19645 at NVD CVE-2019-19646 at SUSE CVE-2019-19646 at NVD CVE-2019-19880 at SUSE CVE-2019-19880 at NVD CVE-2019-19923 at SUSE CVE-2019-19923 at NVD CVE-2019-19924 at SUSE CVE-2019-19924 at NVD CVE-2019-19925 at SUSE CVE-2019-19925 at NVD CVE-2019-19926 at SUSE CVE-2019-19926 at NVD CVE-2019-19959 at SUSE CVE-2019-19959 at NVD CVE-2019-20218 at SUSE CVE-2019-20218 at NVD CVE-2019-9936 at SUSE CVE-2019-9936 at NVD CVE-2019-9937 at SUSE CVE-2019-9937 at NVD CVE-2020-13434 at SUSE CVE-2020-13434 at NVD CVE-2020-13435 at SUSE CVE-2020-13435 at NVD CVE-2020-13630 at SUSE CVE-2020-13630 at NVD CVE-2020-13631 at SUSE CVE-2020-13631 at NVD CVE-2020-13632 at SUSE CVE-2020-13632 at NVD CVE-2020-15358 at SUSE CVE-2020-15358 at NVD CVE-2020-9327 at SUSE CVE-2020-9327 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-1782 at SUSE CVE-2015-1782 at NVD CVE-2016-0787 at SUSE CVE-2016-0787 at NVD CVE-2019-17498 at SUSE CVE-2019-17498 at NVD CVE-2019-3855 at SUSE CVE-2019-3855 at NVD CVE-2019-3856 at SUSE CVE-2019-3856 at NVD CVE-2019-3857 at SUSE CVE-2019-3857 at NVD CVE-2019-3858 at SUSE CVE-2019-3858 at NVD CVE-2019-3859 at SUSE CVE-2019-3859 at NVD CVE-2019-3860 at SUSE CVE-2019-3860 at NVD CVE-2019-3861 at SUSE CVE-2019-3861 at NVD CVE-2019-3862 at SUSE CVE-2019-3862 at NVD CVE-2019-3863 at SUSE CVE-2019-3863 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8132 at SUSE CVE-2014-8132 at NVD CVE-2015-3146 at SUSE CVE-2015-3146 at NVD CVE-2018-10933 at SUSE CVE-2018-10933 at NVD CVE-2019-14889 at SUSE CVE-2019-14889 at NVD CVE-2020-1730 at SUSE CVE-2020-1730 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libsss_certmap0-1.16.1-150300.23.17.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-12173 at SUSE CVE-2017-12173 at NVD CVE-2018-10852 at SUSE CVE-2018-10852 at NVD CVE-2018-16838 at SUSE CVE-2018-16838 at NVD CVE-2019-3811 at SUSE CVE-2019-3811 at NVD CVE-2021-3621 at SUSE CVE-2021-3621 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libsystemd0-246.16-150300.7.39.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-7510 at SUSE CVE-2015-7510 at NVD CVE-2016-10156 at SUSE CVE-2016-10156 at NVD CVE-2017-15908 at SUSE CVE-2017-15908 at NVD CVE-2017-18078 at SUSE CVE-2017-18078 at NVD CVE-2017-9445 at SUSE CVE-2017-9445 at NVD CVE-2018-15686 at SUSE CVE-2018-15686 at NVD CVE-2018-15687 at SUSE CVE-2018-15687 at NVD CVE-2018-15688 at SUSE CVE-2018-15688 at NVD CVE-2018-16864 at SUSE CVE-2018-16864 at NVD CVE-2018-16865 at SUSE CVE-2018-16865 at NVD CVE-2018-21029 at SUSE CVE-2018-21029 at NVD CVE-2018-6954 at SUSE CVE-2018-6954 at NVD CVE-2019-20386 at SUSE CVE-2019-20386 at NVD CVE-2019-3842 at SUSE CVE-2019-3842 at NVD CVE-2019-3843 at SUSE CVE-2019-3843 at NVD CVE-2019-3844 at SUSE CVE-2019-3844 at NVD CVE-2019-6454 at SUSE CVE-2019-6454 at NVD CVE-2020-13529 at SUSE CVE-2020-13529 at NVD CVE-2020-1712 at SUSE CVE-2020-1712 at NVD CVE-2021-33910 at SUSE CVE-2021-33910 at NVD CVE-2021-3997 at SUSE CVE-2021-3997 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-2806 at SUSE CVE-2015-2806 at NVD CVE-2015-3622 at SUSE CVE-2015-3622 at NVD CVE-2016-4008 at SUSE CVE-2016-4008 at NVD CVE-2018-1000654 at SUSE CVE-2018-1000654 at NVD CVE-2018-6003 at SUSE CVE-2018-6003 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libthai-data-0.1.27-1.16 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2009-4012 at SUSE CVE-2009-4012 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libtiff5-4.0.9-45.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2012-4564 at SUSE CVE-2012-4564 at NVD CVE-2013-1960 at SUSE CVE-2013-1960 at NVD CVE-2013-1961 at SUSE CVE-2013-1961 at NVD CVE-2013-4231 at SUSE CVE-2013-4231 at NVD CVE-2013-4232 at SUSE CVE-2013-4232 at NVD CVE-2013-4243 at SUSE CVE-2013-4243 at NVD CVE-2013-4244 at SUSE CVE-2013-4244 at NVD CVE-2014-8127 at SUSE CVE-2014-8127 at NVD CVE-2014-8128 at SUSE CVE-2014-8128 at NVD CVE-2014-8129 at SUSE CVE-2014-8129 at NVD CVE-2014-8130 at SUSE CVE-2014-8130 at NVD CVE-2014-9655 at SUSE CVE-2014-9655 at NVD CVE-2015-1547 at SUSE CVE-2015-1547 at NVD CVE-2015-7554 at SUSE CVE-2015-7554 at NVD CVE-2015-8665 at SUSE CVE-2015-8665 at NVD CVE-2015-8683 at SUSE CVE-2015-8683 at NVD CVE-2015-8781 at SUSE CVE-2015-8781 at NVD CVE-2015-8782 at SUSE CVE-2015-8782 at NVD CVE-2015-8783 at SUSE CVE-2015-8783 at NVD CVE-2016-10092 at SUSE CVE-2016-10092 at NVD CVE-2016-10093 at SUSE CVE-2016-10093 at NVD CVE-2016-10094 at SUSE CVE-2016-10094 at NVD CVE-2016-10095 at SUSE CVE-2016-10095 at NVD CVE-2016-10266 at SUSE CVE-2016-10266 at NVD CVE-2016-10267 at SUSE CVE-2016-10267 at NVD CVE-2016-10268 at SUSE CVE-2016-10268 at NVD CVE-2016-10269 at SUSE CVE-2016-10269 at NVD CVE-2016-10270 at SUSE CVE-2016-10270 at NVD CVE-2016-10271 at SUSE CVE-2016-10271 at NVD CVE-2016-10272 at SUSE CVE-2016-10272 at NVD CVE-2016-10371 at SUSE CVE-2016-10371 at NVD CVE-2016-3186 at SUSE CVE-2016-3186 at NVD CVE-2016-3622 at SUSE CVE-2016-3622 at NVD CVE-2016-3623 at SUSE CVE-2016-3623 at NVD CVE-2016-3658 at SUSE CVE-2016-3658 at NVD CVE-2016-3945 at SUSE CVE-2016-3945 at NVD CVE-2016-3990 at SUSE CVE-2016-3990 at NVD CVE-2016-3991 at SUSE CVE-2016-3991 at NVD CVE-2016-5314 at SUSE CVE-2016-5314 at NVD CVE-2016-5316 at SUSE CVE-2016-5316 at NVD CVE-2016-5317 at SUSE CVE-2016-5317 at NVD CVE-2016-5318 at SUSE CVE-2016-5318 at NVD CVE-2016-5320 at SUSE CVE-2016-5320 at NVD CVE-2016-5321 at SUSE CVE-2016-5321 at NVD CVE-2016-5323 at SUSE CVE-2016-5323 at NVD CVE-2016-5652 at SUSE CVE-2016-5652 at NVD CVE-2016-5875 at SUSE CVE-2016-5875 at NVD CVE-2016-6223 at SUSE CVE-2016-6223 at NVD CVE-2016-9273 at SUSE CVE-2016-9273 at NVD CVE-2016-9297 at SUSE CVE-2016-9297 at NVD CVE-2016-9448 at SUSE CVE-2016-9448 at NVD CVE-2016-9453 at SUSE CVE-2016-9453 at NVD CVE-2016-9538 at SUSE CVE-2016-9538 at NVD CVE-2017-11613 at SUSE CVE-2017-11613 at NVD CVE-2017-12944 at SUSE CVE-2017-12944 at NVD CVE-2017-16232 at SUSE CVE-2017-16232 at NVD CVE-2017-17095 at SUSE CVE-2017-17095 at NVD CVE-2017-18013 at SUSE CVE-2017-18013 at NVD CVE-2017-5225 at SUSE CVE-2017-5225 at NVD CVE-2017-7592 at SUSE CVE-2017-7592 at NVD CVE-2017-7593 at SUSE CVE-2017-7593 at NVD CVE-2017-7594 at SUSE CVE-2017-7594 at NVD CVE-2017-7595 at SUSE CVE-2017-7595 at NVD CVE-2017-7596 at SUSE CVE-2017-7596 at NVD CVE-2017-7597 at SUSE CVE-2017-7597 at NVD CVE-2017-7598 at SUSE CVE-2017-7598 at NVD CVE-2017-7599 at SUSE CVE-2017-7599 at NVD CVE-2017-7600 at SUSE CVE-2017-7600 at NVD CVE-2017-7601 at SUSE CVE-2017-7601 at NVD CVE-2017-7602 at SUSE CVE-2017-7602 at NVD CVE-2017-9403 at SUSE CVE-2017-9403 at NVD CVE-2017-9404 at SUSE CVE-2017-9404 at NVD CVE-2017-9935 at SUSE CVE-2017-9935 at NVD CVE-2017-9936 at SUSE CVE-2017-9936 at NVD CVE-2018-10779 at SUSE CVE-2018-10779 at NVD CVE-2018-10963 at SUSE CVE-2018-10963 at NVD CVE-2018-12900 at SUSE CVE-2018-12900 at NVD CVE-2018-16335 at SUSE CVE-2018-16335 at NVD CVE-2018-17000 at SUSE CVE-2018-17000 at NVD CVE-2018-17100 at SUSE CVE-2018-17100 at NVD CVE-2018-17101 at SUSE CVE-2018-17101 at NVD CVE-2018-17795 at SUSE CVE-2018-17795 at NVD CVE-2018-18557 at SUSE CVE-2018-18557 at NVD CVE-2018-18661 at SUSE CVE-2018-18661 at NVD CVE-2018-19210 at SUSE CVE-2018-19210 at NVD CVE-2018-5784 at SUSE CVE-2018-5784 at NVD CVE-2018-7456 at SUSE CVE-2018-7456 at NVD CVE-2018-8905 at SUSE CVE-2018-8905 at NVD CVE-2019-14973 at SUSE CVE-2019-14973 at NVD CVE-2019-17546 at SUSE CVE-2019-17546 at NVD CVE-2019-6128 at SUSE CVE-2019-6128 at NVD CVE-2019-7663 at SUSE CVE-2019-7663 at NVD CVE-2020-19131 at SUSE CVE-2020-19131 at NVD CVE-2020-35521 at SUSE CVE-2020-35521 at NVD CVE-2020-35522 at SUSE CVE-2020-35522 at NVD CVE-2020-35523 at SUSE CVE-2020-35523 at NVD CVE-2020-35524 at SUSE CVE-2020-35524 at NVD CVE-2022-22844 at SUSE CVE-2022-22844 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libtirpc-netconfig-1.2.6-1.131 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-4429 at SUSE CVE-2016-4429 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libtpms0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2021-3446 at SUSE CVE-2021-3446 at NVD CVE-2021-3505 at SUSE CVE-2021-3505 at NVD CVE-2021-3746 at SUSE CVE-2021-3746 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-3239 at SUSE CVE-2015-3239 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libvirglrenderer0-0.6.0-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-10214 at SUSE CVE-2016-10214 at NVD CVE-2017-5937 at SUSE CVE-2017-5937 at NVD CVE-2017-5957 at SUSE CVE-2017-5957 at NVD CVE-2017-5993 at SUSE CVE-2017-5993 at NVD CVE-2017-5994 at SUSE CVE-2017-5994 at NVD CVE-2017-6386 at SUSE CVE-2017-6386 at NVD CVE-2019-18388 at SUSE CVE-2019-18388 at NVD CVE-2019-18389 at SUSE CVE-2019-18389 at NVD CVE-2019-18390 at SUSE CVE-2019-18390 at NVD CVE-2019-18391 at SUSE CVE-2019-18391 at NVD CVE-2022-0135 at SUSE CVE-2022-0135 at NVD CVE-2022-0175 at SUSE CVE-2022-0175 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libvirt-client-7.1.0-150300.6.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-7823 at SUSE CVE-2014-7823 at NVD CVE-2014-8131 at SUSE CVE-2014-8131 at NVD CVE-2015-0236 at SUSE CVE-2015-0236 at NVD CVE-2015-5247 at SUSE CVE-2015-5247 at NVD CVE-2015-5313 at SUSE CVE-2015-5313 at NVD CVE-2017-1000256 at SUSE CVE-2017-1000256 at NVD CVE-2017-2635 at SUSE CVE-2017-2635 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2018-1064 at SUSE CVE-2018-1064 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-5748 at SUSE CVE-2018-5748 at NVD CVE-2019-10132 at SUSE CVE-2019-10132 at NVD CVE-2019-10161 at SUSE CVE-2019-10161 at NVD CVE-2019-10166 at SUSE CVE-2019-10166 at NVD CVE-2019-10167 at SUSE CVE-2019-10167 at NVD CVE-2019-10168 at SUSE CVE-2019-10168 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-3886 at SUSE CVE-2019-3886 at NVD CVE-2020-10701 at SUSE CVE-2020-10701 at NVD CVE-2020-12430 at SUSE CVE-2020-12430 at NVD CVE-2020-14339 at SUSE CVE-2020-14339 at NVD CVE-2020-15708 at SUSE CVE-2020-15708 at NVD CVE-2020-25637 at SUSE CVE-2020-25637 at NVD CVE-2021-3631 at SUSE CVE-2021-3631 at NVD CVE-2021-3667 at SUSE CVE-2021-3667 at NVD CVE-2021-4147 at SUSE CVE-2021-4147 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libvmtools0-11.3.5-13.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-5191 at SUSE CVE-2015-5191 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libvorbis0-1.3.6-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2008-1420 at SUSE CVE-2008-1420 at NVD CVE-2009-3379 at SUSE CVE-2009-3379 at NVD CVE-2012-0444 at SUSE CVE-2012-0444 at NVD CVE-2017-14160 at SUSE CVE-2017-14160 at NVD CVE-2017-14632 at SUSE CVE-2017-14632 at NVD CVE-2017-14633 at SUSE CVE-2017-14633 at NVD CVE-2018-10392 at SUSE CVE-2018-10392 at NVD CVE-2018-10393 at SUSE CVE-2018-10393 at NVD CVE-2018-5146 at SUSE CVE-2018-5146 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libxkbcommon0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-15853 at SUSE CVE-2018-15853 at NVD CVE-2018-15854 at SUSE CVE-2018-15854 at NVD CVE-2018-15855 at SUSE CVE-2018-15855 at NVD CVE-2018-15856 at SUSE CVE-2018-15856 at NVD CVE-2018-15857 at SUSE CVE-2018-15857 at NVD CVE-2018-15858 at SUSE CVE-2018-15858 at NVD CVE-2018-15859 at SUSE CVE-2018-15859 at NVD CVE-2018-15861 at SUSE CVE-2018-15861 at NVD CVE-2018-15862 at SUSE CVE-2018-15862 at NVD CVE-2018-15863 at SUSE CVE-2018-15863 at NVD CVE-2018-15864 at SUSE CVE-2018-15864 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libxml2-2-2.9.7-3.37.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-0191 at SUSE CVE-2014-0191 at NVD CVE-2014-3660 at SUSE CVE-2014-3660 at NVD CVE-2015-1819 at SUSE CVE-2015-1819 at NVD CVE-2015-5312 at SUSE CVE-2015-5312 at NVD CVE-2015-7497 at SUSE CVE-2015-7497 at NVD CVE-2015-7498 at SUSE CVE-2015-7498 at NVD CVE-2015-7499 at SUSE CVE-2015-7499 at NVD CVE-2015-7500 at SUSE CVE-2015-7500 at NVD CVE-2015-7941 at SUSE CVE-2015-7941 at NVD CVE-2015-7942 at SUSE CVE-2015-7942 at NVD CVE-2015-8035 at SUSE CVE-2015-8035 at NVD CVE-2015-8242 at SUSE CVE-2015-8242 at NVD CVE-2016-1762 at SUSE CVE-2016-1762 at NVD CVE-2016-1833 at SUSE CVE-2016-1833 at NVD CVE-2016-1834 at SUSE CVE-2016-1834 at NVD CVE-2016-1835 at SUSE CVE-2016-1835 at NVD CVE-2016-1836 at SUSE CVE-2016-1836 at NVD CVE-2016-1837 at SUSE CVE-2016-1837 at NVD CVE-2016-1838 at SUSE CVE-2016-1838 at NVD CVE-2016-1839 at SUSE CVE-2016-1839 at NVD CVE-2016-1840 at SUSE CVE-2016-1840 at NVD CVE-2016-3627 at SUSE CVE-2016-3627 at NVD CVE-2016-3705 at SUSE CVE-2016-3705 at NVD CVE-2016-4483 at SUSE CVE-2016-4483 at NVD CVE-2016-4658 at SUSE CVE-2016-4658 at NVD CVE-2017-0663 at SUSE CVE-2017-0663 at NVD CVE-2017-18258 at SUSE CVE-2017-18258 at NVD CVE-2017-5969 at SUSE CVE-2017-5969 at NVD CVE-2017-9047 at SUSE CVE-2017-9047 at NVD CVE-2017-9048 at SUSE CVE-2017-9048 at NVD CVE-2017-9049 at SUSE CVE-2017-9049 at NVD CVE-2018-14404 at SUSE CVE-2018-14404 at NVD CVE-2018-14567 at SUSE CVE-2018-14567 at NVD CVE-2018-9251 at SUSE CVE-2018-9251 at NVD CVE-2019-19956 at SUSE CVE-2019-19956 at NVD CVE-2019-20388 at SUSE CVE-2019-20388 at NVD CVE-2020-24977 at SUSE CVE-2020-24977 at NVD CVE-2020-7595 at SUSE CVE-2020-7595 at NVD CVE-2021-3516 at SUSE CVE-2021-3516 at NVD CVE-2021-3517 at SUSE CVE-2021-3517 at NVD CVE-2021-3518 at SUSE CVE-2021-3518 at NVD CVE-2021-3537 at SUSE CVE-2021-3537 at NVD CVE-2021-3541 at SUSE CVE-2021-3541 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libxslt1-1.1.32-3.8.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-7995 at SUSE CVE-2015-7995 at NVD CVE-2015-9019 at SUSE CVE-2015-9019 at NVD CVE-2016-4738 at SUSE CVE-2016-4738 at NVD CVE-2017-5029 at SUSE CVE-2017-5029 at NVD CVE-2019-11068 at SUSE CVE-2019-11068 at NVD CVE-2019-13117 at SUSE CVE-2019-13117 at NVD CVE-2019-13118 at SUSE CVE-2019-13118 at NVD CVE-2019-18197 at SUSE CVE-2019-18197 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-5950 at SUSE CVE-2017-5950 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libz1-1.2.11-3.24.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9843 at SUSE CVE-2016-9843 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-7202 at SUSE CVE-2014-7202 at NVD CVE-2014-7203 at SUSE CVE-2014-7203 at NVD CVE-2014-9721 at SUSE CVE-2014-9721 at NVD CVE-2019-13132 at SUSE CVE-2019-13132 at NVD CVE-2019-6250 at SUSE CVE-2019-6250 at NVD CVE-2020-15166 at SUSE CVE-2020-15166 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libzstd1-1.4.4-1.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-11922 at SUSE CVE-2019-11922 at NVD CVE-2021-24031 at SUSE CVE-2021-24031 at NVD CVE-2021-24032 at SUSE CVE-2021-24032 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the libzypp-17.29.3-27.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-7435 at SUSE CVE-2017-7435 at NVD CVE-2017-7436 at SUSE CVE-2017-7436 at NVD CVE-2017-9269 at SUSE CVE-2017-9269 at NVD CVE-2017-9271 at SUSE CVE-2017-9271 at NVD CVE-2018-7685 at SUSE CVE-2018-7685 at NVD CVE-2019-18900 at SUSE CVE-2019-18900 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the login_defs-4.8.1-2.43 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-7169 at SUSE CVE-2018-7169 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2011-1098 at SUSE CVE-2011-1098 at NVD CVE-2011-1154 at SUSE CVE-2011-1154 at NVD CVE-2011-1155 at SUSE CVE-2011-1155 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the mozilla-nspr-4.32-3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-7183 at SUSE CVE-2015-7183 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the nfs-client-2.1.1-10.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-3689 at SUSE CVE-2019-3689 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the opensc-0.19.0-3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-16391 at SUSE CVE-2018-16391 at NVD CVE-2018-16392 at SUSE CVE-2018-16392 at NVD CVE-2018-16393 at SUSE CVE-2018-16393 at NVD CVE-2018-16418 at SUSE CVE-2018-16418 at NVD CVE-2018-16419 at SUSE CVE-2018-16419 at NVD CVE-2018-16420 at SUSE CVE-2018-16420 at NVD CVE-2018-16421 at SUSE CVE-2018-16421 at NVD CVE-2018-16422 at SUSE CVE-2018-16422 at NVD CVE-2018-16423 at SUSE CVE-2018-16423 at NVD CVE-2018-16424 at SUSE CVE-2018-16424 at NVD CVE-2018-16425 at SUSE CVE-2018-16425 at NVD CVE-2018-16426 at SUSE CVE-2018-16426 at NVD CVE-2018-16427 at SUSE CVE-2018-16427 at NVD CVE-2019-15945 at SUSE CVE-2019-15945 at NVD CVE-2019-15946 at SUSE CVE-2019-15946 at NVD CVE-2019-19479 at SUSE CVE-2019-19479 at NVD CVE-2019-19480 at SUSE CVE-2019-19480 at NVD CVE-2019-20792 at SUSE CVE-2019-20792 at NVD CVE-2020-26570 at SUSE CVE-2020-26570 at NVD CVE-2020-26571 at SUSE CVE-2020-26571 at NVD CVE-2020-26572 at SUSE CVE-2020-26572 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-4912 at SUSE CVE-2016-4912 at NVD CVE-2016-7567 at SUSE CVE-2016-7567 at NVD CVE-2017-17833 at SUSE CVE-2017-17833 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the openssh-8.4p1-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-8325 at SUSE CVE-2015-8325 at NVD CVE-2016-0777 at SUSE CVE-2016-0777 at NVD CVE-2016-0778 at SUSE CVE-2016-0778 at NVD CVE-2016-10009 at SUSE CVE-2016-10009 at NVD CVE-2016-10010 at SUSE CVE-2016-10010 at NVD CVE-2016-10011 at SUSE CVE-2016-10011 at NVD CVE-2016-10012 at SUSE CVE-2016-10012 at NVD CVE-2016-6210 at SUSE CVE-2016-6210 at NVD CVE-2016-6515 at SUSE CVE-2016-6515 at NVD CVE-2016-8858 at SUSE CVE-2016-8858 at NVD CVE-2018-20685 at SUSE CVE-2018-20685 at NVD CVE-2019-6109 at SUSE CVE-2019-6109 at NVD CVE-2019-6110 at SUSE CVE-2019-6110 at NVD CVE-2019-6111 at SUSE CVE-2019-6111 at NVD CVE-2021-28041 at SUSE CVE-2021-28041 at NVD CVE-2021-41617 at SUSE CVE-2021-41617 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3513 at SUSE CVE-2014-3513 at NVD CVE-2014-3567 at SUSE CVE-2014-3567 at NVD CVE-2014-3568 at SUSE CVE-2014-3568 at NVD CVE-2014-3569 at SUSE CVE-2014-3569 at NVD CVE-2014-3570 at SUSE CVE-2014-3570 at NVD CVE-2014-3571 at SUSE CVE-2014-3571 at NVD CVE-2014-3572 at SUSE CVE-2014-3572 at NVD CVE-2014-8275 at SUSE CVE-2014-8275 at NVD CVE-2015-0204 at SUSE CVE-2015-0204 at NVD CVE-2015-0205 at SUSE CVE-2015-0205 at NVD CVE-2015-0206 at SUSE CVE-2015-0206 at NVD CVE-2015-0209 at SUSE CVE-2015-0209 at NVD CVE-2015-0286 at SUSE CVE-2015-0286 at NVD CVE-2015-0287 at SUSE CVE-2015-0287 at NVD CVE-2015-0288 at SUSE CVE-2015-0288 at NVD CVE-2015-0289 at SUSE CVE-2015-0289 at NVD CVE-2015-0293 at SUSE CVE-2015-0293 at NVD CVE-2015-1788 at SUSE CVE-2015-1788 at NVD CVE-2015-1789 at SUSE CVE-2015-1789 at NVD CVE-2015-1790 at SUSE CVE-2015-1790 at NVD CVE-2015-1791 at SUSE CVE-2015-1791 at NVD CVE-2015-1792 at SUSE CVE-2015-1792 at NVD CVE-2015-1793 at SUSE CVE-2015-1793 at NVD CVE-2015-1794 at SUSE CVE-2015-1794 at NVD CVE-2015-3193 at SUSE CVE-2015-3193 at NVD CVE-2015-3194 at SUSE CVE-2015-3194 at NVD CVE-2015-3195 at SUSE CVE-2015-3195 at NVD CVE-2015-3196 at SUSE CVE-2015-3196 at NVD CVE-2015-3197 at SUSE CVE-2015-3197 at NVD CVE-2016-0701 at SUSE CVE-2016-0701 at NVD CVE-2016-0702 at SUSE CVE-2016-0702 at NVD CVE-2016-0705 at SUSE CVE-2016-0705 at NVD CVE-2016-0797 at SUSE CVE-2016-0797 at NVD CVE-2016-0798 at SUSE CVE-2016-0798 at NVD CVE-2016-0800 at SUSE CVE-2016-0800 at NVD CVE-2016-2105 at SUSE CVE-2016-2105 at NVD CVE-2016-2106 at SUSE CVE-2016-2106 at NVD CVE-2016-2107 at SUSE CVE-2016-2107 at NVD CVE-2016-2109 at SUSE CVE-2016-2109 at NVD CVE-2016-2176 at SUSE CVE-2016-2176 at NVD CVE-2016-2177 at SUSE CVE-2016-2177 at NVD CVE-2016-2178 at SUSE CVE-2016-2178 at NVD CVE-2016-2179 at SUSE CVE-2016-2179 at NVD CVE-2016-2180 at SUSE CVE-2016-2180 at NVD CVE-2016-2181 at SUSE CVE-2016-2181 at NVD CVE-2016-2182 at SUSE CVE-2016-2182 at NVD CVE-2016-2183 at SUSE CVE-2016-2183 at NVD CVE-2016-6302 at SUSE CVE-2016-6302 at NVD CVE-2016-6303 at SUSE CVE-2016-6303 at NVD CVE-2016-6304 at SUSE CVE-2016-6304 at NVD CVE-2016-6306 at SUSE CVE-2016-6306 at NVD CVE-2016-7052 at SUSE CVE-2016-7052 at NVD CVE-2016-7055 at SUSE CVE-2016-7055 at NVD CVE-2016-7056 at SUSE CVE-2016-7056 at NVD CVE-2017-3731 at SUSE CVE-2017-3731 at NVD CVE-2017-3732 at SUSE CVE-2017-3732 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the pam-1.3.0-6.50.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-3238 at SUSE CVE-2015-3238 at NVD CVE-2018-17953 at SUSE CVE-2018-17953 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the perl-5.26.1-15.87 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-12837 at SUSE CVE-2017-12837 at NVD CVE-2017-12883 at SUSE CVE-2017-12883 at NVD CVE-2018-12015 at SUSE CVE-2018-12015 at NVD CVE-2018-18311 at SUSE CVE-2018-18311 at NVD CVE-2018-18312 at SUSE CVE-2018-18312 at NVD CVE-2018-18313 at SUSE CVE-2018-18313 at NVD CVE-2018-18314 at SUSE CVE-2018-18314 at NVD CVE-2020-10543 at SUSE CVE-2020-10543 at NVD CVE-2020-10878 at SUSE CVE-2020-10878 at NVD CVE-2020-12723 at SUSE CVE-2020-12723 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the permissions-20181225-23.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-3687 at SUSE CVE-2019-3687 at NVD CVE-2019-3688 at SUSE CVE-2019-3688 at NVD CVE-2019-3690 at SUSE CVE-2019-3690 at NVD CVE-2020-8013 at SUSE CVE-2020-8013 at NVD CVE-2020-8025 at SUSE CVE-2020-8025 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the podman-3.4.4-150300.9.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-10856 at SUSE CVE-2018-10856 at NVD CVE-2019-10152 at SUSE CVE-2019-10152 at NVD CVE-2019-10214 at SUSE CVE-2019-10214 at NVD CVE-2020-14370 at SUSE CVE-2020-14370 at NVD CVE-2020-1726 at SUSE CVE-2020-1726 at NVD CVE-2021-20199 at SUSE CVE-2021-20199 at NVD CVE-2021-4024 at SUSE CVE-2021-4024 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the policycoreutils-3.1-150300.4.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-7545 at SUSE CVE-2016-7545 at NVD CVE-2018-1063 at SUSE CVE-2018-1063 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the powerpc-utils-1.3.9-150300.9.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-4040 at SUSE CVE-2014-4040 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3618 at SUSE CVE-2014-3618 at NVD CVE-2017-16844 at SUSE CVE-2017-16844 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python-azure-agent-2.2.49.2-3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-0804 at SUSE CVE-2019-0804 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-Babel-2.8.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2021-42771 at SUSE CVE-2021-42771 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-10745 at SUSE CVE-2016-10745 at NVD CVE-2019-10906 at SUSE CVE-2019-10906 at NVD CVE-2019-8341 at SUSE CVE-2019-8341 at NVD CVE-2020-28493 at SUSE CVE-2020-28493 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-18342 at SUSE CVE-2017-18342 at NVD CVE-2020-14343 at SUSE CVE-2020-14343 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-cryptography-2.8-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-25659 at SUSE CVE-2020-25659 at NVD CVE-2020-36242 at SUSE CVE-2020-36242 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-py-1.8.1-5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-29651 at SUSE CVE-2020-29651 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-2296 at SUSE CVE-2015-2296 at NVD CVE-2018-18074 at SUSE CVE-2018-18074 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-rsa-3.4.2-3.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-13757 at SUSE CVE-2020-13757 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-salt-3002.2-150300.53.7.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-1866 at SUSE CVE-2016-1866 at NVD CVE-2016-9639 at SUSE CVE-2016-9639 at NVD CVE-2017-12791 at SUSE CVE-2017-12791 at NVD CVE-2017-14695 at SUSE CVE-2017-14695 at NVD CVE-2017-14696 at SUSE CVE-2017-14696 at NVD CVE-2018-15750 at SUSE CVE-2018-15750 at NVD CVE-2018-15751 at SUSE CVE-2018-15751 at NVD CVE-2019-17361 at SUSE CVE-2019-17361 at NVD CVE-2019-18897 at SUSE CVE-2019-18897 at NVD CVE-2020-11651 at SUSE CVE-2020-11651 at NVD CVE-2020-11652 at SUSE CVE-2020-11652 at NVD CVE-2020-16846 at SUSE CVE-2020-16846 at NVD CVE-2020-17490 at SUSE CVE-2020-17490 at NVD CVE-2020-25592 at SUSE CVE-2020-25592 at NVD CVE-2020-28243 at SUSE CVE-2020-28243 at NVD CVE-2020-28972 at SUSE CVE-2020-28972 at NVD CVE-2020-35662 at SUSE CVE-2020-35662 at NVD CVE-2021-21996 at SUSE CVE-2021-21996 at NVD CVE-2021-25281 at SUSE CVE-2021-25281 at NVD CVE-2021-25282 at SUSE CVE-2021-25282 at NVD CVE-2021-25283 at SUSE CVE-2021-25283 at NVD CVE-2021-25284 at SUSE CVE-2021-25284 at NVD CVE-2021-25315 at SUSE CVE-2021-25315 at NVD CVE-2021-3144 at SUSE CVE-2021-3144 at NVD CVE-2021-3148 at SUSE CVE-2021-3148 at NVD CVE-2021-31607 at SUSE CVE-2021-31607 at NVD CVE-2021-3197 at SUSE CVE-2021-3197 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-20916 at SUSE CVE-2019-20916 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9015 at SUSE CVE-2016-9015 at NVD CVE-2018-20060 at SUSE CVE-2018-20060 at NVD CVE-2019-11236 at SUSE CVE-2019-11236 at NVD CVE-2019-11324 at SUSE CVE-2019-11324 at NVD CVE-2019-9740 at SUSE CVE-2019-9740 at NVD CVE-2020-26137 at SUSE CVE-2020-26137 at NVD CVE-2021-33503 at SUSE CVE-2021-33503 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the qemu-5.2.0-150300.109.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-0222 at SUSE CVE-2014-0222 at NVD CVE-2014-0223 at SUSE CVE-2014-0223 at NVD CVE-2014-3461 at SUSE CVE-2014-3461 at NVD CVE-2014-3640 at SUSE CVE-2014-3640 at NVD CVE-2014-7840 at SUSE CVE-2014-7840 at NVD CVE-2014-8106 at SUSE CVE-2014-8106 at NVD CVE-2015-1779 at SUSE CVE-2015-1779 at NVD CVE-2015-3209 at SUSE CVE-2015-3209 at NVD CVE-2015-3456 at SUSE CVE-2015-3456 at NVD CVE-2015-4037 at SUSE CVE-2015-4037 at NVD CVE-2015-5154 at SUSE CVE-2015-5154 at NVD CVE-2015-5225 at SUSE CVE-2015-5225 at NVD CVE-2015-5278 at SUSE CVE-2015-5278 at NVD CVE-2015-5279 at SUSE CVE-2015-5279 at NVD CVE-2015-5745 at SUSE CVE-2015-5745 at NVD CVE-2015-6815 at SUSE CVE-2015-6815 at NVD CVE-2015-6855 at SUSE CVE-2015-6855 at NVD CVE-2015-7295 at SUSE CVE-2015-7295 at NVD CVE-2015-7512 at SUSE CVE-2015-7512 at NVD CVE-2015-7549 at SUSE CVE-2015-7549 at NVD CVE-2015-8345 at SUSE CVE-2015-8345 at NVD CVE-2015-8504 at SUSE CVE-2015-8504 at NVD CVE-2015-8558 at SUSE CVE-2015-8558 at NVD CVE-2015-8567 at SUSE CVE-2015-8567 at NVD CVE-2015-8568 at SUSE CVE-2015-8568 at NVD CVE-2015-8613 at SUSE CVE-2015-8613 at NVD CVE-2015-8619 at SUSE CVE-2015-8619 at NVD CVE-2015-8743 at SUSE CVE-2015-8743 at NVD CVE-2015-8744 at SUSE CVE-2015-8744 at NVD CVE-2015-8745 at SUSE CVE-2015-8745 at NVD CVE-2016-10028 at SUSE CVE-2016-10028 at NVD CVE-2016-10155 at SUSE CVE-2016-10155 at NVD CVE-2016-1568 at SUSE CVE-2016-1568 at NVD CVE-2016-1714 at SUSE CVE-2016-1714 at NVD CVE-2016-1922 at SUSE CVE-2016-1922 at NVD CVE-2016-1981 at SUSE CVE-2016-1981 at NVD CVE-2016-2198 at SUSE CVE-2016-2198 at NVD CVE-2016-3710 at SUSE CVE-2016-3710 at NVD CVE-2016-3712 at SUSE CVE-2016-3712 at NVD CVE-2016-4002 at SUSE CVE-2016-4002 at NVD CVE-2016-4020 at SUSE CVE-2016-4020 at NVD CVE-2016-4439 at SUSE CVE-2016-4439 at NVD CVE-2016-4441 at SUSE CVE-2016-4441 at NVD CVE-2016-4453 at SUSE CVE-2016-4453 at NVD CVE-2016-4454 at SUSE CVE-2016-4454 at NVD CVE-2016-4952 at SUSE CVE-2016-4952 at NVD CVE-2016-4964 at SUSE CVE-2016-4964 at NVD CVE-2016-5105 at SUSE CVE-2016-5105 at NVD CVE-2016-5106 at SUSE CVE-2016-5106 at NVD CVE-2016-5107 at SUSE CVE-2016-5107 at NVD CVE-2016-5126 at SUSE CVE-2016-5126 at NVD CVE-2016-5238 at SUSE CVE-2016-5238 at NVD CVE-2016-5337 at SUSE CVE-2016-5337 at NVD CVE-2016-5338 at SUSE CVE-2016-5338 at NVD CVE-2016-5403 at SUSE CVE-2016-5403 at NVD CVE-2016-6351 at SUSE CVE-2016-6351 at NVD CVE-2016-6490 at SUSE CVE-2016-6490 at NVD CVE-2016-6833 at SUSE CVE-2016-6833 at NVD CVE-2016-6836 at SUSE CVE-2016-6836 at NVD CVE-2016-6888 at SUSE CVE-2016-6888 at NVD CVE-2016-7116 at SUSE CVE-2016-7116 at NVD CVE-2016-7155 at SUSE CVE-2016-7155 at NVD CVE-2016-7156 at SUSE CVE-2016-7156 at NVD CVE-2016-7157 at SUSE CVE-2016-7157 at NVD CVE-2016-7161 at SUSE CVE-2016-7161 at NVD CVE-2016-7170 at SUSE CVE-2016-7170 at NVD CVE-2016-7421 at SUSE CVE-2016-7421 at NVD CVE-2016-7422 at SUSE CVE-2016-7422 at NVD CVE-2016-7423 at SUSE CVE-2016-7423 at NVD CVE-2016-7466 at SUSE CVE-2016-7466 at NVD CVE-2016-7907 at SUSE CVE-2016-7907 at NVD CVE-2016-7908 at SUSE CVE-2016-7908 at NVD CVE-2016-7909 at SUSE CVE-2016-7909 at NVD CVE-2016-7994 at SUSE CVE-2016-7994 at NVD CVE-2016-7995 at SUSE CVE-2016-7995 at NVD CVE-2016-8576 at SUSE CVE-2016-8576 at NVD CVE-2016-8577 at SUSE CVE-2016-8577 at NVD CVE-2016-8578 at SUSE CVE-2016-8578 at NVD CVE-2016-8667 at SUSE CVE-2016-8667 at NVD CVE-2016-8668 at SUSE CVE-2016-8668 at NVD CVE-2016-8669 at SUSE CVE-2016-8669 at NVD CVE-2016-8909 at SUSE CVE-2016-8909 at NVD CVE-2016-8910 at SUSE CVE-2016-8910 at NVD CVE-2016-9101 at SUSE CVE-2016-9101 at NVD CVE-2016-9102 at SUSE CVE-2016-9102 at NVD CVE-2016-9103 at SUSE CVE-2016-9103 at NVD CVE-2016-9104 at SUSE CVE-2016-9104 at NVD CVE-2016-9105 at SUSE CVE-2016-9105 at NVD CVE-2016-9106 at SUSE CVE-2016-9106 at NVD CVE-2016-9381 at SUSE CVE-2016-9381 at NVD CVE-2016-9602 at SUSE CVE-2016-9602 at NVD CVE-2016-9776 at SUSE CVE-2016-9776 at NVD CVE-2016-9845 at SUSE CVE-2016-9845 at NVD CVE-2016-9846 at SUSE CVE-2016-9846 at NVD CVE-2016-9907 at SUSE CVE-2016-9907 at NVD CVE-2016-9908 at SUSE CVE-2016-9908 at NVD CVE-2016-9911 at SUSE CVE-2016-9911 at NVD CVE-2016-9912 at SUSE CVE-2016-9912 at NVD CVE-2016-9913 at SUSE CVE-2016-9913 at NVD CVE-2016-9921 at SUSE CVE-2016-9921 at NVD CVE-2016-9922 at SUSE CVE-2016-9922 at NVD CVE-2016-9923 at SUSE CVE-2016-9923 at NVD CVE-2017-10664 at SUSE CVE-2017-10664 at NVD CVE-2017-10806 at SUSE CVE-2017-10806 at NVD CVE-2017-11334 at SUSE CVE-2017-11334 at NVD CVE-2017-11434 at SUSE CVE-2017-11434 at NVD CVE-2017-13672 at SUSE CVE-2017-13672 at NVD CVE-2017-13673 at SUSE CVE-2017-13673 at NVD CVE-2017-13711 at SUSE CVE-2017-13711 at NVD CVE-2017-14167 at SUSE CVE-2017-14167 at NVD CVE-2017-15038 at SUSE CVE-2017-15038 at NVD CVE-2017-15118 at SUSE CVE-2017-15118 at NVD CVE-2017-15119 at SUSE CVE-2017-15119 at NVD CVE-2017-15268 at SUSE CVE-2017-15268 at NVD CVE-2017-15289 at SUSE CVE-2017-15289 at NVD CVE-2017-2615 at SUSE CVE-2017-2615 at NVD CVE-2017-2620 at SUSE CVE-2017-2620 at NVD CVE-2017-2630 at SUSE CVE-2017-2630 at NVD CVE-2017-2633 at SUSE CVE-2017-2633 at NVD CVE-2017-5525 at SUSE CVE-2017-5525 at NVD CVE-2017-5526 at SUSE CVE-2017-5526 at NVD CVE-2017-5552 at SUSE CVE-2017-5552 at NVD CVE-2017-5578 at SUSE CVE-2017-5578 at NVD CVE-2017-5579 at SUSE CVE-2017-5579 at NVD CVE-2017-5667 at SUSE CVE-2017-5667 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5856 at SUSE CVE-2017-5856 at NVD CVE-2017-5857 at SUSE CVE-2017-5857 at NVD CVE-2017-5898 at SUSE CVE-2017-5898 at NVD CVE-2017-5931 at SUSE CVE-2017-5931 at NVD CVE-2017-5973 at SUSE CVE-2017-5973 at NVD CVE-2017-5987 at SUSE CVE-2017-5987 at NVD CVE-2017-6058 at SUSE CVE-2017-6058 at NVD CVE-2017-6505 at SUSE CVE-2017-6505 at NVD CVE-2017-7471 at SUSE CVE-2017-7471 at NVD CVE-2017-7493 at SUSE CVE-2017-7493 at NVD CVE-2017-8112 at SUSE CVE-2017-8112 at NVD CVE-2017-8309 at SUSE CVE-2017-8309 at NVD CVE-2017-8379 at SUSE CVE-2017-8379 at NVD CVE-2017-8380 at SUSE CVE-2017-8380 at NVD CVE-2017-9503 at SUSE CVE-2017-9503 at NVD CVE-2017-9524 at SUSE CVE-2017-9524 at NVD CVE-2018-10839 at SUSE CVE-2018-10839 at NVD CVE-2018-11806 at SUSE CVE-2018-11806 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-12207 at SUSE CVE-2018-12207 at NVD CVE-2018-12617 at SUSE CVE-2018-12617 at NVD CVE-2018-15746 at SUSE CVE-2018-15746 at NVD CVE-2018-16847 at SUSE CVE-2018-16847 at NVD CVE-2018-16872 at SUSE CVE-2018-16872 at NVD CVE-2018-17958 at SUSE CVE-2018-17958 at NVD CVE-2018-17962 at SUSE CVE-2018-17962 at NVD CVE-2018-17963 at SUSE CVE-2018-17963 at NVD CVE-2018-18849 at SUSE CVE-2018-18849 at NVD CVE-2018-20123 at SUSE CVE-2018-20123 at NVD CVE-2018-20124 at SUSE CVE-2018-20124 at NVD CVE-2018-20125 at SUSE CVE-2018-20125 at NVD CVE-2018-20126 at SUSE CVE-2018-20126 at NVD CVE-2018-20191 at SUSE CVE-2018-20191 at NVD CVE-2018-20216 at SUSE CVE-2018-20216 at NVD CVE-2018-20815 at SUSE CVE-2018-20815 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-7550 at SUSE CVE-2018-7550 at NVD CVE-2018-7858 at SUSE CVE-2018-7858 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-12068 at SUSE CVE-2019-12068 at NVD CVE-2019-12155 at SUSE CVE-2019-12155 at NVD CVE-2019-13164 at SUSE CVE-2019-13164 at NVD CVE-2019-14378 at SUSE CVE-2019-14378 at NVD CVE-2019-15890 at SUSE CVE-2019-15890 at NVD CVE-2019-5008 at SUSE CVE-2019-5008 at NVD CVE-2019-6778 at SUSE CVE-2019-6778 at NVD CVE-2019-8934 at SUSE CVE-2019-8934 at NVD CVE-2019-9824 at SUSE CVE-2019-9824 at NVD CVE-2020-10702 at SUSE CVE-2020-10702 at NVD CVE-2020-10717 at SUSE CVE-2020-10717 at NVD CVE-2020-10761 at SUSE CVE-2020-10761 at NVD CVE-2020-11102 at SUSE CVE-2020-11102 at NVD CVE-2020-11869 at SUSE CVE-2020-11869 at NVD CVE-2020-13361 at SUSE CVE-2020-13361 at NVD CVE-2020-13362 at SUSE CVE-2020-13362 at NVD CVE-2020-13659 at SUSE CVE-2020-13659 at NVD CVE-2020-13800 at SUSE CVE-2020-13800 at NVD CVE-2020-14364 at SUSE CVE-2020-14364 at NVD CVE-2020-15863 at SUSE CVE-2020-15863 at NVD CVE-2020-16092 at SUSE CVE-2020-16092 at NVD CVE-2020-1711 at SUSE CVE-2020-1711 at NVD CVE-2020-17380 at SUSE CVE-2020-17380 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD CVE-2020-24352 at SUSE CVE-2020-24352 at NVD CVE-2020-25085 at SUSE CVE-2020-25085 at NVD CVE-2020-25707 at SUSE CVE-2020-25707 at NVD CVE-2020-25723 at SUSE CVE-2020-25723 at NVD CVE-2020-27821 at SUSE CVE-2020-27821 at NVD CVE-2020-29129 at SUSE CVE-2020-29129 at NVD CVE-2020-29130 at SUSE CVE-2020-29130 at NVD CVE-2020-35503 at SUSE CVE-2020-35503 at NVD CVE-2020-35504 at SUSE CVE-2020-35504 at NVD CVE-2020-35505 at SUSE CVE-2020-35505 at NVD CVE-2020-35506 at SUSE CVE-2020-35506 at NVD CVE-2020-7039 at SUSE CVE-2020-7039 at NVD CVE-2020-8608 at SUSE CVE-2020-8608 at NVD CVE-2021-20181 at SUSE CVE-2021-20181 at NVD CVE-2021-20203 at SUSE CVE-2021-20203 at NVD CVE-2021-20221 at SUSE CVE-2021-20221 at NVD CVE-2021-20255 at SUSE CVE-2021-20255 at NVD CVE-2021-20257 at SUSE CVE-2021-20257 at NVD CVE-2021-20263 at SUSE CVE-2021-20263 at NVD CVE-2021-3409 at SUSE CVE-2021-3409 at NVD CVE-2021-3416 at SUSE CVE-2021-3416 at NVD CVE-2021-3419 at SUSE CVE-2021-3419 at NVD CVE-2021-3527 at SUSE CVE-2021-3527 at NVD CVE-2021-3544 at SUSE CVE-2021-3544 at NVD CVE-2021-3545 at SUSE CVE-2021-3545 at NVD CVE-2021-3546 at SUSE CVE-2021-3546 at NVD CVE-2021-3582 at SUSE CVE-2021-3582 at NVD CVE-2021-3607 at SUSE CVE-2021-3607 at NVD CVE-2021-3608 at SUSE CVE-2021-3608 at NVD CVE-2021-3682 at SUSE CVE-2021-3682 at NVD CVE-2021-3713 at SUSE CVE-2021-3713 at NVD CVE-2021-3748 at SUSE CVE-2021-3748 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the qemu-ovmf-x86_64-202008-10.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-5731 at SUSE CVE-2017-5731 at NVD CVE-2017-5732 at SUSE CVE-2017-5732 at NVD CVE-2017-5733 at SUSE CVE-2017-5733 at NVD CVE-2017-5734 at SUSE CVE-2017-5734 at NVD CVE-2017-5735 at SUSE CVE-2017-5735 at NVD CVE-2018-0739 at SUSE CVE-2018-0739 at NVD CVE-2018-12178 at SUSE CVE-2018-12178 at NVD CVE-2018-12180 at SUSE CVE-2018-12180 at NVD CVE-2018-12181 at SUSE CVE-2018-12181 at NVD CVE-2018-3613 at SUSE CVE-2018-3613 at NVD CVE-2018-3630 at SUSE CVE-2018-3630 at NVD CVE-2019-0160 at SUSE CVE-2019-0160 at NVD CVE-2019-0161 at SUSE CVE-2019-0161 at NVD CVE-2019-14553 at SUSE CVE-2019-14553 at NVD CVE-2019-14559 at SUSE CVE-2019-14559 at NVD CVE-2019-14562 at SUSE CVE-2019-14562 at NVD CVE-2019-14563 at SUSE CVE-2019-14563 at NVD CVE-2019-14575 at SUSE CVE-2019-14575 at NVD CVE-2019-14584 at SUSE CVE-2019-14584 at NVD CVE-2021-28210 at SUSE CVE-2021-28210 at NVD CVE-2021-28211 at SUSE CVE-2021-28211 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-7236 at SUSE CVE-2015-7236 at NVD CVE-2017-8779 at SUSE CVE-2017-8779 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the rpm-4.14.3-150300.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-7500 at SUSE CVE-2017-7500 at NVD CVE-2021-20266 at SUSE CVE-2021-20266 at NVD CVE-2021-20271 at SUSE CVE-2021-20271 at NVD CVE-2021-3421 at SUSE CVE-2021-3421 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the rsync-3.1.3-4.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8242 at SUSE CVE-2014-8242 at NVD CVE-2014-9512 at SUSE CVE-2014-9512 at NVD CVE-2017-16548 at SUSE CVE-2017-16548 at NVD CVE-2018-5764 at SUSE CVE-2018-5764 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the runc-1.0.3-27.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-16884 at SUSE CVE-2019-16884 at NVD CVE-2019-19921 at SUSE CVE-2019-19921 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD CVE-2021-30465 at SUSE CVE-2021-30465 at NVD CVE-2021-43784 at SUSE CVE-2021-43784 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-8143 at SUSE CVE-2014-8143 at NVD CVE-2015-0240 at SUSE CVE-2015-0240 at NVD CVE-2015-3223 at SUSE CVE-2015-3223 at NVD CVE-2015-5252 at SUSE CVE-2015-5252 at NVD CVE-2015-5296 at SUSE CVE-2015-5296 at NVD CVE-2015-5299 at SUSE CVE-2015-5299 at NVD CVE-2015-5330 at SUSE CVE-2015-5330 at NVD CVE-2015-5370 at SUSE CVE-2015-5370 at NVD CVE-2015-7560 at SUSE CVE-2015-7560 at NVD CVE-2015-8467 at SUSE CVE-2015-8467 at NVD CVE-2015-8543 at SUSE CVE-2015-8543 at NVD CVE-2016-0771 at SUSE CVE-2016-0771 at NVD CVE-2016-2110 at SUSE CVE-2016-2110 at NVD CVE-2016-2111 at SUSE CVE-2016-2111 at NVD CVE-2016-2112 at SUSE CVE-2016-2112 at NVD CVE-2016-2113 at SUSE CVE-2016-2113 at NVD CVE-2016-2115 at SUSE CVE-2016-2115 at NVD CVE-2016-2118 at SUSE CVE-2016-2118 at NVD CVE-2016-2119 at SUSE CVE-2016-2119 at NVD CVE-2016-2123 at SUSE CVE-2016-2123 at NVD CVE-2016-2124 at SUSE CVE-2016-2124 at NVD CVE-2016-2125 at SUSE CVE-2016-2125 at NVD CVE-2016-2126 at SUSE CVE-2016-2126 at NVD CVE-2017-11103 at SUSE CVE-2017-11103 at NVD CVE-2017-12150 at SUSE CVE-2017-12150 at NVD CVE-2017-12151 at SUSE CVE-2017-12151 at NVD CVE-2017-12163 at SUSE CVE-2017-12163 at NVD CVE-2017-14746 at SUSE CVE-2017-14746 at NVD CVE-2017-15275 at SUSE CVE-2017-15275 at NVD CVE-2017-2619 at SUSE CVE-2017-2619 at NVD CVE-2017-7494 at SUSE CVE-2017-7494 at NVD CVE-2018-1050 at SUSE CVE-2018-1050 at NVD CVE-2018-1057 at SUSE CVE-2018-1057 at NVD CVE-2018-10858 at SUSE CVE-2018-10858 at NVD CVE-2018-10918 at SUSE CVE-2018-10918 at NVD CVE-2018-10919 at SUSE CVE-2018-10919 at NVD CVE-2018-1139 at SUSE CVE-2018-1139 at NVD CVE-2018-1140 at SUSE CVE-2018-1140 at NVD CVE-2018-14629 at SUSE CVE-2018-14629 at NVD CVE-2018-16841 at SUSE CVE-2018-16841 at NVD CVE-2018-16851 at SUSE CVE-2018-16851 at NVD CVE-2018-16852 at SUSE CVE-2018-16852 at NVD CVE-2018-16853 at SUSE CVE-2018-16853 at NVD CVE-2018-16857 at SUSE CVE-2018-16857 at NVD CVE-2018-16860 at SUSE CVE-2018-16860 at NVD CVE-2019-10197 at SUSE CVE-2019-10197 at NVD CVE-2019-10218 at SUSE CVE-2019-10218 at NVD CVE-2019-12435 at SUSE CVE-2019-12435 at NVD CVE-2019-12436 at SUSE CVE-2019-12436 at NVD CVE-2019-14833 at SUSE CVE-2019-14833 at NVD CVE-2019-14847 at SUSE CVE-2019-14847 at NVD CVE-2019-14861 at SUSE CVE-2019-14861 at NVD CVE-2019-14870 at SUSE CVE-2019-14870 at NVD CVE-2019-14902 at SUSE CVE-2019-14902 at NVD CVE-2019-14907 at SUSE CVE-2019-14907 at NVD CVE-2019-19344 at SUSE CVE-2019-19344 at NVD CVE-2019-3824 at SUSE CVE-2019-3824 at NVD CVE-2019-3870 at SUSE CVE-2019-3870 at NVD CVE-2019-3880 at SUSE CVE-2019-3880 at NVD CVE-2020-10700 at SUSE CVE-2020-10700 at NVD CVE-2020-10704 at SUSE CVE-2020-10704 at NVD CVE-2020-10730 at SUSE CVE-2020-10730 at NVD CVE-2020-10745 at SUSE CVE-2020-10745 at NVD CVE-2020-10760 at SUSE CVE-2020-10760 at NVD CVE-2020-14303 at SUSE CVE-2020-14303 at NVD CVE-2020-14318 at SUSE CVE-2020-14318 at NVD CVE-2020-14323 at SUSE CVE-2020-14323 at NVD CVE-2020-14383 at SUSE CVE-2020-14383 at NVD CVE-2020-1472 at SUSE CVE-2020-1472 at NVD CVE-2020-17049 at SUSE CVE-2020-17049 at NVD CVE-2020-25717 at SUSE CVE-2020-25717 at NVD CVE-2020-25718 at SUSE CVE-2020-25718 at NVD CVE-2020-25719 at SUSE CVE-2020-25719 at NVD CVE-2020-25721 at SUSE CVE-2020-25721 at NVD CVE-2020-25722 at SUSE CVE-2020-25722 at NVD CVE-2020-27840 at SUSE CVE-2020-27840 at NVD CVE-2021-20254 at SUSE CVE-2021-20254 at NVD CVE-2021-20277 at SUSE CVE-2021-20277 at NVD CVE-2021-20316 at SUSE CVE-2021-20316 at NVD CVE-2021-23192 at SUSE CVE-2021-23192 at NVD CVE-2021-3738 at SUSE CVE-2021-3738 at NVD CVE-2021-43566 at SUSE CVE-2021-43566 at NVD CVE-2021-44141 at SUSE CVE-2021-44141 at NVD CVE-2021-44142 at SUSE CVE-2021-44142 at NVD CVE-2022-0336 at SUSE CVE-2022-0336 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3675 at SUSE CVE-2014-3675 at NVD CVE-2014-3676 at SUSE CVE-2014-3676 at NVD CVE-2014-3677 at SUSE CVE-2014-3677 at NVD CVE-2019-14584 at SUSE CVE-2019-14584 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the slirp4netns-0.4.7-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-6778 at SUSE CVE-2019-6778 at NVD CVE-2020-10756 at SUSE CVE-2020-10756 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the socat-1.7.3.2-4.10 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-3571 at SUSE CVE-2013-3571 at NVD CVE-2014-0019 at SUSE CVE-2014-0019 at NVD CVE-2015-4000 at SUSE CVE-2015-4000 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-4645 at SUSE CVE-2015-4645 at NVD CVE-2015-4646 at SUSE CVE-2015-4646 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the sudo-1.9.5p2-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-9680 at SUSE CVE-2014-9680 at NVD CVE-2016-7032 at SUSE CVE-2016-7032 at NVD CVE-2016-7076 at SUSE CVE-2016-7076 at NVD CVE-2017-1000367 at SUSE CVE-2017-1000367 at NVD CVE-2017-1000368 at SUSE CVE-2017-1000368 at NVD CVE-2019-14287 at SUSE CVE-2019-14287 at NVD CVE-2019-18634 at SUSE CVE-2019-18634 at NVD CVE-2021-23239 at SUSE CVE-2021-23239 at NVD CVE-2021-23240 at SUSE CVE-2021-23240 at NVD CVE-2021-3156 at SUSE CVE-2021-3156 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the supportutils-3.1.17-7.35.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-19637 at SUSE CVE-2018-19637 at NVD CVE-2018-19638 at SUSE CVE-2018-19638 at NVD CVE-2018-19639 at SUSE CVE-2018-19639 at NVD CVE-2018-19640 at SUSE CVE-2018-19640 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the swtpm-0.5.2-1.20 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2020-28407 at SUSE CVE-2020-28407 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the sysstat-12.0.2-3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2018-19416 at SUSE CVE-2018-19416 at NVD CVE-2018-19517 at SUSE CVE-2018-19517 at NVD CVE-2019-16167 at SUSE CVE-2019-16167 at NVD CVE-2019-19725 at SUSE CVE-2019-19725 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the tar-1.30-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2016-6321 at SUSE CVE-2016-6321 at NVD CVE-2018-20482 at SUSE CVE-2018-20482 at NVD CVE-2019-9923 at SUSE CVE-2019-9923 at NVD CVE-2021-20193 at SUSE CVE-2021-20193 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the trousers-0.3.14-6.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-18898 at SUSE CVE-2019-18898 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the ucode-intel-20220207-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-3640 at SUSE CVE-2018-3640 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-11139 at SUSE CVE-2019-11139 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-0548 at SUSE CVE-2020-0548 at NVD CVE-2020-0549 at SUSE CVE-2020-0549 at NVD CVE-2020-24489 at SUSE CVE-2020-24489 at NVD CVE-2020-24511 at SUSE CVE-2020-24511 at NVD CVE-2020-24512 at SUSE CVE-2020-24512 at NVD CVE-2020-24513 at SUSE CVE-2020-24513 at NVD CVE-2020-8695 at SUSE CVE-2020-8695 at NVD CVE-2020-8696 at SUSE CVE-2020-8696 at NVD CVE-2020-8698 at SUSE CVE-2020-8698 at NVD CVE-2021-0127 at SUSE CVE-2021-0127 at NVD CVE-2021-0145 at SUSE CVE-2021-0145 at NVD CVE-2021-0146 at SUSE CVE-2021-0146 at NVD CVE-2021-33120 at SUSE CVE-2021-33120 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2015-0840 at SUSE CVE-2015-0840 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the vim-data-common-8.0.1568-5.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2009-0316 at SUSE CVE-2009-0316 at NVD CVE-2017-1000382 at SUSE CVE-2017-1000382 at NVD CVE-2017-5953 at SUSE CVE-2017-5953 at NVD CVE-2017-6349 at SUSE CVE-2017-6349 at NVD CVE-2017-6350 at SUSE CVE-2017-6350 at NVD CVE-2019-12735 at SUSE CVE-2019-12735 at NVD CVE-2019-20807 at SUSE CVE-2019-20807 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the virt-install-3.2.0-7.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-10183 at SUSE CVE-2019-10183 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the wicked-0.6.68-150300.4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2019-18902 at SUSE CVE-2019-18902 at NVD CVE-2019-18903 at SUSE CVE-2019-18903 at NVD CVE-2020-7216 at SUSE CVE-2020-7216 at NVD CVE-2020-7217 at SUSE CVE-2020-7217 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the wpa_supplicant-2.9-4.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2014-3686 at SUSE CVE-2014-3686 at NVD CVE-2015-1863 at SUSE CVE-2015-1863 at NVD CVE-2015-4141 at SUSE CVE-2015-4141 at NVD CVE-2015-4142 at SUSE CVE-2015-4142 at NVD CVE-2015-4143 at SUSE CVE-2015-4143 at NVD CVE-2015-4144 at SUSE CVE-2015-4144 at NVD CVE-2015-4145 at SUSE CVE-2015-4145 at NVD CVE-2015-4146 at SUSE CVE-2015-4146 at NVD CVE-2015-5310 at SUSE CVE-2015-5310 at NVD CVE-2015-5315 at SUSE CVE-2015-5315 at NVD CVE-2015-5316 at SUSE CVE-2015-5316 at NVD CVE-2015-8041 at SUSE CVE-2015-8041 at NVD CVE-2016-4476 at SUSE CVE-2016-4476 at NVD CVE-2016-4477 at SUSE CVE-2016-4477 at NVD CVE-2017-13077 at SUSE CVE-2017-13077 at NVD CVE-2017-13078 at SUSE CVE-2017-13078 at NVD CVE-2017-13079 at SUSE CVE-2017-13079 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-13081 at SUSE CVE-2017-13081 at NVD CVE-2017-13082 at SUSE CVE-2017-13082 at NVD CVE-2017-13086 at SUSE CVE-2017-13086 at NVD CVE-2017-13087 at SUSE CVE-2017-13087 at NVD CVE-2017-13088 at SUSE CVE-2017-13088 at NVD CVE-2018-14526 at SUSE CVE-2018-14526 at NVD CVE-2019-11555 at SUSE CVE-2019-11555 at NVD CVE-2019-13377 at SUSE CVE-2019-13377 at NVD CVE-2019-16275 at SUSE CVE-2019-16275 at NVD CVE-2019-9494 at SUSE CVE-2019-9494 at NVD CVE-2019-9495 at SUSE CVE-2019-9495 at NVD CVE-2019-9497 at SUSE CVE-2019-9497 at NVD CVE-2019-9498 at SUSE CVE-2019-9498 at NVD CVE-2019-9499 at SUSE CVE-2019-9499 at NVD CVE-2021-0326 at SUSE CVE-2021-0326 at NVD CVE-2021-27803 at SUSE CVE-2021-27803 at NVD CVE-2021-30004 at SUSE CVE-2021-30004 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the xen-libs-4.14.3_06-150300.3.18.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2013-3495 at SUSE CVE-2013-3495 at NVD CVE-2013-4533 at SUSE CVE-2013-4533 at NVD CVE-2013-4534 at SUSE CVE-2013-4534 at NVD CVE-2013-4537 at SUSE CVE-2013-4537 at NVD CVE-2013-4538 at SUSE CVE-2013-4538 at NVD CVE-2013-4539 at SUSE CVE-2013-4539 at NVD CVE-2013-4540 at SUSE CVE-2013-4540 at NVD CVE-2014-0222 at SUSE CVE-2014-0222 at NVD CVE-2014-3640 at SUSE CVE-2014-3640 at NVD CVE-2014-3672 at SUSE CVE-2014-3672 at NVD CVE-2014-7815 at SUSE CVE-2014-7815 at NVD CVE-2015-1779 at SUSE CVE-2015-1779 at NVD CVE-2015-3259 at SUSE CVE-2015-3259 at NVD CVE-2015-3340 at SUSE CVE-2015-3340 at NVD CVE-2015-3456 at SUSE CVE-2015-3456 at NVD CVE-2015-4037 at SUSE CVE-2015-4037 at NVD CVE-2015-4103 at SUSE CVE-2015-4103 at NVD CVE-2015-4104 at SUSE CVE-2015-4104 at NVD CVE-2015-4105 at SUSE CVE-2015-4105 at NVD CVE-2015-4106 at SUSE CVE-2015-4106 at NVD CVE-2015-5154 at SUSE CVE-2015-5154 at NVD CVE-2015-5239 at SUSE CVE-2015-5239 at NVD CVE-2015-5278 at SUSE CVE-2015-5278 at NVD CVE-2015-5307 at SUSE CVE-2015-5307 at NVD CVE-2015-6815 at SUSE CVE-2015-6815 at NVD CVE-2015-6855 at SUSE CVE-2015-6855 at NVD CVE-2015-7311 at SUSE CVE-2015-7311 at NVD CVE-2015-7504 at SUSE CVE-2015-7504 at NVD CVE-2015-7512 at SUSE CVE-2015-7512 at NVD CVE-2015-7549 at SUSE CVE-2015-7549 at NVD CVE-2015-7835 at SUSE CVE-2015-7835 at NVD CVE-2015-7969 at SUSE CVE-2015-7969 at NVD CVE-2015-7970 at SUSE CVE-2015-7970 at NVD CVE-2015-7971 at SUSE CVE-2015-7971 at NVD CVE-2015-7972 at SUSE CVE-2015-7972 at NVD CVE-2015-8104 at SUSE CVE-2015-8104 at NVD CVE-2015-8339 at SUSE CVE-2015-8339 at NVD CVE-2015-8340 at SUSE CVE-2015-8340 at NVD CVE-2015-8341 at SUSE CVE-2015-8341 at NVD CVE-2015-8345 at SUSE CVE-2015-8345 at NVD CVE-2015-8504 at SUSE CVE-2015-8504 at NVD CVE-2015-8550 at SUSE CVE-2015-8550 at NVD CVE-2015-8554 at SUSE CVE-2015-8554 at NVD CVE-2015-8555 at SUSE CVE-2015-8555 at NVD CVE-2015-8558 at SUSE CVE-2015-8558 at NVD CVE-2015-8567 at SUSE CVE-2015-8567 at NVD CVE-2015-8568 at SUSE CVE-2015-8568 at NVD CVE-2015-8613 at SUSE CVE-2015-8613 at NVD CVE-2015-8615 at SUSE CVE-2015-8615 at NVD CVE-2015-8619 at SUSE CVE-2015-8619 at NVD CVE-2015-8743 at SUSE CVE-2015-8743 at NVD CVE-2015-8744 at SUSE CVE-2015-8744 at NVD CVE-2015-8745 at SUSE CVE-2015-8745 at NVD CVE-2016-10013 at SUSE CVE-2016-10013 at NVD CVE-2016-10024 at SUSE CVE-2016-10024 at NVD CVE-2016-10025 at SUSE CVE-2016-10025 at NVD CVE-2016-1568 at SUSE CVE-2016-1568 at NVD CVE-2016-1570 at SUSE CVE-2016-1570 at NVD CVE-2016-1571 at SUSE CVE-2016-1571 at NVD CVE-2016-1714 at SUSE CVE-2016-1714 at NVD CVE-2016-1922 at SUSE CVE-2016-1922 at NVD CVE-2016-1981 at SUSE CVE-2016-1981 at NVD CVE-2016-2198 at SUSE CVE-2016-2198 at NVD CVE-2016-2270 at SUSE CVE-2016-2270 at NVD CVE-2016-2271 at SUSE CVE-2016-2271 at NVD CVE-2016-2391 at SUSE CVE-2016-2391 at NVD CVE-2016-2392 at SUSE CVE-2016-2392 at NVD CVE-2016-2538 at SUSE CVE-2016-2538 at NVD CVE-2016-2841 at SUSE CVE-2016-2841 at NVD CVE-2016-4439 at SUSE CVE-2016-4439 at NVD CVE-2016-4441 at SUSE CVE-2016-4441 at NVD CVE-2016-5238 at SUSE CVE-2016-5238 at NVD CVE-2016-5338 at SUSE CVE-2016-5338 at NVD CVE-2016-6258 at SUSE CVE-2016-6258 at NVD CVE-2016-6259 at SUSE CVE-2016-6259 at NVD CVE-2016-6351 at SUSE CVE-2016-6351 at NVD CVE-2016-7092 at SUSE CVE-2016-7092 at NVD CVE-2016-7093 at SUSE CVE-2016-7093 at NVD CVE-2016-7094 at SUSE CVE-2016-7094 at NVD CVE-2016-7777 at SUSE CVE-2016-7777 at NVD CVE-2016-7908 at SUSE CVE-2016-7908 at NVD CVE-2016-7909 at SUSE CVE-2016-7909 at NVD CVE-2016-8667 at SUSE CVE-2016-8667 at NVD CVE-2016-8669 at SUSE CVE-2016-8669 at NVD CVE-2016-8910 at SUSE CVE-2016-8910 at NVD CVE-2016-9377 at SUSE CVE-2016-9377 at NVD CVE-2016-9378 at SUSE CVE-2016-9378 at NVD CVE-2016-9379 at SUSE CVE-2016-9379 at NVD CVE-2016-9380 at SUSE CVE-2016-9380 at NVD CVE-2016-9381 at SUSE CVE-2016-9381 at NVD CVE-2016-9382 at SUSE CVE-2016-9382 at NVD CVE-2016-9383 at SUSE CVE-2016-9383 at NVD CVE-2016-9384 at SUSE CVE-2016-9384 at NVD CVE-2016-9385 at SUSE CVE-2016-9385 at NVD CVE-2016-9386 at SUSE CVE-2016-9386 at NVD CVE-2016-9637 at SUSE CVE-2016-9637 at NVD CVE-2016-9921 at SUSE CVE-2016-9921 at NVD CVE-2016-9922 at SUSE CVE-2016-9922 at NVD CVE-2016-9932 at SUSE CVE-2016-9932 at NVD CVE-2017-12135 at SUSE CVE-2017-12135 at NVD CVE-2017-12136 at SUSE CVE-2017-12136 at NVD CVE-2017-12137 at SUSE CVE-2017-12137 at NVD CVE-2017-2615 at SUSE CVE-2017-2615 at NVD CVE-2017-2620 at SUSE CVE-2017-2620 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2017-6505 at SUSE CVE-2017-6505 at NVD CVE-2017-8309 at SUSE CVE-2017-8309 at NVD CVE-2017-9330 at SUSE CVE-2017-9330 at NVD CVE-2018-10471 at SUSE CVE-2018-10471 at NVD CVE-2018-10472 at SUSE CVE-2018-10472 at NVD CVE-2018-10981 at SUSE CVE-2018-10981 at NVD CVE-2018-10982 at SUSE CVE-2018-10982 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-12891 at SUSE CVE-2018-12891 at NVD CVE-2018-12892 at SUSE CVE-2018-12892 at NVD CVE-2018-12893 at SUSE CVE-2018-12893 at NVD CVE-2018-15468 at SUSE CVE-2018-15468 at NVD CVE-2018-15469 at SUSE CVE-2018-15469 at NVD CVE-2018-15470 at SUSE CVE-2018-15470 at NVD CVE-2018-18883 at SUSE CVE-2018-18883 at NVD CVE-2018-19961 at SUSE CVE-2018-19961 at NVD CVE-2018-19962 at SUSE CVE-2018-19962 at NVD CVE-2018-19963 at SUSE CVE-2018-19963 at NVD CVE-2018-19964 at SUSE CVE-2018-19964 at NVD CVE-2018-19965 at SUSE CVE-2018-19965 at NVD CVE-2018-19966 at SUSE CVE-2018-19966 at NVD CVE-2018-19967 at SUSE CVE-2018-19967 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-3646 at SUSE CVE-2018-3646 at NVD CVE-2018-3665 at SUSE CVE-2018-3665 at NVD CVE-2018-5244 at SUSE CVE-2018-5244 at NVD CVE-2018-7540 at SUSE CVE-2018-7540 at NVD CVE-2018-7541 at SUSE CVE-2018-7541 at NVD CVE-2018-7542 at SUSE CVE-2018-7542 at NVD CVE-2018-8897 at SUSE CVE-2018-8897 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-17349 at SUSE CVE-2019-17349 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-11739 at SUSE CVE-2020-11739 at NVD CVE-2020-11740 at SUSE CVE-2020-11740 at NVD CVE-2020-11741 at SUSE CVE-2020-11741 at NVD CVE-2020-11742 at SUSE CVE-2020-11742 at NVD CVE-2020-11743 at SUSE CVE-2020-11743 at NVD CVE-2020-15563 at SUSE CVE-2020-15563 at NVD CVE-2020-15565 at SUSE CVE-2020-15565 at NVD CVE-2020-15566 at SUSE CVE-2020-15566 at NVD CVE-2020-15567 at SUSE CVE-2020-15567 at NVD CVE-2020-25595 at SUSE CVE-2020-25595 at NVD CVE-2020-25596 at SUSE CVE-2020-25596 at NVD CVE-2020-25597 at SUSE CVE-2020-25597 at NVD CVE-2020-25598 at SUSE CVE-2020-25598 at NVD CVE-2020-25599 at SUSE CVE-2020-25599 at NVD CVE-2020-25600 at SUSE CVE-2020-25600 at NVD CVE-2020-25601 at SUSE CVE-2020-25601 at NVD CVE-2020-25602 at SUSE CVE-2020-25602 at NVD CVE-2020-25603 at SUSE CVE-2020-25603 at NVD CVE-2020-25604 at SUSE CVE-2020-25604 at NVD CVE-2020-27670 at SUSE CVE-2020-27670 at NVD CVE-2020-27671 at SUSE CVE-2020-27671 at NVD CVE-2020-27672 at SUSE CVE-2020-27672 at NVD CVE-2020-27674 at SUSE CVE-2020-27674 at NVD CVE-2020-28368 at SUSE CVE-2020-28368 at NVD CVE-2020-29040 at SUSE CVE-2020-29040 at NVD CVE-2020-29480 at SUSE CVE-2020-29480 at NVD CVE-2020-29481 at SUSE CVE-2020-29481 at NVD CVE-2020-29483 at SUSE CVE-2020-29483 at NVD CVE-2020-29484 at SUSE CVE-2020-29484 at NVD CVE-2020-29566 at SUSE CVE-2020-29566 at NVD CVE-2020-29567 at SUSE CVE-2020-29567 at NVD CVE-2020-29570 at SUSE CVE-2020-29570 at NVD CVE-2020-29571 at SUSE CVE-2020-29571 at NVD CVE-2021-0089 at SUSE CVE-2021-0089 at NVD CVE-2021-28687 at SUSE CVE-2021-28687 at NVD CVE-2021-28690 at SUSE CVE-2021-28690 at NVD CVE-2021-28692 at SUSE CVE-2021-28692 at NVD CVE-2021-28693 at SUSE CVE-2021-28693 at NVD CVE-2021-28694 at SUSE CVE-2021-28694 at NVD CVE-2021-28695 at SUSE CVE-2021-28695 at NVD CVE-2021-28696 at SUSE CVE-2021-28696 at NVD CVE-2021-28697 at SUSE CVE-2021-28697 at NVD CVE-2021-28698 at SUSE CVE-2021-28698 at NVD CVE-2021-28699 at SUSE CVE-2021-28699 at NVD CVE-2021-28700 at SUSE CVE-2021-28700 at NVD CVE-2021-28701 at SUSE CVE-2021-28701 at NVD CVE-2021-28702 at SUSE CVE-2021-28702 at NVD CVE-2021-28704 at SUSE CVE-2021-28704 at NVD CVE-2021-28705 at SUSE CVE-2021-28705 at NVD CVE-2021-28706 at SUSE CVE-2021-28706 at NVD CVE-2021-28707 at SUSE CVE-2021-28707 at NVD CVE-2021-28708 at SUSE CVE-2021-28708 at NVD CVE-2021-28709 at SUSE CVE-2021-28709 at NVD CVE-2022-23033 at SUSE CVE-2022-23033 at NVD CVE-2022-23034 at SUSE CVE-2022-23034 at NVD CVE-2022-23035 at SUSE CVE-2022-23035 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 These are all security issues fixed in the zypper-1.14.51-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. Moderate CVE-2017-7436 at SUSE CVE-2017-7436 at NVD CVE-2017-9269 at SUSE CVE-2017-9269 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Moderate SUSE bug 1195258 CVE-2021-22570 at SUSE CVE-2021-22570 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 at SUSE CVE-2018-25032 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Moderate SUSE bug 1121227 SUSE bug 1121230 SUSE bug 1122004 SUSE bug 1122021 CVE-2018-20573 at SUSE CVE-2018-20573 at NVD CVE-2018-20574 at SUSE CVE-2018-20574 at NVD CVE-2019-6285 at SUSE CVE-2019-6285 at NVD CVE-2019-6292 at SUSE CVE-2019-6292 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 at SUSE CVE-2022-1097 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Important SUSE bug 1184501 SUSE bug 1194848 SUSE bug 1195999 SUSE bug 1196061 SUSE bug 1196317 SUSE bug 1196368 SUSE bug 1196514 SUSE bug 1196925 SUSE bug 1197134 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 at SUSE CVE-2022-1271 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1175667 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1179639 SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1194649 SUSE bug 1195640 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196196 SUSE bug 1196478 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197300 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197343 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197501 SUSE bug 1197534 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197702 SUSE bug 1197811 SUSE bug 1197812 SUSE bug 1197815 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1197914 SUSE bug 1198027 SUSE bug 1198028 SUSE bug 1198029 SUSE bug 1198030 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-45868 at SUSE CVE-2021-45868 at NVD CVE-2022-0850 at SUSE CVE-2022-0850 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-1011 at SUSE CVE-2022-1011 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1055 at SUSE CVE-2022-1055 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-1198 at SUSE CVE-2022-1198 at NVD CVE-2022-1199 at SUSE CVE-2022-1199 at NVD CVE-2022-1205 at SUSE CVE-2022-1205 at NVD CVE-2022-27666 at SUSE CVE-2022-27666 at NVD CVE-2022-28388 at SUSE CVE-2022-28388 at NVD CVE-2022-28389 at SUSE CVE-2022-28389 at NVD CVE-2022-28390 at SUSE CVE-2022-28390 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1197872 CVE-2022-0934 at SUSE CVE-2022-0934 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning. (bsc#1197637) - Clear network interfaces cache on grains request. (bsc#1196050) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) - Restrict 'state.orchestrate_single' to pass a pillar value if it exists. (bsc#1194632) Important SUSE bug 1182851 SUSE bug 1194632 SUSE bug 1196050 SUSE bug 1196432 SUSE bug 1197417 SUSE bug 1197533 SUSE bug 1197637 CVE-2022-22934 at SUSE CVE-2022-22934 at NVD CVE-2022-22935 at SUSE CVE-2022-22935 at NVD CVE-2022-22936 at SUSE CVE-2022-22936 at NVD CVE-2022-22941 at SUSE CVE-2022-22941 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - team: protect features update by RCU to avoid deadlock (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1175667 SUSE bug 1177028 SUSE bug 1178134 SUSE bug 1179639 SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1194625 SUSE bug 1194649 SUSE bug 1195640 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196196 SUSE bug 1196478 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1197227 SUSE bug 1197243 SUSE bug 1197300 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197343 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197501 SUSE bug 1197534 SUSE bug 1197661 SUSE bug 1197675 SUSE bug 1197677 SUSE bug 1197702 SUSE bug 1197811 SUSE bug 1197812 SUSE bug 1197815 SUSE bug 1197817 SUSE bug 1197819 SUSE bug 1197820 SUSE bug 1197888 SUSE bug 1197889 SUSE bug 1197894 SUSE bug 1198027 SUSE bug 1198028 SUSE bug 1198029 SUSE bug 1198030 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 SUSE bug 1198077 CVE-2021-45868 at SUSE CVE-2021-45868 at NVD CVE-2022-0850 at SUSE CVE-2022-0850 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-1011 at SUSE CVE-2022-1011 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1055 at SUSE CVE-2022-1055 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-1198 at SUSE CVE-2022-1198 at NVD CVE-2022-1199 at SUSE CVE-2022-1199 at NVD CVE-2022-1205 at SUSE CVE-2022-1205 at NVD CVE-2022-27666 at SUSE CVE-2022-27666 at NVD CVE-2022-28388 at SUSE CVE-2022-28388 at NVD CVE-2022-28389 at SUSE CVE-2022-28389 at NVD CVE-2022-28390 at SUSE CVE-2022-28390 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 at SUSE CVE-2022-27239 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) Important SUSE bug 1196338 SUSE bug 1197042 CVE-2022-21698 at SUSE CVE-2022-21698 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 at SUSE CVE-2021-3592 at NVD CVE-2021-3594 at SUSE CVE-2021-3594 at NVD CVE-2021-3595 at SUSE CVE-2021-3595 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). Moderate SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2022-26356 at SUSE CVE-2022-26356 at NVD CVE-2022-26357 at SUSE CVE-2022-26357 at NVD CVE-2022-26358 at SUSE CVE-2022-26358 at NVD CVE-2022-26359 at SUSE CVE-2022-26359 at NVD CVE-2022-26360 at SUSE CVE-2022-26360 at NVD CVE-2022-26361 at SUSE CVE-2022-26361 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Moderate SUSE bug 1029961 SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1181131 CVE-2018-20482 at SUSE CVE-2018-20482 at NVD CVE-2019-9923 at SUSE CVE-2019-9923 at NVD CVE-2021-20193 at SUSE CVE-2021-20193 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 Moderate SUSE bug 1193364 SUSE bug 1196625 SUSE bug 1197636 CVE-2022-0897 at SUSE CVE-2022-0897 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397). Low SUSE bug 1198397 CVE-2021-3670 at SUSE CVE-2021-3670 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Important SUSE bug 1198062 SUSE bug 1198922 CVE-2022-1271 at SUSE CVE-2022-1271 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) Moderate SUSE bug 1198614 SUSE bug 1198723 SUSE bug 1198766 CVE-2022-22576 at SUSE CVE-2022-22576 at NVD CVE-2022-27775 at SUSE CVE-2022-27775 at NVD CVE-2022-27776 at SUSE CVE-2022-27776 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1071995 SUSE bug 1137728 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1194625 SUSE bug 1195651 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197677 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198077 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198534 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1198989 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-0707 at SUSE CVE-2021-0707 at NVD CVE-2021-20292 at SUSE CVE-2021-20292 at NVD CVE-2021-20321 at SUSE CVE-2021-20321 at NVD CVE-2021-38208 at SUSE CVE-2021-38208 at NVD CVE-2021-4154 at SUSE CVE-2021-4154 at NVD CVE-2022-0812 at SUSE CVE-2022-0812 at NVD CVE-2022-1158 at SUSE CVE-2022-1158 at NVD CVE-2022-1280 at SUSE CVE-2022-1280 at NVD CVE-2022-1353 at SUSE CVE-2022-1353 at NVD CVE-2022-1419 at SUSE CVE-2022-1419 at NVD CVE-2022-1516 at SUSE CVE-2022-1516 at NVD CVE-2022-28356 at SUSE CVE-2022-28356 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-28893 at SUSE CVE-2022-28893 at NVD CVE-2022-29156 at SUSE CVE-2022-29156 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Important SUSE bug 1199240 CVE-2022-29155 at SUSE CVE-2022-29155 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). Important SUSE bug 1028340 SUSE bug 1071995 SUSE bug 1137728 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1177028 SUSE bug 1179878 SUSE bug 1182073 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1193556 SUSE bug 1193842 SUSE bug 1194625 SUSE bug 1195651 SUSE bug 1195926 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196367 SUSE bug 1196514 SUSE bug 1196639 SUSE bug 1196942 SUSE bug 1197157 SUSE bug 1197391 SUSE bug 1197656 SUSE bug 1197660 SUSE bug 1197677 SUSE bug 1197914 SUSE bug 1197926 SUSE bug 1198077 SUSE bug 1198217 SUSE bug 1198330 SUSE bug 1198400 SUSE bug 1198413 SUSE bug 1198437 SUSE bug 1198448 SUSE bug 1198484 SUSE bug 1198515 SUSE bug 1198516 SUSE bug 1198534 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1198989 SUSE bug 1199012 SUSE bug 1199024 CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-0707 at SUSE CVE-2021-0707 at NVD CVE-2021-20292 at SUSE CVE-2021-20292 at NVD CVE-2021-20321 at SUSE CVE-2021-20321 at NVD CVE-2021-38208 at SUSE CVE-2021-38208 at NVD CVE-2021-4154 at SUSE CVE-2021-4154 at NVD CVE-2022-0812 at SUSE CVE-2022-0812 at NVD CVE-2022-1158 at SUSE CVE-2022-1158 at NVD CVE-2022-1280 at SUSE CVE-2022-1280 at NVD CVE-2022-1353 at SUSE CVE-2022-1353 at NVD CVE-2022-1419 at SUSE CVE-2022-1419 at NVD CVE-2022-1516 at SUSE CVE-2022-1516 at NVD CVE-2022-28356 at SUSE CVE-2022-28356 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-28893 at SUSE CVE-2022-28893 at NVD CVE-2022-29156 at SUSE CVE-2022-29156 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 at SUSE CVE-2022-1304 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Important SUSE bug 1193930 SUSE bug 1196441 SUSE bug 1197284 SUSE bug 1197517 CVE-2021-43565 at SUSE CVE-2021-43565 at NVD CVE-2022-23648 at SUSE CVE-2022-23648 at NVD CVE-2022-24769 at SUSE CVE-2022-24769 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 at SUSE CVE-2022-21151 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Important SUSE bug 1187364 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1198773 CVE-2021-3592 at SUSE CVE-2021-3592 at NVD CVE-2021-3594 at SUSE CVE-2021-3594 at NVD CVE-2021-3595 at SUSE CVE-2021-3595 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Important SUSE bug 1196490 SUSE bug 1199132 CVE-2022-23308 at SUSE CVE-2022-23308 at NVD CVE-2022-29824 at SUSE CVE-2022-29824 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) Moderate SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 at SUSE CVE-2021-26312 at NVD CVE-2021-26339 at SUSE CVE-2021-26339 at NVD CVE-2021-26342 at SUSE CVE-2021-26342 at NVD CVE-2021-26347 at SUSE CVE-2021-26347 at NVD CVE-2021-26348 at SUSE CVE-2021-26348 at NVD CVE-2021-26349 at SUSE CVE-2021-26349 at NVD CVE-2021-26350 at SUSE CVE-2021-26350 at NVD CVE-2021-26364 at SUSE CVE-2021-26364 at NVD CVE-2021-26372 at SUSE CVE-2021-26372 at NVD CVE-2021-26373 at SUSE CVE-2021-26373 at NVD CVE-2021-26375 at SUSE CVE-2021-26375 at NVD CVE-2021-26376 at SUSE CVE-2021-26376 at NVD CVE-2021-26378 at SUSE CVE-2021-26378 at NVD CVE-2021-26388 at SUSE CVE-2021-26388 at NVD CVE-2021-46744 at SUSE CVE-2021-46744 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). Moderate SUSE bug 1196147 SUSE bug 1196148 SUSE bug 1196150 CVE-2022-25308 at SUSE CVE-2022-25308 at NVD CVE-2022-25309 at SUSE CVE-2022-25309 at NVD CVE-2022-25310 at SUSE CVE-2022-25310 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) Important SUSE bug 1199474 CVE-2022-26691 at SUSE CVE-2022-26691 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) Important SUSE bug 1199223 SUSE bug 1199224 CVE-2022-27781 at SUSE CVE-2022-27781 at NVD CVE-2022-27782 at SUSE CVE-2022-27782 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). Important SUSE bug 1195964 SUSE bug 1195965 SUSE bug 1197066 SUSE bug 1197068 SUSE bug 1197072 SUSE bug 1197073 SUSE bug 1197074 SUSE bug 1197631 CVE-2022-0561 at SUSE CVE-2022-0561 at NVD CVE-2022-0562 at SUSE CVE-2022-0562 at NVD CVE-2022-0865 at SUSE CVE-2022-0865 at NVD CVE-2022-0891 at SUSE CVE-2022-0891 at NVD CVE-2022-0908 at SUSE CVE-2022-0908 at NVD CVE-2022-0909 at SUSE CVE-2022-0909 at NVD CVE-2022-0924 at SUSE CVE-2022-0924 at NVD CVE-2022-1056 at SUSE CVE-2022-1056 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). Important SUSE bug 1199232 CVE-2022-1586 at SUSE CVE-2022-1586 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Important SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1193282 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198495 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 at SUSE CVE-2021-3695 at NVD CVE-2021-3696 at SUSE CVE-2021-3696 at NVD CVE-2021-3697 at SUSE CVE-2021-3697 at NVD CVE-2022-28733 at SUSE CVE-2022-28733 at NVD CVE-2022-28734 at SUSE CVE-2022-28734 at NVD CVE-2022-28735 at SUSE CVE-2022-28735 at NVD CVE-2022-28736 at SUSE CVE-2022-28736 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Important SUSE bug 1027519 SUSE bug 1197426 SUSE bug 1199965 SUSE bug 1199966 CVE-2022-26358 at SUSE CVE-2022-26358 at NVD CVE-2022-26359 at SUSE CVE-2022-26359 at NVD CVE-2022-26360 at SUSE CVE-2022-26360 at NVD CVE-2022-26361 at SUSE CVE-2022-26361 at NVD CVE-2022-26362 at SUSE CVE-2022-26362 at NVD CVE-2022-26363 at SUSE CVE-2022-26363 at NVD CVE-2022-26364 at SUSE CVE-2022-26364 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded &lt;linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200192 SUSE bug 1200216 CVE-2019-19377 at SUSE CVE-2019-19377 at NVD CVE-2021-33061 at SUSE CVE-2021-33061 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-1652 at SUSE CVE-2022-1652 at NVD CVE-2022-1729 at SUSE CVE-2022-1729 at NVD CVE-2022-1972 at SUSE CVE-2022-1972 at NVD CVE-2022-20008 at SUSE CVE-2022-20008 at NVD CVE-2022-21123 at SUSE CVE-2022-21123 at NVD CVE-2022-21125 at SUSE CVE-2022-21125 at NVD CVE-2022-21127 at SUSE CVE-2022-21127 at NVD CVE-2022-21166 at SUSE CVE-2022-21166 at NVD CVE-2022-21180 at SUSE CVE-2022-21180 at NVD CVE-2022-30594 at SUSE CVE-2022-30594 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). Important SUSE bug 1070955 SUSE bug 1191770 SUSE bug 1192167 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 CVE-2017-17087 at SUSE CVE-2017-17087 at NVD CVE-2021-3778 at SUSE CVE-2021-3778 at NVD CVE-2021-3796 at SUSE CVE-2021-3796 at NVD CVE-2021-3872 at SUSE CVE-2021-3872 at NVD CVE-2021-3875 at SUSE CVE-2021-3875 at NVD CVE-2021-3903 at SUSE CVE-2021-3903 at NVD CVE-2021-3927 at SUSE CVE-2021-3927 at NVD CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2021-3968 at SUSE CVE-2021-3968 at NVD CVE-2021-3973 at SUSE CVE-2021-3973 at NVD CVE-2021-3974 at SUSE CVE-2021-3974 at NVD CVE-2021-3984 at SUSE CVE-2021-3984 at NVD CVE-2021-4019 at SUSE CVE-2021-4019 at NVD CVE-2021-4069 at SUSE CVE-2021-4069 at NVD CVE-2021-4136 at SUSE CVE-2021-4136 at NVD CVE-2021-4166 at SUSE CVE-2021-4166 at NVD CVE-2021-4192 at SUSE CVE-2021-4192 at NVD CVE-2021-4193 at SUSE CVE-2021-4193 at NVD CVE-2021-46059 at SUSE CVE-2021-46059 at NVD CVE-2022-0128 at SUSE CVE-2022-0128 at NVD CVE-2022-0213 at SUSE CVE-2022-0213 at NVD CVE-2022-0261 at SUSE CVE-2022-0261 at NVD CVE-2022-0318 at SUSE CVE-2022-0318 at NVD CVE-2022-0319 at SUSE CVE-2022-0319 at NVD CVE-2022-0351 at SUSE CVE-2022-0351 at NVD CVE-2022-0359 at SUSE CVE-2022-0359 at NVD CVE-2022-0361 at SUSE CVE-2022-0361 at NVD CVE-2022-0392 at SUSE CVE-2022-0392 at NVD CVE-2022-0407 at SUSE CVE-2022-0407 at NVD CVE-2022-0413 at SUSE CVE-2022-0413 at NVD CVE-2022-0696 at SUSE CVE-2022-0696 at NVD CVE-2022-1381 at SUSE CVE-2022-1381 at NVD CVE-2022-1420 at SUSE CVE-2022-1420 at NVD CVE-2022-1616 at SUSE CVE-2022-1616 at NVD CVE-2022-1619 at SUSE CVE-2022-1619 at NVD CVE-2022-1620 at SUSE CVE-2022-1620 at NVD CVE-2022-1733 at SUSE CVE-2022-1733 at NVD CVE-2022-1735 at SUSE CVE-2022-1735 at NVD CVE-2022-1771 at SUSE CVE-2022-1771 at NVD CVE-2022-1785 at SUSE CVE-2022-1785 at NVD CVE-2022-1796 at SUSE CVE-2022-1796 at NVD CVE-2022-1851 at SUSE CVE-2022-1851 at NVD CVE-2022-1897 at SUSE CVE-2022-1897 at NVD CVE-2022-1898 at SUSE CVE-2022-1898 at NVD CVE-2022-1927 at SUSE CVE-2022-1927 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). Important SUSE bug 1177282 SUSE bug 1199365 SUSE bug 1200015 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200268 SUSE bug 1200529 CVE-2020-26541 at SUSE CVE-2020-26541 at NVD CVE-2022-1966 at SUSE CVE-2022-1966 at NVD CVE-2022-1974 at SUSE CVE-2022-1974 at NVD CVE-2022-1975 at SUSE CVE-2022-1975 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-20141: Fixwed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - ARM: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: avoid fixmap race condition when create pud mapping (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver. - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - NFC: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - NFC: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). Important SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065729 SUSE bug 1103269 SUSE bug 1118212 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1158266 SUSE bug 1167773 SUSE bug 1176447 SUSE bug 1177282 SUSE bug 1178134 SUSE bug 1180100 SUSE bug 1183405 SUSE bug 1188885 SUSE bug 1195826 SUSE bug 1196426 SUSE bug 1196478 SUSE bug 1196570 SUSE bug 1196840 SUSE bug 1197446 SUSE bug 1197472 SUSE bug 1197601 SUSE bug 1197675 SUSE bug 1198438 SUSE bug 1198577 SUSE bug 1198971 SUSE bug 1198989 SUSE bug 1199035 SUSE bug 1199052 SUSE bug 1199063 SUSE bug 1199114 SUSE bug 1199314 SUSE bug 1199365 SUSE bug 1199505 SUSE bug 1199507 SUSE bug 1199564 SUSE bug 1199626 SUSE bug 1199631 SUSE bug 1199650 SUSE bug 1199670 SUSE bug 1199839 SUSE bug 1200015 SUSE bug 1200019 SUSE bug 1200045 SUSE bug 1200046 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200192 SUSE bug 1200206 SUSE bug 1200207 SUSE bug 1200216 SUSE bug 1200249 SUSE bug 1200259 SUSE bug 1200263 SUSE bug 1200529 SUSE bug 1200549 SUSE bug 1200604 CVE-2019-19377 at SUSE CVE-2019-19377 at NVD CVE-2020-26541 at SUSE CVE-2020-26541 at NVD CVE-2021-33061 at SUSE CVE-2021-33061 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-1652 at SUSE CVE-2022-1652 at NVD CVE-2022-1729 at SUSE CVE-2022-1729 at NVD CVE-2022-1966 at SUSE CVE-2022-1966 at NVD CVE-2022-1972 at SUSE CVE-2022-1972 at NVD CVE-2022-1974 at SUSE CVE-2022-1974 at NVD CVE-2022-1975 at SUSE CVE-2022-1975 at NVD CVE-2022-20008 at SUSE CVE-2022-20008 at NVD CVE-2022-20141 at SUSE CVE-2022-20141 at NVD CVE-2022-21123 at SUSE CVE-2022-21123 at NVD CVE-2022-21125 at SUSE CVE-2022-21125 at NVD CVE-2022-21127 at SUSE CVE-2022-21127 at NVD CVE-2022-21166 at SUSE CVE-2022-21166 at NVD CVE-2022-21180 at SUSE CVE-2022-21180 at NVD CVE-2022-30594 at SUSE CVE-2022-30594 at NVD CVE-2022-32250 at SUSE CVE-2022-32250 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566) Important SUSE bug 1200566 CVE-2022-22967 at SUSE CVE-2022-22967 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 at SUSE CVE-2022-1292 at NVD CVE-2022-2068 at SUSE CVE-2022-2068 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) Important SUSE bug 1197084 SUSE bug 1198035 SUSE bug 1198037 SUSE bug 1198712 SUSE bug 1199018 SUSE bug 1199924 CVE-2021-4206 at SUSE CVE-2021-4206 at NVD CVE-2021-4207 at SUSE CVE-2021-4207 at NVD CVE-2022-26354 at SUSE CVE-2022-26354 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of s390-tools fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) Important SUSE bug 1200735 SUSE bug 1200737 CVE-2022-32206 at SUSE CVE-2022-32206 at NVD CVE-2022-32208 at SUSE CVE-2022-32208 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1201099 CVE-2022-2097 at SUSE CVE-2022-2097 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. Important SUSE bug 1192051 SUSE bug 1199460 SUSE bug 1199565 SUSE bug 1200088 SUSE bug 1200145 CVE-2022-29162 at SUSE CVE-2022-29162 at NVD CVE-2022-31030 at SUSE CVE-2022-31030 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ignition fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). - Update to version 2.14.0 Moderate SUSE bug 1199524 CVE-2022-1706 at SUSE CVE-2022-1706 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 at SUSE CVE-2015-20107 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 at SUSE CVE-2022-1586 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) Moderate SUSE bug 1180065 CVE-2020-29362 at SUSE CVE-2020-29362 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Add various fsctl structs (bsc#1200217). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: fix snapshot mount option (bsc#1200217). - [smb3] improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - [smb3] move more common protocol header definitions to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ] - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1184924 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1198924 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 CVE-2021-26341 at SUSE CVE-2021-26341 at NVD CVE-2021-4157 at SUSE CVE-2021-4157 at NVD CVE-2022-1012 at SUSE CVE-2022-1012 at NVD CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-33981 at SUSE CVE-2022-33981 at NVD CVE-2022-34918 at SUSE CVE-2022-34918 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. Important SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1198486 SUSE bug 1200027 CVE-2022-31741 at SUSE CVE-2022-31741 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) Important SUSE bug 1196125 SUSE bug 1201225 CVE-2022-34903 at SUSE CVE-2022-34903 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). Important SUSE bug 1192449 SUSE bug 1200278 SUSE bug 1200802 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). Important SUSE bug 1065729 SUSE bug 1179195 SUSE bug 1180814 SUSE bug 1184924 SUSE bug 1185762 SUSE bug 1192761 SUSE bug 1193629 SUSE bug 1194013 SUSE bug 1195504 SUSE bug 1195775 SUSE bug 1196901 SUSE bug 1197362 SUSE bug 1197754 SUSE bug 1198020 SUSE bug 1198924 SUSE bug 1199482 SUSE bug 1199487 SUSE bug 1199489 SUSE bug 1199657 SUSE bug 1200217 SUSE bug 1200263 SUSE bug 1200343 SUSE bug 1200442 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200600 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200622 SUSE bug 1200692 SUSE bug 1200806 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200810 SUSE bug 1200813 SUSE bug 1200816 SUSE bug 1200820 SUSE bug 1200821 SUSE bug 1200822 SUSE bug 1200825 SUSE bug 1200828 SUSE bug 1200829 SUSE bug 1200925 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201143 SUSE bug 1201147 SUSE bug 1201149 SUSE bug 1201160 SUSE bug 1201171 SUSE bug 1201177 SUSE bug 1201193 SUSE bug 1201222 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 CVE-2021-26341 at SUSE CVE-2021-26341 at NVD CVE-2021-4157 at SUSE CVE-2021-4157 at NVD CVE-2022-1012 at SUSE CVE-2022-1012 at NVD CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-20141 at SUSE CVE-2022-20141 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-33981 at SUSE CVE-2022-33981 at NVD CVE-2022-34918 at SUSE CVE-2022-34918 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 at SUSE CVE-2020-25657 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Important SUSE bug 1196224 SUSE bug 1198255 SUSE bug 1199247 SUSE bug 1199734 SUSE bug 1200556 SUSE bug 1200964 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 CVE-2022-2031 at SUSE CVE-2022-2031 at NVD CVE-2022-32742 at SUSE CVE-2022-32742 at NVD CVE-2022-32744 at SUSE CVE-2022-32744 at NVD CVE-2022-32745 at SUSE CVE-2022-32745 at NVD CVE-2022-32746 at SUSE CVE-2022-32746 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 at SUSE CVE-2022-21123 at NVD CVE-2022-21125 at SUSE CVE-2022-21125 at NVD CVE-2022-21166 at SUSE CVE-2022-21166 at NVD CVE-2022-23816 at SUSE CVE-2022-23816 at NVD CVE-2022-23825 at SUSE CVE-2022-23825 at NVD CVE-2022-26362 at SUSE CVE-2022-26362 at NVD CVE-2022-26363 at SUSE CVE-2022-26363 at NVD CVE-2022-26364 at SUSE CVE-2022-26364 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-33745 at SUSE CVE-2022-33745 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. Moderate SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033086 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1082318 SUSE bug 1104264 SUSE bug 1106390 SUSE bug 1107066 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2017-7607 at SUSE CVE-2017-7607 at NVD CVE-2017-7608 at SUSE CVE-2017-7608 at NVD CVE-2017-7609 at SUSE CVE-2017-7609 at NVD CVE-2017-7610 at SUSE CVE-2017-7610 at NVD CVE-2017-7611 at SUSE CVE-2017-7611 at NVD CVE-2017-7612 at SUSE CVE-2017-7612 at NVD CVE-2017-7613 at SUSE CVE-2017-7613 at NVD CVE-2018-16062 at SUSE CVE-2018-16062 at NVD CVE-2018-16402 at SUSE CVE-2018-16402 at NVD CVE-2018-16403 at SUSE CVE-2018-16403 at NVD CVE-2018-18310 at SUSE CVE-2018-18310 at NVD CVE-2018-18520 at SUSE CVE-2018-18520 at NVD CVE-2018-18521 at SUSE CVE-2018-18521 at NVD CVE-2019-7146 at SUSE CVE-2019-7146 at NVD CVE-2019-7148 at SUSE CVE-2019-7148 at NVD CVE-2019-7149 at SUSE CVE-2019-7149 at NVD CVE-2019-7150 at SUSE CVE-2019-7150 at NVD CVE-2019-7664 at SUSE CVE-2019-7664 at NVD CVE-2019-7665 at SUSE CVE-2019-7665 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). Low SUSE bug 1201174 SUSE bug 1201175 SUSE bug 1201176 CVE-2022-2056 at SUSE CVE-2022-2056 at NVD CVE-2022-2057 at SUSE CVE-2022-2057 at NVD CVE-2022-2058 at SUSE CVE-2022-2058 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1164384 SUSE bug 1199235 CVE-2019-20454 at SUSE CVE-2019-20454 at NVD CVE-2022-1587 at SUSE CVE-2022-1587 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). Important SUSE bug 1200900 CVE-2022-33068 at SUSE CVE-2022-33068 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). Moderate SUSE bug 1198627 CVE-2022-29458 at SUSE CVE-2022-29458 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). Moderate SUSE bug 1198976 CVE-2022-29869 at SUSE CVE-2022-29869 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs Moderate SUSE bug 1195916 SUSE bug 1196696 CVE-2020-29651 at SUSE CVE-2020-29651 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). Important SUSE bug 1182428 SUSE bug 1196338 SUSE bug 1197284 CVE-2022-1227 at SUSE CVE-2022-1227 at NVD CVE-2022-21698 at SUSE CVE-2022-21698 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) Moderate SUSE bug 1199524 SUSE bug 1200485 CVE-2022-1706 at SUSE CVE-2022-1706 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Important SUSE bug 1178134 SUSE bug 1196616 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1200015 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201442 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201645 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202154 CVE-2020-36516 at SUSE CVE-2020-36516 at NVD CVE-2020-36557 at SUSE CVE-2020-36557 at NVD CVE-2020-36558 at SUSE CVE-2020-36558 at NVD CVE-2021-33655 at SUSE CVE-2021-33655 at NVD CVE-2021-33656 at SUSE CVE-2021-33656 at NVD CVE-2022-1116 at SUSE CVE-2022-1116 at NVD CVE-2022-1462 at SUSE CVE-2022-1462 at NVD CVE-2022-20166 at SUSE CVE-2022-20166 at NVD CVE-2022-21505 at SUSE CVE-2022-21505 at NVD CVE-2022-2318 at SUSE CVE-2022-2318 at NVD CVE-2022-26365 at SUSE CVE-2022-26365 at NVD CVE-2022-2639 at SUSE CVE-2022-2639 at NVD CVE-2022-29581 at SUSE CVE-2022-29581 at NVD CVE-2022-32250 at SUSE CVE-2022-32250 at NVD CVE-2022-33740 at SUSE CVE-2022-33740 at NVD CVE-2022-33741 at SUSE CVE-2022-33741 at NVD CVE-2022-33742 at SUSE CVE-2022-33742 at NVD CVE-2022-36946 at SUSE CVE-2022-36946 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for spice fixes the following issues: - CVE-2021-20201: Fixed an issue which could allow clients to cause a denial of service by repeatedly renegotiating a connection (bsc#1181686). Important SUSE bug 1181686 CVE-2021-20201 at SUSE CVE-2021-20201 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Important SUSE bug 1202020 CVE-2022-2509 at SUSE CVE-2022-2509 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too. - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Fixed a regression where smart batteries would not be detected on Mac (bsc#1201206). - Fixed an issue where qla2xxx would prevent nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too. - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: &lt;linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Important SUSE bug 1178134 SUSE bug 1196616 SUSE bug 1196867 SUSE bug 1198829 SUSE bug 1199364 SUSE bug 1199647 SUSE bug 1199648 SUSE bug 1199665 SUSE bug 1199670 SUSE bug 1199695 SUSE bug 1200521 SUSE bug 1200598 SUSE bug 1200644 SUSE bug 1200651 SUSE bug 1200762 SUSE bug 1200910 SUSE bug 1201196 SUSE bug 1201206 SUSE bug 1201251 SUSE bug 1201381 SUSE bug 1201429 SUSE bug 1201442 SUSE bug 1201458 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201644 SUSE bug 1201645 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1201742 SUSE bug 1201752 SUSE bug 1201846 SUSE bug 1201930 SUSE bug 1201940 SUSE bug 1201941 SUSE bug 1201954 SUSE bug 1201956 SUSE bug 1201958 SUSE bug 1202087 SUSE bug 1202154 SUSE bug 1202312 CVE-2020-36516 at SUSE CVE-2020-36516 at NVD CVE-2020-36557 at SUSE CVE-2020-36557 at NVD CVE-2020-36558 at SUSE CVE-2020-36558 at NVD CVE-2021-33655 at SUSE CVE-2021-33655 at NVD CVE-2021-33656 at SUSE CVE-2021-33656 at NVD CVE-2022-1116 at SUSE CVE-2022-1116 at NVD CVE-2022-1462 at SUSE CVE-2022-1462 at NVD CVE-2022-20166 at SUSE CVE-2022-20166 at NVD CVE-2022-21505 at SUSE CVE-2022-21505 at NVD CVE-2022-2318 at SUSE CVE-2022-2318 at NVD CVE-2022-26365 at SUSE CVE-2022-26365 at NVD CVE-2022-2639 at SUSE CVE-2022-2639 at NVD CVE-2022-29581 at SUSE CVE-2022-29581 at NVD CVE-2022-33740 at SUSE CVE-2022-33740 at NVD CVE-2022-33741 at SUSE CVE-2022-33741 at NVD CVE-2022-33742 at SUSE CVE-2022-33742 at NVD CVE-2022-36946 at SUSE CVE-2022-36946 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 at SUSE CVE-2022-31676 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Moderate SUSE bug 1187365 SUSE bug 1201551 CVE-2021-3593 at SUSE CVE-2021-3593 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 at SUSE CVE-2022-37434 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 at SUSE CVE-2022-29154 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 at SUSE CVE-2022-21233 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gdk-pixbuf fixes the following issues: - CVE-2021-46829: Fixed overflow when compositing or clearing frames (bsc#1201826). Moderate SUSE bug 1201826 CVE-2021-46829 at SUSE CVE-2021-46829 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). Low SUSE bug 1202593 CVE-2022-35252 at SUSE CVE-2022-35252 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). Moderate SUSE bug 1193951 CVE-2020-21913 at SUSE CVE-2020-21913 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). Moderate SUSE bug 1198405 CVE-2022-24795 at SUSE CVE-2022-24795 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). Important SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 CVE-2022-1720 at SUSE CVE-2022-1720 at NVD CVE-2022-1968 at SUSE CVE-2022-1968 at NVD CVE-2022-2124 at SUSE CVE-2022-2124 at NVD CVE-2022-2125 at SUSE CVE-2022-2125 at NVD CVE-2022-2126 at SUSE CVE-2022-2126 at NVD CVE-2022-2129 at SUSE CVE-2022-2129 at NVD CVE-2022-2175 at SUSE CVE-2022-2175 at NVD CVE-2022-2182 at SUSE CVE-2022-2182 at NVD CVE-2022-2183 at SUSE CVE-2022-2183 at NVD CVE-2022-2206 at SUSE CVE-2022-2206 at NVD CVE-2022-2207 at SUSE CVE-2022-2207 at NVD CVE-2022-2208 at SUSE CVE-2022-2208 at NVD CVE-2022-2210 at SUSE CVE-2022-2210 at NVD CVE-2022-2231 at SUSE CVE-2022-2231 at NVD CVE-2022-2257 at SUSE CVE-2022-2257 at NVD CVE-2022-2264 at SUSE CVE-2022-2264 at NVD CVE-2022-2284 at SUSE CVE-2022-2284 at NVD CVE-2022-2285 at SUSE CVE-2022-2285 at NVD CVE-2022-2286 at SUSE CVE-2022-2286 at NVD CVE-2022-2287 at SUSE CVE-2022-2287 at NVD CVE-2022-2304 at SUSE CVE-2022-2304 at NVD CVE-2022-2343 at SUSE CVE-2022-2343 at NVD CVE-2022-2344 at SUSE CVE-2022-2344 at NVD CVE-2022-2345 at SUSE CVE-2022-2345 at NVD CVE-2022-2522 at SUSE CVE-2022-2522 at NVD CVE-2022-2571 at SUSE CVE-2022-2571 at NVD CVE-2022-2580 at SUSE CVE-2022-2580 at NVD CVE-2022-2581 at SUSE CVE-2022-2581 at NVD CVE-2022-2598 at SUSE CVE-2022-2598 at NVD CVE-2022-2816 at SUSE CVE-2022-2816 at NVD CVE-2022-2817 at SUSE CVE-2022-2817 at NVD CVE-2022-2819 at SUSE CVE-2022-2819 at NVD CVE-2022-2845 at SUSE CVE-2022-2845 at NVD CVE-2022-2849 at SUSE CVE-2022-2849 at NVD CVE-2022-2862 at SUSE CVE-2022-2862 at NVD CVE-2022-2874 at SUSE CVE-2022-2874 at NVD CVE-2022-2889 at SUSE CVE-2022-2889 at NVD CVE-2022-2923 at SUSE CVE-2022-2923 at NVD CVE-2022-2946 at SUSE CVE-2022-2946 at NVD CVE-2022-3016 at SUSE CVE-2022-3016 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gdk-pixbuf fixes the following issues: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size (bsc#1194633). Important SUSE bug 1194633 CVE-2021-44648 at SUSE CVE-2021-44648 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 Moderate SUSE bug 1198823 SUSE bug 1198830 SUSE bug 1198832 CVE-2022-27404 at SUSE CVE-2022-27404 at NVD CVE-2022-27405 at SUSE CVE-2022-27405 at NVD CVE-2022-27406 at SUSE CVE-2022-27406 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). The following non-security bugs were fixed: - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kabi/severities: add stmmac driver local sumbols - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfsd: fix use-after-free due to delegation race (git-fixes). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - profiling: fix shift too large makes kernel panic (git-fixes). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1192968 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1197158 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199291 SUSE bug 1200431 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201610 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202564 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202672 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203116 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 CVE-2016-3695 at SUSE CVE-2016-3695 at NVD CVE-2020-27784 at SUSE CVE-2020-27784 at NVD CVE-2021-4155 at SUSE CVE-2021-4155 at NVD CVE-2021-4203 at SUSE CVE-2021-4203 at NVD CVE-2022-20368 at SUSE CVE-2022-20368 at NVD CVE-2022-20369 at SUSE CVE-2022-20369 at NVD CVE-2022-2588 at SUSE CVE-2022-2588 at NVD CVE-2022-26373 at SUSE CVE-2022-26373 at NVD CVE-2022-2663 at SUSE CVE-2022-2663 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-3028 at SUSE CVE-2022-3028 at NVD CVE-2022-36879 at SUSE CVE-2022-36879 at NVD CVE-2022-39188 at SUSE CVE-2022-39188 at NVD CVE-2022-39190 at SUSE CVE-2022-39190 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). Moderate SUSE bug 1047178 CVE-2017-6512 at SUSE CVE-2017-6512 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). Important SUSE bug 1201680 CVE-2021-46828 at SUSE CVE-2021-46828 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite was updated to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Updated to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 at SUSE CVE-2021-36690 at NVD CVE-2022-35737 at SUSE CVE-2022-35737 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). Important SUSE bug 1142847 SUSE bug 1150130 SUSE bug 1157805 SUSE bug 1164550 SUSE bug 1164569 SUSE bug 1177179 CVE-2019-13224 at SUSE CVE-2019-13224 at NVD CVE-2019-16163 at SUSE CVE-2019-16163 at NVD CVE-2019-19203 at SUSE CVE-2019-19203 at NVD CVE-2019-19204 at SUSE CVE-2019-19204 at NVD CVE-2019-19246 at SUSE CVE-2019-19246 at NVD CVE-2020-26159 at SUSE CVE-2020-26159 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). Moderate SUSE bug 1203018 CVE-2022-31252 at SUSE CVE-2022-31252 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libjpeg-turbo fixes the following issues: - CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915). Moderate SUSE bug 1202915 CVE-2020-35538 at SUSE CVE-2020-35538 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 at SUSE CVE-2021-28861 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 at SUSE CVE-2022-40674 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Moderate SUSE bug 1192115 SUSE bug 1198038 SUSE bug 1201367 CVE-2022-0216 at SUSE CVE-2022-0216 at NVD CVE-2022-35414 at SUSE CVE-2022-35414 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1167608 SUSE bug 1185104 SUSE bug 1197081 SUSE bug 1200762 SUSE bug 1201394 SUSE bug 1201631 SUSE bug 1203806 SUSE bug 1203807 CVE-2021-28689 at SUSE CVE-2021-28689 at NVD CVE-2022-26365 at SUSE CVE-2022-26365 at NVD CVE-2022-33740 at SUSE CVE-2022-33740 at NVD CVE-2022-33741 at SUSE CVE-2022-33741 at NVD CVE-2022-33742 at SUSE CVE-2022-33742 at NVD CVE-2022-33745 at SUSE CVE-2022-33745 at NVD CVE-2022-33746 at SUSE CVE-2022-33746 at NVD CVE-2022-33748 at SUSE CVE-2022-33748 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 at SUSE CVE-2022-3515 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Important SUSE bug 1201723 SUSE bug 1201971 SUSE bug 1202026 SUSE bug 1202466 SUSE bug 1202467 SUSE bug 1202468 SUSE bug 1202968 SUSE bug 1202971 SUSE bug 1202973 CVE-2022-0561 at SUSE CVE-2022-0561 at NVD CVE-2022-2519 at SUSE CVE-2022-2519 at NVD CVE-2022-2520 at SUSE CVE-2022-2520 at NVD CVE-2022-2521 at SUSE CVE-2022-2521 at NVD CVE-2022-2867 at SUSE CVE-2022-2867 at NVD CVE-2022-2868 at SUSE CVE-2022-2868 at NVD CVE-2022-2869 at SUSE CVE-2022-2869 at NVD CVE-2022-34266 at SUSE CVE-2022-34266 at NVD CVE-2022-34526 at SUSE CVE-2022-34526 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - multipathd: add 'force_reconfigure' option (bsc#1189551) The command 'multipathd -kreconfigure' changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting 'force_reconfigure yes' in multipath.conf (not recommended). Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and beyond, which provide the command 'multipathd -k'reconfigure all'' - multipathd: avoid stalled clients during reconfigure (bsc#1189551) - multipathd: handle client disconnect correctly (bsc#1189551) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570) - multipathd: disallow changing to/from fpin marginal paths on reconfig - multipathd handle fpin events (bsc#1195506,jsc#PED-1448) - multipath: fix exit status of multipath -T (bsc#1191900) Important SUSE bug 1189551 SUSE bug 1191900 SUSE bug 1195506 SUSE bug 1197570 SUSE bug 1202616 SUSE bug 1202739 CVE-2022-41973 at SUSE CVE-2022-41973 at NVD CVE-2022-41974 at SUSE CVE-2022-41974 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common@87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master@4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common@7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM Important SUSE bug 1167864 SUSE bug 1181961 SUSE bug 1202812 CVE-2020-10696 at SUSE CVE-2020-10696 at NVD CVE-2021-20206 at SUSE CVE-2021-20206 at NVD CVE-2022-2990 at SUSE CVE-2022-2990 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Important SUSE bug 1204383 CVE-2022-32221 at SUSE CVE-2022-32221 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Important SUSE bug 1177471 SUSE bug 1185032 SUSE bug 1194023 SUSE bug 1196444 SUSE bug 1197659 SUSE bug 1199564 SUSE bug 1200313 SUSE bug 1200622 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201489 SUSE bug 1201645 SUSE bug 1201865 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202341 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203159 SUSE bug 1203290 SUSE bug 1203313 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 SUSE bug 1204289 SUSE bug 1204290 SUSE bug 1204291 SUSE bug 1204292 CVE-2020-16119 at SUSE CVE-2020-16119 at NVD CVE-2022-20008 at SUSE CVE-2022-20008 at NVD CVE-2022-2503 at SUSE CVE-2022-2503 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-3169 at SUSE CVE-2022-3169 at NVD CVE-2022-3239 at SUSE CVE-2022-3239 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-40768 at SUSE CVE-2022-40768 at NVD CVE-2022-41218 at SUSE CVE-2022-41218 at NVD CVE-2022-41222 at SUSE CVE-2022-41222 at NVD CVE-2022-41674 at SUSE CVE-2022-41674 at NVD CVE-2022-41848 at SUSE CVE-2022-41848 at NVD CVE-2022-41849 at SUSE CVE-2022-41849 at NVD CVE-2022-42719 at SUSE CVE-2022-42719 at NVD CVE-2022-42720 at SUSE CVE-2022-42720 at NVD CVE-2022-42721 at SUSE CVE-2022-42721 at NVD CVE-2022-42722 at SUSE CVE-2022-42722 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Critical SUSE bug 1204690 CVE-2021-46848 at SUSE CVE-2021-46848 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 at SUSE CVE-2022-42010 at NVD CVE-2022-42011 at SUSE CVE-2022-42011 at NVD CVE-2022-42012 at SUSE CVE-2022-42012 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (bnc#1177471). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677). - CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer to another table (bsc#1202095). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link disconnect (bnc#1203290). - CVE-2022-32296: Fixed issue where TCP servers were able to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed a use-after-free in the video4linux driver (bnc#1203552). - CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case (bnc#1203514). - CVE-2022-41218: Fixed a use-after-free due to refcount races at releasing (bsc#1202960). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987). - CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992). - CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051). - CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059). - CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device (bsc#1204125). The following non-security bugs were fixed: - Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - acpi: LPSS: Fix missing check in register_device_clock() (git-fixes). - acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes). - acpi: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - acpi: processor: Remove freq Qos request for all CPUs (git-fixes). - acpi: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - acpi: video: Force backlight native for some TongFang devices (git-fixes). - alsa: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - alsa: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - alsa: hda/cirrus - support for iMac 12,1 model (git-fixes). - alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - alsa: hda/realtek: Add quirk for HP Dev One (git-fixes). - alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - alsa: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - alsa: hda/realtek: Re-arrange quirk table entries (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - alsa: info: Fix llseek return value when using callback (git-fixes). - alsa: seq: Fix data-race at module auto-loading (git-fixes). - alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - alsa: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - alsa: usb-audio: Inform the delayed registration more properly (git-fixes). - alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - alsa: usb-audio: Register card again for iface over delayed_register option (git-fixes). - alsa: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - alsa: usb-audio: fix spelling mistakes (git-fixes). - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - asoc: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes). - asoc: codecs: da7210: add check for i2c_add_driver (git-fixes). - asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes). - asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - asoc: tas2770: Allow mono streams (git-fixes). - asoc: tas2770: Reinit regcache on reset (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - hid: wacom: Do not register pad_input for touch switch (git-fixes). - hid: wacom: Only report rotation for art pen (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - input: rk805-pwrkey - fix module autoloading (git-fixes). - input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - jfs: fix GPF in diFree (bsc#1203389). - jfs: fix memleak in jfs_mount (git-fixes). - jfs: more checks for invalid superblock (git-fixes). - jfs: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kabi: cgroup: Restore KABI of css_set (bsc#1201610). - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from functions (bsc#1196444). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec_file: drop weak attribute from functions (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - kvm: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - kvm: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - kvm: x86: accept userspace interrupt only if no event is injected (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - mmap locking API: add mmap_lock_is_contended() (bsc#1201990). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfs: fix nfs_path in case of a rename retry (git-fixes). - nfsd: Add missing NFSv2 .pc_func methods (git-fixes). - nfsd: Clamp WRITE offsets (git-fixes). - nfsd: Fix offset type in I/O trace points (git-fixes). - nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nfsd: prevent integer overflow on 32 bit systems (git-fixes). - nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes). - nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - nfsv4: Fix races in the legacy idmapper upcall (git-fixes). - nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489). - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes). - pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - pci: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - pci: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - pci: qcom: Fix pipe clock imbalance (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - profiling: fix shift too large makes kernel panic (git-fixes). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - sunrpc: Clean up scheduling of autoclose (git-fixes). - sunrpc: Do not call connect() more than once on a TCP socket (git-fixes). - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - sunrpc: Do not leak sockets in xs_local_connect() (git-fixes). - sunrpc: Fix READ_PLUS crasher (git-fixes). - sunrpc: Fix misplaced barrier in call_decode (git-fixes). - sunrpc: Prevent immediate close+reconnect (git-fixes). - sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes). - sunrpc: Reinitialise the backchannel request buffers before reuse (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - usb.h: struct usb_device: hide new member (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - usb: core: Fix RST error in hub.c (git-fixes). - usb: core: Prevent nested device-reset calls (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: disable USB core PHY management (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: otg-fsm: Fix hrtimer list corruption (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: serial: ch341: fix disabled rx timer on older devices (git-fixes). - usb: serial: ch341: fix lost character on LCR updates (git-fixes). - usb: serial: ch341: name prescaler, divisor registers (git-fixes). - usb: serial: cp210x: add Decagon UCA device id (git-fixes). - usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel EM060K modem (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - usb: serial: option: add support for OPPO R11 diag port (git-fixes). - usb: storage: Add ASUS &lt;0x0b05:0x1932> to IGNORE_UAS (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - vmci: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - vmci: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Important SUSE bug 1023051 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1177471 SUSE bug 1179722 SUSE bug 1179723 SUSE bug 1181862 SUSE bug 1185032 SUSE bug 1191662 SUSE bug 1191667 SUSE bug 1191881 SUSE bug 1192594 SUSE bug 1194023 SUSE bug 1194272 SUSE bug 1194535 SUSE bug 1196444 SUSE bug 1197158 SUSE bug 1197659 SUSE bug 1197755 SUSE bug 1197756 SUSE bug 1197757 SUSE bug 1197760 SUSE bug 1197763 SUSE bug 1197920 SUSE bug 1198971 SUSE bug 1199291 SUSE bug 1200288 SUSE bug 1200313 SUSE bug 1200431 SUSE bug 1200622 SUSE bug 1200845 SUSE bug 1200868 SUSE bug 1200869 SUSE bug 1200870 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1200873 SUSE bug 1201019 SUSE bug 1201309 SUSE bug 1201310 SUSE bug 1201420 SUSE bug 1201489 SUSE bug 1201610 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201865 SUSE bug 1201948 SUSE bug 1201990 SUSE bug 1202095 SUSE bug 1202096 SUSE bug 1202097 SUSE bug 1202341 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202385 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202447 SUSE bug 1202577 SUSE bug 1202636 SUSE bug 1202638 SUSE bug 1202672 SUSE bug 1202677 SUSE bug 1202701 SUSE bug 1202708 SUSE bug 1202709 SUSE bug 1202710 SUSE bug 1202711 SUSE bug 1202712 SUSE bug 1202713 SUSE bug 1202714 SUSE bug 1202715 SUSE bug 1202716 SUSE bug 1202717 SUSE bug 1202718 SUSE bug 1202720 SUSE bug 1202722 SUSE bug 1202745 SUSE bug 1202756 SUSE bug 1202810 SUSE bug 1202811 SUSE bug 1202860 SUSE bug 1202895 SUSE bug 1202898 SUSE bug 1202960 SUSE bug 1202984 SUSE bug 1203063 SUSE bug 1203098 SUSE bug 1203107 SUSE bug 1203117 SUSE bug 1203135 SUSE bug 1203136 SUSE bug 1203137 SUSE bug 1203159 SUSE bug 1203290 SUSE bug 1203389 SUSE bug 1203410 SUSE bug 1203424 SUSE bug 1203514 SUSE bug 1203552 SUSE bug 1203622 SUSE bug 1203737 SUSE bug 1203769 SUSE bug 1203770 SUSE bug 1203802 SUSE bug 1203906 SUSE bug 1203909 SUSE bug 1203935 SUSE bug 1203939 SUSE bug 1203987 SUSE bug 1203992 SUSE bug 1204051 SUSE bug 1204059 SUSE bug 1204060 SUSE bug 1204125 CVE-2016-3695 at SUSE CVE-2016-3695 at NVD CVE-2020-16119 at SUSE CVE-2020-16119 at NVD CVE-2020-27784 at SUSE CVE-2020-27784 at NVD CVE-2021-4155 at SUSE CVE-2021-4155 at NVD CVE-2021-4203 at SUSE CVE-2021-4203 at NVD CVE-2022-20368 at SUSE CVE-2022-20368 at NVD CVE-2022-20369 at SUSE CVE-2022-20369 at NVD CVE-2022-2503 at SUSE CVE-2022-2503 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-2588 at SUSE CVE-2022-2588 at NVD CVE-2022-26373 at SUSE CVE-2022-26373 at NVD CVE-2022-2663 at SUSE CVE-2022-2663 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-3028 at SUSE CVE-2022-3028 at NVD CVE-2022-3169 at SUSE CVE-2022-3169 at NVD CVE-2022-32296 at SUSE CVE-2022-32296 at NVD CVE-2022-3239 at SUSE CVE-2022-3239 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-36879 at SUSE CVE-2022-36879 at NVD CVE-2022-39188 at SUSE CVE-2022-39188 at NVD CVE-2022-39190 at SUSE CVE-2022-39190 at NVD CVE-2022-40768 at SUSE CVE-2022-40768 at NVD CVE-2022-41218 at SUSE CVE-2022-41218 at NVD CVE-2022-41222 at SUSE CVE-2022-41222 at NVD CVE-2022-41674 at SUSE CVE-2022-41674 at NVD CVE-2022-41848 at SUSE CVE-2022-41848 at NVD CVE-2022-41849 at SUSE CVE-2022-41849 at NVD CVE-2022-42719 at SUSE CVE-2022-42719 at NVD CVE-2022-42720 at SUSE CVE-2022-42720 at NVD CVE-2022-42721 at SUSE CVE-2022-42721 at NVD CVE-2022-42722 at SUSE CVE-2022-42722 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). Moderate SUSE bug 1202809 CVE-2022-2989 at SUSE CVE-2022-2989 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 at SUSE CVE-2016-3709 at NVD CVE-2022-40303 at SUSE CVE-2022-40303 at NVD CVE-2022-40304 at SUSE CVE-2022-40304 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gstreamer-plugins-base fixes the following issues: - CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads (bsc#1185448). Moderate SUSE bug 1185448 CVE-2021-3522 at SUSE CVE-2021-3522 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 at SUSE CVE-2022-43680 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) Important SUSE bug 1194530 SUSE bug 1203681 SUSE bug 1204256 CVE-2021-22569 at SUSE CVE-2021-22569 at NVD CVE-2022-1941 at SUSE CVE-2022-1941 at NVD CVE-2022-3171 at SUSE CVE-2022-3171 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15-SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1204053 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 at SUSE CVE-2021-4037 at NVD CVE-2022-2153 at SUSE CVE-2022-2153 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-2964 at SUSE CVE-2022-2964 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-3176 at SUSE CVE-2022-3176 at NVD CVE-2022-3424 at SUSE CVE-2022-3424 at NVD CVE-2022-3521 at SUSE CVE-2022-3521 at NVD CVE-2022-3524 at SUSE CVE-2022-3524 at NVD CVE-2022-3535 at SUSE CVE-2022-3535 at NVD CVE-2022-3542 at SUSE CVE-2022-3542 at NVD CVE-2022-3545 at SUSE CVE-2022-3545 at NVD CVE-2022-3565 at SUSE CVE-2022-3565 at NVD CVE-2022-3577 at SUSE CVE-2022-3577 at NVD CVE-2022-3586 at SUSE CVE-2022-3586 at NVD CVE-2022-3594 at SUSE CVE-2022-3594 at NVD CVE-2022-3621 at SUSE CVE-2022-3621 at NVD CVE-2022-3625 at SUSE CVE-2022-3625 at NVD CVE-2022-3629 at SUSE CVE-2022-3629 at NVD CVE-2022-3640 at SUSE CVE-2022-3640 at NVD CVE-2022-3646 at SUSE CVE-2022-3646 at NVD CVE-2022-3649 at SUSE CVE-2022-3649 at NVD CVE-2022-39189 at SUSE CVE-2022-39189 at NVD CVE-2022-42703 at SUSE CVE-2022-42703 at NVD CVE-2022-43750 at SUSE CVE-2022-43750 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). Moderate SUSE bug 1178676 CVE-2020-25658 at SUSE CVE-2020-25658 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806) - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807) - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Important SUSE bug 1027519 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2022-33746 at SUSE CVE-2022-33746 at NVD CVE-2022-33747 at SUSE CVE-2022-33747 at NVD CVE-2022-33748 at SUSE CVE-2022-33748 at NVD CVE-2022-42309 at SUSE CVE-2022-42309 at NVD CVE-2022-42310 at SUSE CVE-2022-42310 at NVD CVE-2022-42311 at SUSE CVE-2022-42311 at NVD CVE-2022-42312 at SUSE CVE-2022-42312 at NVD CVE-2022-42313 at SUSE CVE-2022-42313 at NVD CVE-2022-42314 at SUSE CVE-2022-42314 at NVD CVE-2022-42315 at SUSE CVE-2022-42315 at NVD CVE-2022-42316 at SUSE CVE-2022-42316 at NVD CVE-2022-42317 at SUSE CVE-2022-42317 at NVD CVE-2022-42318 at SUSE CVE-2022-42318 at NVD CVE-2022-42319 at SUSE CVE-2022-42319 at NVD CVE-2022-42320 at SUSE CVE-2022-42320 at NVD CVE-2022-42321 at SUSE CVE-2022-42321 at NVD CVE-2022-42322 at SUSE CVE-2022-42322 at NVD CVE-2022-42323 at SUSE CVE-2022-42323 at NVD CVE-2022-42325 at SUSE CVE-2022-42325 at NVD CVE-2022-42326 at SUSE CVE-2022-42326 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). Important SUSE bug 1200102 SUSE bug 1202803 SUSE bug 1202976 CVE-2022-1615 at SUSE CVE-2022-1615 at NVD CVE-2022-32743 at SUSE CVE-2022-32743 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). Moderate SUSE bug 1204422 SUSE bug 1204425 CVE-2022-3554 at SUSE CVE-2022-3554 at NVD CVE-2022-3555 at SUSE CVE-2022-3555 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing Important SUSE bug 1101820 SUSE bug 1149792 SUSE bug 1176785 SUSE bug 1177083 CVE-2018-10903 at SUSE CVE-2018-10903 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes) - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes) - IB/core: Only update PKEY and GID caches on respective events (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/mlx4: Add support for REJ due to timeout (git-fixes) - IB/mlx4: Use port iterator and validation APIs (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB/srpt: Remove redundant assignment to ret (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes). - KVM: s390: clear kicked_mask before sleeping again (git-fixes). - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - PCI: Dynamically map ECAM regions (bsc#1204382). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/bnxt_re: Add missing spin lock initialization (git-fixes) - RDMA/bnxt_re: Fix query SRQ failure (git-fixes) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/core: Sanitize WQ state received from the userspace (git-fixes) - RDMA/cxgb4: Remove MW support (git-fixes) - RDMA/efa: Free IRQ vectors on error flow (git-fixes) - RDMA/efa: Remove double QP type assignment (git-fixes) - RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes) - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes) - RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes) - RDMA/mlx5: Set user priority for DCT (git-fixes) - RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix redundant skb_put_zero (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Remove unused pkt->offset (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: Verify port when creating flow rule (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) - Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes). - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - arm64: assembler: add cond_yield macro (git-fixes) - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/sha - fix function types (git-fixes) - crypto: arm64/sha1-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha2-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha3-ce - simplify NEON yield (git-fixes) - crypto: arm64/sha512-ce - simplify NEON yield (git-fixes) - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/udl: Restore display mode on resume (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - kABI: arm64/crypto/sha512 Preserve function signature (git-fixes). - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: sink stdout from cmd for silent build (git-fixes). - kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559). - kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931). - quota: widen timestamps for the fs_disk_quota structure (bsc#1203387). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - struct pci_config_window kABI workaround (bsc#1204382). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes). - xfs: enable big timestamps (bsc#1203387). - xfs: enable new inode btree counters feature (bsc#1203387). - xfs: explicitly define inode timestamp range (bsc#1203387). - xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes). - xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes). - xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes). - xfs: move incore structures out of xfs_da_format.h (git-fixes). - xfs: quota: move to time64_t interfaces (bsc#1203387). - xfs: redefine xfs_ictimestamp_t (bsc#1203387). - xfs: redefine xfs_timestamp_t (bsc#1203387). - xfs: refactor remote attr value buffer invalidation (git-fixes). - xfs: remove obsolete AGF counter debugging (git-fixes). - xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). - xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes). - xfs: store inode btree block counts in AGI header (bsc#1203387). - xfs: streamline xfs_attr3_leaf_inactive (git-fixes). - xfs: use a struct timespec64 for the in-core crtime (bsc#1203387). - xfs: use the finobt block counts to speed up mount times (bsc#1203387). - xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387). - xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). Important SUSE bug 1032323 SUSE bug 1065729 SUSE bug 1152489 SUSE bug 1198702 SUSE bug 1200465 SUSE bug 1200788 SUSE bug 1201725 SUSE bug 1202638 SUSE bug 1202686 SUSE bug 1202700 SUSE bug 1203066 SUSE bug 1203098 SUSE bug 1203387 SUSE bug 1203391 SUSE bug 1203496 SUSE bug 1203802 SUSE bug 1204053 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204382 SUSE bug 1204402 SUSE bug 1204415 SUSE bug 1204417 SUSE bug 1204431 SUSE bug 1204439 SUSE bug 1204470 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204575 SUSE bug 1204619 SUSE bug 1204635 SUSE bug 1204637 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204728 SUSE bug 1204753 SUSE bug 1204754 CVE-2021-4037 at SUSE CVE-2021-4037 at NVD CVE-2022-2153 at SUSE CVE-2022-2153 at NVD CVE-2022-2964 at SUSE CVE-2022-2964 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-3176 at SUSE CVE-2022-3176 at NVD CVE-2022-3424 at SUSE CVE-2022-3424 at NVD CVE-2022-3521 at SUSE CVE-2022-3521 at NVD CVE-2022-3524 at SUSE CVE-2022-3524 at NVD CVE-2022-3535 at SUSE CVE-2022-3535 at NVD CVE-2022-3542 at SUSE CVE-2022-3542 at NVD CVE-2022-3545 at SUSE CVE-2022-3545 at NVD CVE-2022-3565 at SUSE CVE-2022-3565 at NVD CVE-2022-3577 at SUSE CVE-2022-3577 at NVD CVE-2022-3586 at SUSE CVE-2022-3586 at NVD CVE-2022-3594 at SUSE CVE-2022-3594 at NVD CVE-2022-3621 at SUSE CVE-2022-3621 at NVD CVE-2022-3625 at SUSE CVE-2022-3625 at NVD CVE-2022-3629 at SUSE CVE-2022-3629 at NVD CVE-2022-3640 at SUSE CVE-2022-3640 at NVD CVE-2022-3646 at SUSE CVE-2022-3646 at NVD CVE-2022-3649 at SUSE CVE-2022-3649 at NVD CVE-2022-39189 at SUSE CVE-2022-39189 at NVD CVE-2022-42703 at SUSE CVE-2022-42703 at NVD CVE-2022-43750 at SUSE CVE-2022-43750 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2 * 8a70235d8a core: Add trigger limit for path units * 93e544f3a0 core/mount: also add default before dependency for automount mount units * 5916a7748c logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179). Moderate SUSE bug 1204179 SUSE bug 1204968 CVE-2022-3821 at SUSE CVE-2022-3821 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986). - Fix wrong information output in the error message (bsc#1190818). - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). Important SUSE bug 1190818 SUSE bug 1203201 SUSE bug 1204986 CVE-2022-43995 at SUSE CVE-2022-43995 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). Low SUSE bug 1199944 CVE-2022-1664 at SUSE CVE-2022-1664 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 at SUSE CVE-2022-44638 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 at SUSE CVE-2022-42898 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for colord fixes the following issues: - CVE-2021-42523: Fixed small memory leak in sqlite3_exec (bsc#1202802). Low SUSE bug 1202802 CVE-2021-42523 at SUSE CVE-2021-42523 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for opensc fixes the following issues: - CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c (bsc#1122756). Moderate SUSE bug 1122756 CVE-2019-6502 at SUSE CVE-2019-6502 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). Low SUSE bug 1174414 CVE-2019-2708 at SUSE CVE-2019-2708 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 Important SUSE bug 1205178 SUSE bug 1205182 CVE-2022-2601 at SUSE CVE-2022-2601 at NVD CVE-2022-3775 at SUSE CVE-2022-3775 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Important SUSE bug 1204641 SUSE bug 1204643 SUSE bug 1204644 SUSE bug 1204645 SUSE bug 1205392 CVE-2022-3597 at SUSE CVE-2022-3597 at NVD CVE-2022-3599 at SUSE CVE-2022-3599 at NVD CVE-2022-3626 at SUSE CVE-2022-3626 at NVD CVE-2022-3627 at SUSE CVE-2022-3627 at NVD CVE-2022-3970 at SUSE CVE-2022-3970 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Moderate SUSE bug 1184689 SUSE bug 1188086 SUSE bug 1192252 SUSE bug 1192648 SUSE bug 1197428 SUSE bug 1200330 SUSE bug 1202269 SUSE bug 1202337 SUSE bug 1202417 SUSE bug 1203818 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). Important SUSE bug 1188607 SUSE bug 1203125 SUSE bug 1204577 CVE-2019-18348 at SUSE CVE-2019-18348 at NVD CVE-2020-10735 at SUSE CVE-2020-10735 at NVD CVE-2020-8492 at SUSE CVE-2020-8492 at NVD CVE-2022-37454 at SUSE CVE-2022-37454 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). Important SUSE bug 1192478 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2022-2980 at SUSE CVE-2022-2980 at NVD CVE-2022-2982 at SUSE CVE-2022-2982 at NVD CVE-2022-3037 at SUSE CVE-2022-3037 at NVD CVE-2022-3099 at SUSE CVE-2022-3099 at NVD CVE-2022-3134 at SUSE CVE-2022-3134 at NVD CVE-2022-3153 at SUSE CVE-2022-3153 at NVD CVE-2022-3234 at SUSE CVE-2022-3234 at NVD CVE-2022-3235 at SUSE CVE-2022-3235 at NVD CVE-2022-3278 at SUSE CVE-2022-3278 at NVD CVE-2022-3296 at SUSE CVE-2022-3296 at NVD CVE-2022-3297 at SUSE CVE-2022-3297 at NVD CVE-2022-3324 at SUSE CVE-2022-3324 at NVD CVE-2022-3352 at SUSE CVE-2022-3352 at NVD CVE-2022-3705 at SUSE CVE-2022-3705 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). Bug fixes: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689). - Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102). Important SUSE bug 1200102 SUSE bug 1201490 SUSE bug 1201492 SUSE bug 1201493 SUSE bug 1201495 SUSE bug 1201496 SUSE bug 1201689 SUSE bug 1204254 SUSE bug 1205126 CVE-2022-2031 at SUSE CVE-2022-2031 at NVD CVE-2022-32742 at SUSE CVE-2022-32742 at NVD CVE-2022-32744 at SUSE CVE-2022-32744 at NVD CVE-2022-32745 at SUSE CVE-2022-32745 at NVD CVE-2022-32746 at SUSE CVE-2022-32746 at NVD CVE-2022-3437 at SUSE CVE-2022-3437 at NVD CVE-2022-42898 at SUSE CVE-2022-42898 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] Important SUSE bug 1204642 SUSE bug 1205422 CVE-2022-3570 at SUSE CVE-2022-3570 at NVD CVE-2022-3598 at SUSE CVE-2022-3598 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) Moderate SUSE bug 1187767 SUSE bug 1204556 CVE-2021-3623 at SUSE CVE-2021-3623 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Important SUSE bug 1197284 SUSE bug 1206065 SUSE bug 1206235 CVE-2022-23471 at SUSE CVE-2022-23471 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ceph fixes the following issues: ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573): + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) + (bsc#1200064,) Remove last vestiges of docker.io image paths + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit + (jsc#SES-2515) High-availability NFS export + (bsc#1194875) [SES7P] include/buffer: include <memory> + cephadm: update image paths to registry.suse.com + cephadm: use snmp-notifier image from registry.suse.de + cephadm: infer the default container image during pull + mgr/cephadm: try to get FQDN for inventory address + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + Update prometheus-server version + (bsc#1194353) Downstream branding breaks dashboard npm build + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links Important SUSE bug 1178073 SUSE bug 1194131 SUSE bug 1194353 SUSE bug 1194875 SUSE bug 1195359 SUSE bug 1196044 SUSE bug 1196785 SUSE bug 1196938 SUSE bug 1200064 SUSE bug 1200553 CVE-2021-3979 at SUSE CVE-2021-3979 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 at SUSE CVE-2021-20206 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Important SUSE bug 1181961 CVE-2021-20206 at SUSE CVE-2021-20206 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Moderate SUSE bug 1200285 CVE-2022-1708 at SUSE CVE-2022-1708 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204446 SUSE bug 1204631 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205186 SUSE bug 1205220 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-28693 at SUSE CVE-2022-28693 at NVD CVE-2022-3567 at SUSE CVE-2022-3567 at NVD CVE-2022-3628 at SUSE CVE-2022-3628 at NVD CVE-2022-3635 at SUSE CVE-2022-3635 at NVD CVE-2022-3707 at SUSE CVE-2022-3707 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4129 at SUSE CVE-2022-4129 at NVD CVE-2022-4139 at SUSE CVE-2022-4139 at NVD CVE-2022-41850 at SUSE CVE-2022-41850 at NVD CVE-2022-41858 at SUSE CVE-2022-41858 at NVD CVE-2022-42895 at SUSE CVE-2022-42895 at NVD CVE-2022-42896 at SUSE CVE-2022-42896 at NVD CVE-2022-4378 at SUSE CVE-2022-4378 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes). - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use 'unsigned long' for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using &lt; 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Important SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1156395 SUSE bug 1184350 SUSE bug 1189297 SUSE bug 1192761 SUSE bug 1199657 SUSE bug 1200845 SUSE bug 1201455 SUSE bug 1201469 SUSE bug 1203144 SUSE bug 1203746 SUSE bug 1203960 SUSE bug 1204017 SUSE bug 1204142 SUSE bug 1204215 SUSE bug 1204228 SUSE bug 1204241 SUSE bug 1204328 SUSE bug 1204414 SUSE bug 1204446 SUSE bug 1204636 SUSE bug 1204693 SUSE bug 1204780 SUSE bug 1204791 SUSE bug 1204810 SUSE bug 1204827 SUSE bug 1204850 SUSE bug 1204868 SUSE bug 1204934 SUSE bug 1204957 SUSE bug 1204963 SUSE bug 1204967 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205264 SUSE bug 1205329 SUSE bug 1205330 SUSE bug 1205428 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205567 SUSE bug 1205617 SUSE bug 1205671 SUSE bug 1205700 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205753 SUSE bug 1205796 SUSE bug 1205984 SUSE bug 1205985 SUSE bug 1205986 SUSE bug 1205987 SUSE bug 1205988 SUSE bug 1205989 SUSE bug 1206032 SUSE bug 1206037 SUSE bug 1206207 CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-28693 at SUSE CVE-2022-28693 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-3567 at SUSE CVE-2022-3567 at NVD CVE-2022-3628 at SUSE CVE-2022-3628 at NVD CVE-2022-3635 at SUSE CVE-2022-3635 at NVD CVE-2022-3707 at SUSE CVE-2022-3707 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4129 at SUSE CVE-2022-4129 at NVD CVE-2022-4139 at SUSE CVE-2022-4139 at NVD CVE-2022-41850 at SUSE CVE-2022-41850 at NVD CVE-2022-41858 at SUSE CVE-2022-41858 at NVD CVE-2022-42895 at SUSE CVE-2022-42895 at NVD CVE-2022-42896 at SUSE CVE-2022-42896 at NVD CVE-2022-4378 at SUSE CVE-2022-4378 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 at SUSE CVE-2022-46908 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). Important SUSE bug 1200723 SUSE bug 1203857 SUSE bug 1204423 SUSE bug 1205000 CVE-2022-4415 at SUSE CVE-2022-4415 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 CVE-2022-3491 at SUSE CVE-2022-3491 at NVD CVE-2022-3520 at SUSE CVE-2022-3520 at NVD CVE-2022-3591 at SUSE CVE-2022-3591 at NVD CVE-2022-3705 at SUSE CVE-2022-3705 at NVD CVE-2022-4141 at SUSE CVE-2022-4141 at NVD CVE-2022-4292 at SUSE CVE-2022-4292 at NVD CVE-2022-4293 at SUSE CVE-2022-4293 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). Moderate SUSE bug 1206309 CVE-2022-43552 at SUSE CVE-2022-43552 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Important SUSE bug 1194732 SUSE bug 1194733 CVE-2022-23303 at SUSE CVE-2022-23303 at NVD CVE-2022-23304 at SUSE CVE-2022-23304 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Moderate SUSE bug 1196441 CVE-2022-23648 at SUSE CVE-2022-23648 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) Moderate SUSE bug 1188507 SUSE bug 1192954 SUSE bug 1193632 SUSE bug 1194976 CVE-2021-3995 at SUSE CVE-2021-3995 at NVD CVE-2021-3996 at SUSE CVE-2021-3996 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). Important SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191893 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1194216 SUSE bug 1194556 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195356 CVE-2021-3778 at SUSE CVE-2021-3778 at NVD CVE-2021-3796 at SUSE CVE-2021-3796 at NVD CVE-2021-3872 at SUSE CVE-2021-3872 at NVD CVE-2021-3927 at SUSE CVE-2021-3927 at NVD CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2021-3984 at SUSE CVE-2021-3984 at NVD CVE-2021-4019 at SUSE CVE-2021-4019 at NVD CVE-2021-4193 at SUSE CVE-2021-4193 at NVD CVE-2021-46059 at SUSE CVE-2021-46059 at NVD CVE-2022-0318 at SUSE CVE-2022-0318 at NVD CVE-2022-0319 at SUSE CVE-2022-0319 at NVD CVE-2022-0351 at SUSE CVE-2022-0351 at NVD CVE-2022-0361 at SUSE CVE-2022-0361 at NVD CVE-2022-0413 at SUSE CVE-2022-0413 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). Important SUSE bug 1194265 SUSE bug 1196036 CVE-2022-24407 at SUSE CVE-2022-24407 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Important SUSE bug 1196490 CVE-2022-23308 at SUSE CVE-2022-23308 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 at SUSE CVE-2022-25236 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Moderate SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1162964 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1187906 SUSE bug 1190926 SUSE bug 1194229 CVE-2020-14367 at SUSE CVE-2020-14367 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: openssl-1_1: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 at SUSE CVE-2022-0778 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161). - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525). Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737). - Included vmxcap in the qemu-tools package (bsc#1193364). - Fixed package dependencies (bsc#1196087). - Fixed an issue were PowerPC firmwares would not be built for non-PowerPC builds (bsc#1193545). - Fixed multiple issues in I/O (bsc#1178049 bsc#1194938). Important SUSE bug 1178049 SUSE bug 1192525 SUSE bug 1193364 SUSE bug 1193545 SUSE bug 1194938 SUSE bug 1195161 SUSE bug 1196087 SUSE bug 1196737 CVE-2021-3930 at SUSE CVE-2021-3930 at NVD CVE-2022-0358 at SUSE CVE-2022-0358 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Moderate SUSE bug 1186819 CVE-2021-3572 at SUSE CVE-2021-3572 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). Moderate SUSE bug 1179467 CVE-2020-29130 at SUSE CVE-2020-29130 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Important SUSE bug 1207082 CVE-2023-22809 at SUSE CVE-2023-22809 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Important SUSE bug 1204272 SUSE bug 1207038 CVE-2022-23491 at SUSE CVE-2022-23491 at NVD CVE-2022-3479 at SUSE CVE-2022-3479 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - cuse: prevent clone (bsc#1206177). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Delete all matched events (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). Important SUSE bug 1151927 SUSE bug 1157049 SUSE bug 1190969 SUSE bug 1203183 SUSE bug 1204171 SUSE bug 1204250 SUSE bug 1204693 SUSE bug 1205256 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206174 SUSE bug 1206175 SUSE bug 1206176 SUSE bug 1206177 SUSE bug 1206178 SUSE bug 1206179 SUSE bug 1206389 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206664 CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2022-3105 at SUSE CVE-2022-3105 at NVD CVE-2022-3106 at SUSE CVE-2022-3106 at NVD CVE-2022-3107 at SUSE CVE-2022-3107 at NVD CVE-2022-3108 at SUSE CVE-2022-3108 at NVD CVE-2022-3111 at SUSE CVE-2022-3111 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-3643 at SUSE CVE-2022-3643 at NVD CVE-2022-42328 at SUSE CVE-2022-42328 at NVD CVE-2022-42329 at SUSE CVE-2022-42329 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch Important SUSE bug 1206212 CVE-2022-23491 at SUSE CVE-2022-23491 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385). - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386). - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504). - Fixed issue with bind start up (bsc#1205946). Important SUSE bug 1205385 SUSE bug 1205386 SUSE bug 1205946 SUSE bug 1206504 CVE-2022-37966 at SUSE CVE-2022-37966 at NVD CVE-2022-37967 at SUSE CVE-2022-37967 at NVD CVE-2022-38023 at SUSE CVE-2022-38023 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1156395 SUSE bug 1157049 SUSE bug 1190969 SUSE bug 1203183 SUSE bug 1203693 SUSE bug 1203740 SUSE bug 1204171 SUSE bug 1204250 SUSE bug 1204614 SUSE bug 1204693 SUSE bug 1204760 SUSE bug 1204989 SUSE bug 1205149 SUSE bug 1205256 SUSE bug 1205495 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206174 SUSE bug 1206175 SUSE bug 1206176 SUSE bug 1206177 SUSE bug 1206178 SUSE bug 1206179 SUSE bug 1206344 SUSE bug 1206389 SUSE bug 1206393 SUSE bug 1206394 SUSE bug 1206395 SUSE bug 1206397 SUSE bug 1206398 SUSE bug 1206399 SUSE bug 1206515 SUSE bug 1206602 SUSE bug 1206634 SUSE bug 1206635 SUSE bug 1206636 SUSE bug 1206637 SUSE bug 1206640 SUSE bug 1206641 SUSE bug 1206642 SUSE bug 1206643 SUSE bug 1206644 SUSE bug 1206645 SUSE bug 1206646 SUSE bug 1206647 SUSE bug 1206648 SUSE bug 1206649 SUSE bug 1206663 SUSE bug 1206664 SUSE bug 1206784 SUSE bug 1206841 SUSE bug 1206854 SUSE bug 1206855 SUSE bug 1206857 SUSE bug 1206858 SUSE bug 1206859 SUSE bug 1206860 SUSE bug 1206873 SUSE bug 1206875 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1206888 SUSE bug 1206889 SUSE bug 1206890 SUSE bug 1206891 SUSE bug 1206893 SUSE bug 1206896 SUSE bug 1206904 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207134 SUSE bug 1207186 SUSE bug 1207198 SUSE bug 1207218 SUSE bug 1207237 CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2022-3105 at SUSE CVE-2022-3105 at NVD CVE-2022-3106 at SUSE CVE-2022-3106 at NVD CVE-2022-3107 at SUSE CVE-2022-3107 at NVD CVE-2022-3108 at SUSE CVE-2022-3108 at NVD CVE-2022-3111 at SUSE CVE-2022-3111 at NVD CVE-2022-3112 at SUSE CVE-2022-3112 at NVD CVE-2022-3115 at SUSE CVE-2022-3115 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-3643 at SUSE CVE-2022-3643 at NVD CVE-2022-42328 at SUSE CVE-2022-42328 at NVD CVE-2022-42329 at SUSE CVE-2022-42329 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD CVE-2022-47520 at SUSE CVE-2022-47520 at NVD CVE-2022-47929 at SUSE CVE-2022-47929 at NVD CVE-2023-0266 at SUSE CVE-2023-0266 at NVD CVE-2023-23454 at SUSE CVE-2023-23454 at NVD CVE-2023-23455 at SUSE CVE-2023-23455 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). Important SUSE bug 1187748 SUSE bug 1188911 SUSE bug 1192838 SUSE bug 1192840 SUSE bug 1196046 SUSE bug 1199183 SUSE bug 1200262 SUSE bug 1200317 SUSE bug 1200501 SUSE bug 1200978 SUSE bug 1201604 SUSE bug 1201797 SUSE bug 1201837 SUSE bug 1201976 SUSE bug 1202077 SUSE bug 1202292 SUSE bug 1203375 SUSE bug 1204430 SUSE bug 1205025 SUSE bug 1205436 SUSE bug 1206158 CVE-2022-0670 at SUSE CVE-2022-0670 at NVD CVE-2022-3650 at SUSE CVE-2022-3650 at NVD CVE-2022-3854 at SUSE CVE-2022-3854 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). Moderate SUSE bug 1204364 CVE-2022-42969 at SUSE CVE-2022-42969 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). Important SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 at SUSE CVE-2021-20251 at NVD CVE-2022-38023 at SUSE CVE-2022-38023 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 Important SUSE bug 1206235 CVE-2022-23471 at SUSE CVE-2022-23471 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). Moderate SUSE bug 1208745 CVE-2023-27371 at SUSE CVE-2023-27371 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug was fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). Important SUSE bug 1201490 SUSE bug 1207416 SUSE bug 1209481 SUSE bug 1209483 SUSE bug 1209485 CVE-2022-32746 at SUSE CVE-2022-32746 at NVD CVE-2023-0225 at SUSE CVE-2023-0225 at NVD CVE-2023-0614 at SUSE CVE-2023-0614 at NVD CVE-2023-0922 at SUSE CVE-2023-0922 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). Moderate SUSE bug 1203201 SUSE bug 1206483 SUSE bug 1209361 SUSE bug 1209362 CVE-2023-28486 at SUSE CVE-2023-28486 at NVD CVE-2023-28487 at SUSE CVE-2023-28487 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). Important SUSE bug 1027519 SUSE bug 1205209 CVE-2022-23824 at SUSE CVE-2022-23824 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Important SUSE bug 1185232 SUSE bug 1185261 SUSE bug 1185441 SUSE bug 1185621 SUSE bug 1187071 SUSE bug 1187260 SUSE bug 1193282 SUSE bug 1198458 SUSE bug 1201066 SUSE bug 1202120 SUSE bug 1205588 CVE-2022-28737 at SUSE CVE-2022-28737 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Moderate SUSE bug 1207992 SUSE bug 1209209 SUSE bug 1209210 SUSE bug 1209211 SUSE bug 1209212 SUSE bug 1209214 CVE-2023-23916 at SUSE CVE-2023-23916 at NVD CVE-2023-27533 at SUSE CVE-2023-27533 at NVD CVE-2023-27534 at SUSE CVE-2023-27534 at NVD CVE-2023-27535 at SUSE CVE-2023-27535 at NVD CVE-2023-27536 at SUSE CVE-2023-27536 at NVD CVE-2023-27538 at SUSE CVE-2023-27538 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) Moderate SUSE bug 1207571 SUSE bug 1207957 SUSE bug 1207975 SUSE bug 1208358 CVE-2023-0687 at SUSE CVE-2023-0687 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 at SUSE CVE-2021-28153 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). Moderate SUSE bug 1208036 CVE-2023-23931 at SUSE CVE-2023-23931 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. Moderate SUSE bug 1209307 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209624 SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0464 at SUSE CVE-2023-0464 at NVD CVE-2023-0465 at SUSE CVE-2023-0465 at NVD CVE-2023-0466 at SUSE CVE-2023-0466 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). Important SUSE bug 1207168 SUSE bug 1207560 SUSE bug 1208137 SUSE bug 1208179 SUSE bug 1208598 SUSE bug 1208599 SUSE bug 1208601 SUSE bug 1208777 SUSE bug 1208787 SUSE bug 1208843 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209288 SUSE bug 1209289 SUSE bug 1209290 SUSE bug 1209291 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209672 SUSE bug 1209683 SUSE bug 1209778 SUSE bug 1209785 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2021-3923 at SUSE CVE-2021-3923 at NVD CVE-2022-4744 at SUSE CVE-2022-4744 at NVD CVE-2023-0394 at SUSE CVE-2023-0394 at NVD CVE-2023-0461 at SUSE CVE-2023-0461 at NVD CVE-2023-1075 at SUSE CVE-2023-1075 at NVD CVE-2023-1076 at SUSE CVE-2023-1076 at NVD CVE-2023-1078 at SUSE CVE-2023-1078 at NVD CVE-2023-1095 at SUSE CVE-2023-1095 at NVD CVE-2023-1281 at SUSE CVE-2023-1281 at NVD CVE-2023-1382 at SUSE CVE-2023-1382 at NVD CVE-2023-1390 at SUSE CVE-2023-1390 at NVD CVE-2023-1513 at SUSE CVE-2023-1513 at NVD CVE-2023-1582 at SUSE CVE-2023-1582 at NVD CVE-2023-23004 at SUSE CVE-2023-23004 at NVD CVE-2023-25012 at SUSE CVE-2023-25012 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-28464 at SUSE CVE-2023-28464 at NVD CVE-2023-28466 at SUSE CVE-2023-28466 at NVD CVE-2023-28772 at SUSE CVE-2023-28772 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed - podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common@v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix 'podman logs --since --follow' flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update podman to version 4.4.2: * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes - Add `crun` requirement for quadlet - Set PREFIX at build stage (bsc#1208510) - CVE-2023-0778: fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output 'ago' when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip 'Local forwarder, IPv4' test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support 'die' filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable 'podman run with ipam none driver' for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support '-o parent=XXX' for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of '--pids-limit' option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with '.' suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5@4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo@v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage@main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert 'Add checkpoint image tests' * Revert 'cmd/podman: add support for checkpoint images' * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods Important SUSE bug 1197093 SUSE bug 1208364 SUSE bug 1208510 SUSE bug 1209495 CVE-2023-0778 at SUSE CVE-2023-0778 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). Important SUSE bug 1207922 CVE-2023-25193 at SUSE CVE-2023-25193 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). Moderate SUSE bug 1208423 SUSE bug 1208426 CVE-2023-25153 at SUSE CVE-2023-25153 at NVD CVE-2023-25173 at SUSE CVE-2023-25173 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for wayland fixes the following issues: - CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) Important SUSE bug 1190486 CVE-2021-3782 at SUSE CVE-2021-3782 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-28464: Fixed use-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). The following non-security bugs were fixed: - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - net: ena: optimize data access in fast-path code (bsc#1208137). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). Important SUSE bug 1207168 SUSE bug 1208137 SUSE bug 1208598 SUSE bug 1208601 SUSE bug 1208787 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209288 SUSE bug 1209289 SUSE bug 1209290 SUSE bug 1209291 SUSE bug 1209366 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209634 SUSE bug 1209635 SUSE bug 1209636 SUSE bug 1209778 SUSE bug 1209785 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2021-3923 at SUSE CVE-2021-3923 at NVD CVE-2022-4744 at SUSE CVE-2022-4744 at NVD CVE-2023-0394 at SUSE CVE-2023-0394 at NVD CVE-2023-0461 at SUSE CVE-2023-0461 at NVD CVE-2023-1075 at SUSE CVE-2023-1075 at NVD CVE-2023-1078 at SUSE CVE-2023-1078 at NVD CVE-2023-1281 at SUSE CVE-2023-1281 at NVD CVE-2023-1382 at SUSE CVE-2023-1382 at NVD CVE-2023-1390 at SUSE CVE-2023-1390 at NVD CVE-2023-1513 at SUSE CVE-2023-1513 at NVD CVE-2023-1582 at SUSE CVE-2023-1582 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-28464 at SUSE CVE-2023-28464 at NVD CVE-2023-28466 at SUSE CVE-2023-28466 at NVD CVE-2023-28772 at SUSE CVE-2023-28772 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dnsmasq fixes the following issues: - CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358). Moderate SUSE bug 1209358 CVE-2023-28450 at SUSE CVE-2023-28450 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ovmf fixes the following issues: - CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). - CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). Important SUSE bug 1174246 SUSE bug 1196741 CVE-2019-14560 at SUSE CVE-2019-14560 at NVD CVE-2021-38578 at SUSE CVE-2021-38578 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of s390-tools fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 at SUSE CVE-2022-42898 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). Moderate SUSE bug 1210328 CVE-2023-1981 at SUSE CVE-2023-1981 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. Important SUSE bug 1168481 SUSE bug 1208962 SUSE bug 1209884 SUSE bug 1209888 CVE-2023-25809 at SUSE CVE-2023-25809 at NVD CVE-2023-27561 at SUSE CVE-2023-27561 at NVD CVE-2023-28642 at SUSE CVE-2023-28642 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Important SUSE bug 1207474 CVE-2022-4254 at SUSE CVE-2022-4254 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . Important SUSE bug 1065270 SUSE bug 1199132 SUSE bug 1204585 SUSE bug 1210411 SUSE bug 1210412 CVE-2021-3541 at SUSE CVE-2021-3541 at NVD CVE-2022-29824 at SUSE CVE-2022-29824 at NVD CVE-2023-28484 at SUSE CVE-2023-28484 at NVD CVE-2023-29469 at SUSE CVE-2023-29469 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). Important SUSE bug 1206022 SUSE bug 1206023 CVE-2023-1017 at SUSE CVE-2023-1017 at NVD CVE-2023-1018 at SUSE CVE-2023-1018 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). Moderate SUSE bug 1210507 CVE-2023-29383 at SUSE CVE-2023-29383 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). Moderate SUSE bug 1209533 CVE-2022-4899 at SUSE CVE-2022-4899 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). Moderate SUSE bug 1209713 SUSE bug 1209714 SUSE bug 1210135 CVE-2023-24593 at SUSE CVE-2023-24593 at NVD CVE-2023-25180 at SUSE CVE-2023-25180 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. Important SUSE bug 1210382 CVE-2022-28737 at SUSE CVE-2022-28737 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Moderate SUSE bug 1208828 SUSE bug 1209042 SUSE bug 1209187 CVE-2023-1127 at SUSE CVE-2023-1127 at NVD CVE-2023-1264 at SUSE CVE-2023-1264 at NVD CVE-2023-1355 at SUSE CVE-2023-1355 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). Moderate SUSE bug 1206866 SUSE bug 1206867 SUSE bug 1206868 SUSE bug 1207162 SUSE bug 1207396 CVE-2023-0049 at SUSE CVE-2023-0049 at NVD CVE-2023-0051 at SUSE CVE-2023-0051 at NVD CVE-2023-0054 at SUSE CVE-2023-0054 at NVD CVE-2023-0288 at SUSE CVE-2023-0288 at NVD CVE-2023-0433 at SUSE CVE-2023-0433 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). Moderate SUSE bug 1210434 CVE-2023-29491 at SUSE CVE-2023-29491 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). Important SUSE bug 1202353 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1209687 SUSE bug 1209739 SUSE bug 1209777 SUSE bug 1209871 SUSE bug 1210202 SUSE bug 1210203 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210414 SUSE bug 1210453 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210647 CVE-2020-36691 at SUSE CVE-2020-36691 at NVD CVE-2022-2196 at SUSE CVE-2022-2196 at NVD CVE-2023-1611 at SUSE CVE-2023-1611 at NVD CVE-2023-1670 at SUSE CVE-2023-1670 at NVD CVE-2023-1838 at SUSE CVE-2023-1838 at NVD CVE-2023-1855 at SUSE CVE-2023-1855 at NVD CVE-2023-1872 at SUSE CVE-2023-1872 at NVD CVE-2023-1989 at SUSE CVE-2023-1989 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-1998 at SUSE CVE-2023-1998 at NVD CVE-2023-2008 at SUSE CVE-2023-2008 at NVD CVE-2023-2124 at SUSE CVE-2023-2124 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-30772 at SUSE CVE-2023-30772 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). Important SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1206992 SUSE bug 1207088 SUSE bug 1209687 SUSE bug 1209739 SUSE bug 1209777 SUSE bug 1209871 SUSE bug 1210202 SUSE bug 1210203 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210414 SUSE bug 1210453 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210629 SUSE bug 1210647 CVE-2020-36691 at SUSE CVE-2020-36691 at NVD CVE-2022-2196 at SUSE CVE-2022-2196 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2023-1611 at SUSE CVE-2023-1611 at NVD CVE-2023-1670 at SUSE CVE-2023-1670 at NVD CVE-2023-1838 at SUSE CVE-2023-1838 at NVD CVE-2023-1855 at SUSE CVE-2023-1855 at NVD CVE-2023-1872 at SUSE CVE-2023-1872 at NVD CVE-2023-1989 at SUSE CVE-2023-1989 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-1998 at SUSE CVE-2023-1998 at NVD CVE-2023-2008 at SUSE CVE-2023-2008 at NVD CVE-2023-2124 at SUSE CVE-2023-2124 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-30772 at SUSE CVE-2023-30772 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). Moderate SUSE bug 1210418 CVE-2023-30630 at SUSE CVE-2023-30630 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). Important SUSE bug 1211231 SUSE bug 1211232 SUSE bug 1211233 SUSE bug 1211339 CVE-2023-28320 at SUSE CVE-2023-28320 at NVD CVE-2023-28321 at SUSE CVE-2023-28321 at NVD CVE-2023-28322 at SUSE CVE-2023-28322 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Moderate SUSE bug 1206667 CVE-2022-40897 at SUSE CVE-2022-40897 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile Important SUSE bug 1208479 SUSE bug 1211382 CVE-2022-33972 at SUSE CVE-2022-33972 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) Important SUSE bug 1210298 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support Important SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 CVE-2023-31124 at SUSE CVE-2023-31124 at NVD CVE-2023-31130 at SUSE CVE-2023-31130 at NVD CVE-2023-31147 at SUSE CVE-2023-31147 at NVD CVE-2023-32067 at SUSE CVE-2023-32067 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). Moderate SUSE bug 1208226 SUSE bug 1208227 SUSE bug 1208228 SUSE bug 1208229 SUSE bug 1208230 SUSE bug 1208231 SUSE bug 1208232 SUSE bug 1208233 SUSE bug 1208234 SUSE bug 1208236 CVE-2023-0795 at SUSE CVE-2023-0795 at NVD CVE-2023-0796 at SUSE CVE-2023-0796 at NVD CVE-2023-0797 at SUSE CVE-2023-0797 at NVD CVE-2023-0798 at SUSE CVE-2023-0798 at NVD CVE-2023-0799 at SUSE CVE-2023-0799 at NVD CVE-2023-0800 at SUSE CVE-2023-0800 at NVD CVE-2023-0801 at SUSE CVE-2023-0801 at NVD CVE-2023-0802 at SUSE CVE-2023-0802 at NVD CVE-2023-0803 at SUSE CVE-2023-0803 at NVD CVE-2023-0804 at SUSE CVE-2023-0804 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 at SUSE CVE-2023-2650 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). Important SUSE bug 1211643 CVE-2023-32324 at SUSE CVE-2023-32324 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of installation-images fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). Moderate SUSE bug 1211795 CVE-2023-2953 at SUSE CVE-2023-2953 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). Important SUSE bug 1199636 SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1208474 SUSE bug 1208604 SUSE bug 1209287 SUSE bug 1209779 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211105 SUSE bug 1211131 SUSE bug 1211186 SUSE bug 1211203 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211596 SUSE bug 1211622 CVE-2020-36694 at SUSE CVE-2020-36694 at NVD CVE-2022-3566 at SUSE CVE-2022-3566 at NVD CVE-2022-4269 at SUSE CVE-2022-4269 at NVD CVE-2022-45884 at SUSE CVE-2022-45884 at NVD CVE-2022-45885 at SUSE CVE-2022-45885 at NVD CVE-2022-45886 at SUSE CVE-2022-45886 at NVD CVE-2022-45887 at SUSE CVE-2022-45887 at NVD CVE-2022-45919 at SUSE CVE-2022-45919 at NVD CVE-2023-1079 at SUSE CVE-2023-1079 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-1637 at SUSE CVE-2023-1637 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2194 at SUSE CVE-2023-2194 at NVD CVE-2023-23586 at SUSE CVE-2023-23586 at NVD CVE-2023-2483 at SUSE CVE-2023-2483 at NVD CVE-2023-2513 at SUSE CVE-2023-2513 at NVD CVE-2023-31084 at SUSE CVE-2023-31084 at NVD CVE-2023-31436 at SUSE CVE-2023-31436 at NVD CVE-2023-32233 at SUSE CVE-2023-32233 at NVD CVE-2023-32269 at SUSE CVE-2023-32269 at NVD CVE-2023-33288 at SUSE CVE-2023-33288 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). Moderate SUSE bug 1211894 CVE-2023-2977 at SUSE CVE-2023-2977 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). Moderate SUSE bug 1203750 SUSE bug 1211158 CVE-2007-4559 at SUSE CVE-2007-4559 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) Moderate SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) Moderate SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) Moderate SUSE bug 1186945 SUSE bug 1207071 SUSE bug 1209233 SUSE bug 1211612 SUSE bug 1211754 SUSE bug 1212516 SUSE bug 1212517 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: - Fixed build problem with grpc 1.54 (bsc#1210695). Moderate SUSE bug 1210695 SUSE bug 1212143 CVE-2023-20867 at SUSE CVE-2023-20867 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). Important SUSE bug 1184208 SUSE bug 1199636 SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206024 SUSE bug 1208474 SUSE bug 1208604 SUSE bug 1209287 SUSE bug 1209779 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211037 SUSE bug 1211043 SUSE bug 1211105 SUSE bug 1211131 SUSE bug 1211186 SUSE bug 1211203 SUSE bug 1211590 SUSE bug 1211592 SUSE bug 1211596 SUSE bug 1211622 CVE-2020-36694 at SUSE CVE-2020-36694 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD CVE-2022-3566 at SUSE CVE-2022-3566 at NVD CVE-2022-4269 at SUSE CVE-2022-4269 at NVD CVE-2022-45884 at SUSE CVE-2022-45884 at NVD CVE-2022-45885 at SUSE CVE-2022-45885 at NVD CVE-2022-45886 at SUSE CVE-2022-45886 at NVD CVE-2022-45887 at SUSE CVE-2022-45887 at NVD CVE-2022-45919 at SUSE CVE-2022-45919 at NVD CVE-2023-1079 at SUSE CVE-2023-1079 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-1637 at SUSE CVE-2023-1637 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2194 at SUSE CVE-2023-2194 at NVD CVE-2023-23586 at SUSE CVE-2023-23586 at NVD CVE-2023-2483 at SUSE CVE-2023-2483 at NVD CVE-2023-2513 at SUSE CVE-2023-2513 at NVD CVE-2023-31084 at SUSE CVE-2023-31084 at NVD CVE-2023-31436 at SUSE CVE-2023-31436 at NVD CVE-2023-32233 at SUSE CVE-2023-32233 at NVD CVE-2023-32269 at SUSE CVE-2023-32269 at NVD CVE-2023-33288 at SUSE CVE-2023-33288 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). Important SUSE bug 1212102 CVE-2023-3138 at SUSE CVE-2023-3138 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). Important SUSE bug 1212230 CVE-2023-34241 at SUSE CVE-2023-34241 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). Important SUSE bug 1210996 SUSE bug 1211256 SUSE bug 1211257 CVE-2023-2426 at SUSE CVE-2023-2426 at NVD CVE-2023-2609 at SUSE CVE-2023-2609 at NVD CVE-2023-2610 at SUSE CVE-2023-2610 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - Drop dvb-core fix patch due to bug (bsc#1205758). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - k-m-s: Drop Linux 2.6 support - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). - sunrpc: Ensure the transport backchannel association (bsc#1211203). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). Important SUSE bug 1160435 SUSE bug 1172073 SUSE bug 1187829 SUSE bug 1191731 SUSE bug 1199046 SUSE bug 1199636 SUSE bug 1200217 SUSE bug 1202353 SUSE bug 1205758 SUSE bug 1207088 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209342 SUSE bug 1209739 SUSE bug 1210301 SUSE bug 1210469 SUSE bug 1210533 SUSE bug 1210791 SUSE bug 1211089 SUSE bug 1211203 SUSE bug 1211519 SUSE bug 1211592 SUSE bug 1211622 SUSE bug 1211796 SUSE bug 1212128 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212158 SUSE bug 1212494 SUSE bug 1212501 SUSE bug 1212502 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212606 SUSE bug 1212842 CVE-2023-1077 at SUSE CVE-2023-1077 at NVD CVE-2023-1249 at SUSE CVE-2023-1249 at NVD CVE-2023-2002 at SUSE CVE-2023-2002 at NVD CVE-2023-3090 at SUSE CVE-2023-3090 at NVD CVE-2023-3141 at SUSE CVE-2023-3141 at NVD CVE-2023-3159 at SUSE CVE-2023-3159 at NVD CVE-2023-3161 at SUSE CVE-2023-3161 at NVD CVE-2023-3268 at SUSE CVE-2023-3268 at NVD CVE-2023-3358 at SUSE CVE-2023-3358 at NVD CVE-2023-35788 at SUSE CVE-2023-35788 at NVD CVE-2023-35823 at SUSE CVE-2023-35823 at NVD CVE-2023-35824 at SUSE CVE-2023-35824 at NVD CVE-2023-35828 at SUSE CVE-2023-35828 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - Remove usrmerge compatibility symlink in buildroot (boo#1211796). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - usrmerge: Compatibility with earlier rpm (boo#1211796) - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). Important SUSE bug 1160435 SUSE bug 1172073 SUSE bug 1187829 SUSE bug 1191731 SUSE bug 1199046 SUSE bug 1200217 SUSE bug 1205758 SUSE bug 1208600 SUSE bug 1209039 SUSE bug 1209342 SUSE bug 1210533 SUSE bug 1210791 SUSE bug 1211089 SUSE bug 1211519 SUSE bug 1211796 SUSE bug 1212128 SUSE bug 1212129 SUSE bug 1212154 SUSE bug 1212158 SUSE bug 1212494 SUSE bug 1212501 SUSE bug 1212502 SUSE bug 1212504 SUSE bug 1212513 SUSE bug 1212606 SUSE bug 1212842 CVE-2023-1077 at SUSE CVE-2023-1077 at NVD CVE-2023-1249 at SUSE CVE-2023-1249 at NVD CVE-2023-2002 at SUSE CVE-2023-2002 at NVD CVE-2023-3090 at SUSE CVE-2023-3090 at NVD CVE-2023-3141 at SUSE CVE-2023-3141 at NVD CVE-2023-3159 at SUSE CVE-2023-3159 at NVD CVE-2023-3161 at SUSE CVE-2023-3161 at NVD CVE-2023-3268 at SUSE CVE-2023-3268 at NVD CVE-2023-3358 at SUSE CVE-2023-3358 at NVD CVE-2023-35788 at SUSE CVE-2023-35788 at NVD CVE-2023-35823 at SUSE CVE-2023-35823 at NVD CVE-2023-35824 at SUSE CVE-2023-35824 at NVD CVE-2023-35828 at SUSE CVE-2023-35828 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). Moderate SUSE bug 1211674 CVE-2023-32681 at SUSE CVE-2023-32681 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). Important SUSE bug 1206346 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). Moderate SUSE bug 1212126 CVE-2023-34969 at SUSE CVE-2023-34969 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). Important SUSE bug 1210999 CVE-2023-31484 at SUSE CVE-2023-31484 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] Important SUSE bug 1186673 SUSE bug 1209536 SUSE bug 1213004 SUSE bug 1213008 SUSE bug 1213504 CVE-2023-38408 at SUSE CVE-2023-38408 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). Moderate SUSE bug 1211419 CVE-2023-2603 at SUSE CVE-2023-2603 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Important SUSE bug 1213171 SUSE bug 1213172 SUSE bug 1213173 SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 at SUSE CVE-2022-2127 at NVD CVE-2023-34966 at SUSE CVE-2023-34966 at NVD CVE-2023-34967 at SUSE CVE-2023-34967 at NVD CVE-2023-34968 at SUSE CVE-2023-34968 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) Important SUSE bug 1121365 SUSE bug 1198472 SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 SUSE bug 1207538 CVE-2022-4304 at SUSE CVE-2022-4304 at NVD CVE-2022-4450 at SUSE CVE-2022-4450 at NVD CVE-2023-0215 at SUSE CVE-2023-0215 at NVD CVE-2023-0286 at SUSE CVE-2023-0286 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: Security fixes: - CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: - Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) - Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) Moderate SUSE bug 1210994 SUSE bug 1211591 SUSE bug 1211741 CVE-2023-28370 at SUSE CVE-2023-28370 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update fixes the following issues: python-tornado: - Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) prometheus-blackbox_exporter: - Use obscpio for go modules service - Set version number - Set build date from SOURCE_DATE_EPOCH - Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 - Avoid empty validation script - Add rc symlink for backwards compatibility spacecmd: - Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) Moderate SUSE bug 1208612 SUSE bug 1211741 SUSE bug 1212279 CVE-2023-28370 at SUSE CVE-2023-28370 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] Moderate SUSE bug 1201627 SUSE bug 1207534 SUSE bug 1213487 CVE-2022-4304 at SUSE CVE-2022-4304 at NVD CVE-2023-3446 at SUSE CVE-2023-3446 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). Moderate SUSE bug 1213286 CVE-2023-20593 at SUSE CVE-2023-20593 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for librsvg fixes the following issues: librsvg was updated to version 2.46.7: - CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502). Important SUSE bug 1213502 CVE-2023-38633 at SUSE CVE-2023-38633 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). Moderate SUSE bug 1213514 CVE-2022-41409 at SUSE CVE-2022-41409 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. Important SUSE bug 1181640 SUSE bug 1181961 SUSE bug 1193166 SUSE bug 1193273 SUSE bug 1197672 SUSE bug 1199790 SUSE bug 1202809 CVE-2021-20199 at SUSE CVE-2021-20199 at NVD CVE-2021-20206 at SUSE CVE-2021-20206 at NVD CVE-2021-4024 at SUSE CVE-2021-4024 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD CVE-2022-27649 at SUSE CVE-2022-27649 at NVD CVE-2022-2989 at SUSE CVE-2022-2989 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gstreamer-plugins-base fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). - CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131). Important SUSE bug 1213128 SUSE bug 1213131 CVE-2023-37327 at SUSE CVE-2023-37327 at NVD CVE-2023-37328 at SUSE CVE-2023-37328 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) Moderate SUSE bug 1213517 SUSE bug 1213853 CVE-2023-3817 at SUSE CVE-2023-3817 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). Moderate SUSE bug 1212928 CVE-2023-33460 at SUSE CVE-2023-33460 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) Moderate SUSE bug 1213287 CVE-2023-20569 at SUSE CVE-2023-20569 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) Important SUSE bug 1214054 CVE-2023-36054 at SUSE CVE-2023-36054 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for rsync fixes the following issues: - Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146) - Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145) - Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service). - Fix --delay-updates never updates after interruption (bsc#1204538) - Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154) - rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387) Moderate SUSE bug 1176160 SUSE bug 1201840 SUSE bug 1204538 CVE-2020-14387 at SUSE CVE-2020-14387 at NVD CVE-2022-29154 at SUSE CVE-2022-29154 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) - CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure. - CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure. - CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege. Important SUSE bug 1206418 SUSE bug 1214099 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2022-41804 at SUSE CVE-2022-41804 at NVD CVE-2023-23908 at SUSE CVE-2023-23908 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - get module prefix from kmod (bsc#1212835). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - remove more packaging cruft for sle &lt; 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). Important SUSE bug 1199304 SUSE bug 1206418 SUSE bug 1207270 SUSE bug 1210584 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212846 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213167 SUSE bug 1213245 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213354 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213653 SUSE bug 1213868 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2023-0459 at SUSE CVE-2023-0459 at NVD CVE-2023-20569 at SUSE CVE-2023-20569 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2985 at SUSE CVE-2023-2985 at NVD CVE-2023-3117 at SUSE CVE-2023-3117 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3390 at SUSE CVE-2023-3390 at NVD CVE-2023-35001 at SUSE CVE-2023-35001 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-3609 at SUSE CVE-2023-3609 at NVD CVE-2023-3611 at SUSE CVE-2023-3611 at NVD CVE-2023-3776 at SUSE CVE-2023-3776 at NVD CVE-2023-3812 at SUSE CVE-2023-3812 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Important SUSE bug 1207413 CVE-2022-48281 at SUSE CVE-2022-48281 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131). - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - get module prefix from kmod (bsc#1212835). - remove more packaging cruft for sle &lt; 12 sp3 - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension). - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that vid header offset + vid header size &lt;= alloc, size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). Important SUSE bug 1199304 SUSE bug 1206418 SUSE bug 1207270 SUSE bug 1210584 SUSE bug 1211131 SUSE bug 1211738 SUSE bug 1211867 SUSE bug 1212301 SUSE bug 1212741 SUSE bug 1212835 SUSE bug 1212846 SUSE bug 1213059 SUSE bug 1213061 SUSE bug 1213167 SUSE bug 1213245 SUSE bug 1213286 SUSE bug 1213287 SUSE bug 1213354 SUSE bug 1213543 SUSE bug 1213585 SUSE bug 1213586 SUSE bug 1213588 SUSE bug 1213653 SUSE bug 1213868 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2023-0459 at SUSE CVE-2023-0459 at NVD CVE-2023-20569 at SUSE CVE-2023-20569 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD CVE-2023-2156 at SUSE CVE-2023-2156 at NVD CVE-2023-2985 at SUSE CVE-2023-2985 at NVD CVE-2023-3117 at SUSE CVE-2023-3117 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3390 at SUSE CVE-2023-3390 at NVD CVE-2023-35001 at SUSE CVE-2023-35001 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-3609 at SUSE CVE-2023-3609 at NVD CVE-2023-3611 at SUSE CVE-2023-3611 at NVD CVE-2023-3776 at SUSE CVE-2023-3776 at NVD CVE-2023-3812 at SUSE CVE-2023-3812 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) Low SUSE bug 1214025 CVE-2023-4156 at SUSE CVE-2023-4156 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205) - CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850) - CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925) - CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609) - CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414) - CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011) Important SUSE bug 1188609 SUSE bug 1190011 SUSE bug 1207205 SUSE bug 1212850 SUSE bug 1213414 SUSE bug 1213925 CVE-2021-3638 at SUSE CVE-2021-3638 at NVD CVE-2021-3750 at SUSE CVE-2021-3750 at NVD CVE-2023-0330 at SUSE CVE-2023-0330 at NVD CVE-2023-3180 at SUSE CVE-2023-3180 at NVD CVE-2023-3301 at SUSE CVE-2023-3301 at NVD CVE-2023-3354 at SUSE CVE-2023-3354 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) Moderate SUSE bug 1027519 SUSE bug 1204489 SUSE bug 1213616 SUSE bug 1214082 SUSE bug 1214083 CVE-2022-40982 at SUSE CVE-2022-40982 at NVD CVE-2023-20569 at SUSE CVE-2023-20569 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 Important SUSE bug 1214248 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). Moderate SUSE bug 1210419 CVE-2023-2004 at SUSE CVE-2023-2004 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). Low SUSE bug 1214290 CVE-2023-4016 at SUSE CVE-2023-4016 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: - CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421) Important SUSE bug 1214566 CVE-2023-20900 at SUSE CVE-2023-20900 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at <https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. Moderate SUSE bug 1210797 SUSE bug 1212368 SUSE bug 1213120 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1214107 SUSE bug 1214108 SUSE bug 1214109 CVE-2023-28840 at SUSE CVE-2023-28840 at NVD CVE-2023-28841 at SUSE CVE-2023-28841 at NVD CVE-2023-28842 at SUSE CVE-2023-28842 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh2_org fixes the following issues: - CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527) Important SUSE bug 1214527 CVE-2020-22218 at SUSE CVE-2020-22218 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as “Hinglish”. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 Update to release 68.1: * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) Update to version 67.1: * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). Update to version 66.1: * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. Update to release 65.1 (jsc#SLE-11118): * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. Moderate SUSE bug 1030253 SUSE bug 1095425 SUSE bug 1103893 SUSE bug 1112183 SUSE bug 1146907 SUSE bug 1158955 SUSE bug 1159131 SUSE bug 1161007 SUSE bug 1162882 SUSE bug 1166844 SUSE bug 1167603 SUSE bug 1182252 SUSE bug 1182645 SUSE bug 1192935 SUSE bug 1193951 SUSE bug 354372 SUSE bug 437293 SUSE bug 824262 CVE-2020-10531 at SUSE CVE-2020-10531 at NVD CVE-2020-21913 at SUSE CVE-2020-21913 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371). Important SUSE bug 1188371 CVE-2019-11098 at SUSE CVE-2019-11098 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). Moderate SUSE bug 1198165 SUSE bug 1211078 CVE-2023-22652 at SUSE CVE-2023-22652 at NVD CVE-2023-30078 at SUSE CVE-2023-30078 at NVD CVE-2023-30079 at SUSE CVE-2023-30079 at NVD CVE-2023-32181 at SUSE CVE-2023-32181 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Important SUSE bug 1214052 CVE-2023-4039 at SUSE CVE-2023-4039 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). Important SUSE bug 1023051 SUSE bug 1203517 SUSE bug 1210448 SUSE bug 1213272 SUSE bug 1213546 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213916 SUSE bug 1213927 SUSE bug 1213968 SUSE bug 1213969 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214275 SUSE bug 1214297 SUSE bug 1214348 SUSE bug 1214350 SUSE bug 1214451 CVE-2022-36402 at SUSE CVE-2022-36402 at NVD CVE-2023-2007 at SUSE CVE-2023-2007 at NVD CVE-2023-20588 at SUSE CVE-2023-20588 at NVD CVE-2023-21400 at SUSE CVE-2023-21400 at NVD CVE-2023-34319 at SUSE CVE-2023-34319 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-3863 at SUSE CVE-2023-3863 at NVD CVE-2023-4128 at SUSE CVE-2023-4128 at NVD CVE-2023-4132 at SUSE CVE-2023-4132 at NVD CVE-2023-4133 at SUSE CVE-2023-4133 at NVD CVE-2023-4134 at SUSE CVE-2023-4134 at NVD CVE-2023-4147 at SUSE CVE-2023-4147 at NVD CVE-2023-4194 at SUSE CVE-2023-4194 at NVD CVE-2023-4273 at SUSE CVE-2023-4273 at NVD CVE-2023-4385 at SUSE CVE-2023-4385 at NVD CVE-2023-4387 at SUSE CVE-2023-4387 at NVD CVE-2023-4459 at SUSE CVE-2023-4459 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). Important SUSE bug 1214768 CVE-2023-39615 at SUSE CVE-2023-39615 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Important SUSE bug 1206212 SUSE bug 1206622 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). Important SUSE bug 1214254 SUSE bug 1215204 CVE-2023-32360 at SUSE CVE-2023-32360 at NVD CVE-2023-4504 at SUSE CVE-2023-4504 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). Important SUSE bug 1023051 SUSE bug 1203517 SUSE bug 1210448 SUSE bug 1213272 SUSE bug 1213546 SUSE bug 1213601 SUSE bug 1213666 SUSE bug 1213916 SUSE bug 1213927 SUSE bug 1213968 SUSE bug 1213969 SUSE bug 1213970 SUSE bug 1213971 SUSE bug 1214019 SUSE bug 1214120 SUSE bug 1214149 SUSE bug 1214275 SUSE bug 1214297 SUSE bug 1214348 SUSE bug 1214350 SUSE bug 1214451 CVE-2022-36402 at SUSE CVE-2022-36402 at NVD CVE-2023-2007 at SUSE CVE-2023-2007 at NVD CVE-2023-20588 at SUSE CVE-2023-20588 at NVD CVE-2023-21400 at SUSE CVE-2023-21400 at NVD CVE-2023-34319 at SUSE CVE-2023-34319 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-3863 at SUSE CVE-2023-3863 at NVD CVE-2023-4128 at SUSE CVE-2023-4128 at NVD CVE-2023-4132 at SUSE CVE-2023-4132 at NVD CVE-2023-4133 at SUSE CVE-2023-4133 at NVD CVE-2023-4134 at SUSE CVE-2023-4134 at NVD CVE-2023-4147 at SUSE CVE-2023-4147 at NVD CVE-2023-4194 at SUSE CVE-2023-4194 at NVD CVE-2023-4273 at SUSE CVE-2023-4273 at NVD CVE-2023-4385 at SUSE CVE-2023-4385 at NVD CVE-2023-4387 at SUSE CVE-2023-4387 at NVD CVE-2023-4459 at SUSE CVE-2023-4459 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) Moderate SUSE bug 1181477 SUSE bug 1196933 SUSE bug 1204942 SUSE bug 1205533 SUSE bug 1206402 SUSE bug 1206608 SUSE bug 1207543 SUSE bug 1207598 SUSE bug 1208928 SUSE bug 1209979 SUSE bug 1210015 SUSE bug 1210950 SUSE bug 1211598 SUSE bug 1211599 SUSE bug 1213127 CVE-2022-45154 at SUSE CVE-2022-45154 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). Important SUSE bug 1214692 CVE-2023-40217 at SUSE CVE-2023-40217 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: Update to 12.3.0 (build 22234872) (bsc#1214850) - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. - A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. - Building of the VMware Guest Authentication Service (VGAuth) using 'xml-security-c' and 'xerces-c' is being deprecated. - A number of Coverity reported issues have been addressed. - A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. - For issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md - The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests - jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. Important SUSE bug 1205927 SUSE bug 1214850 CVE-2023-20900 at SUSE CVE-2023-20900 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441) - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. (bsc#1214797, bsc#1193948) Bugs fixed: - Create minion_id with reproducible mtime - Fix broken tests to make them running in the testsuite - Fix detection of Salt codename by 'salt_version' execution module - Fix inconsistency in reported version by egg-info metadata (bsc#1215489) - Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844) - Fix the regression of user.present state when group is unset (bsc#1212855) - Fix utf8 handling in 'pass' renderer and make it more robust - Fix zypper repositories always being reconfigured - Make sure configured user is properly set by Salt (bsc#1210994) - Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794) - Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses (bsc#1213960, bsc#1213630, bsc#1213257) Moderate SUSE bug 1193948 SUSE bug 1210994 SUSE bug 1212794 SUSE bug 1212844 SUSE bug 1212855 SUSE bug 1213257 SUSE bug 1213441 SUSE bug 1213630 SUSE bug 1213960 SUSE bug 1214796 SUSE bug 1214797 SUSE bug 1215489 CVE-2023-20897 at SUSE CVE-2023-20897 at NVD CVE-2023-20898 at SUSE CVE-2023-20898 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616). Important SUSE bug 1213616 SUSE bug 1215145 SUSE bug 1215474 CVE-2023-20588 at SUSE CVE-2023-20588 at NVD CVE-2023-20593 at SUSE CVE-2023-20593 at NVD CVE-2023-34322 at SUSE CVE-2023-34322 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.8>. - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mdadm fixes the following issues: - CVE-2023-28736: Fixed a buffer overflow (bsc#1214244). - CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245). Moderate SUSE bug 1214244 SUSE bug 1214245 CVE-2023-28736 at SUSE CVE-2023-28736 at NVD CVE-2023-28938 at SUSE CVE-2023-28938 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources Important SUSE bug 1214922 SUSE bug 1214924 SUSE bug 1214925 SUSE bug 1215004 SUSE bug 1215006 SUSE bug 1215033 CVE-2023-4733 at SUSE CVE-2023-4733 at NVD CVE-2023-4734 at SUSE CVE-2023-4734 at NVD CVE-2023-4735 at SUSE CVE-2023-4735 at NVD CVE-2023-4738 at SUSE CVE-2023-4738 at NVD CVE-2023-4752 at SUSE CVE-2023-4752 at NVD CVE-2023-4781 at SUSE CVE-2023-4781 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). Moderate SUSE bug 1215683 SUSE bug 1215684 SUSE bug 1215685 CVE-2023-43785 at SUSE CVE-2023-43785 at NVD CVE-2023-43786 at SUSE CVE-2023-43786 at NVD CVE-2023-43787 at SUSE CVE-2023-43787 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). Important SUSE bug 1215713 CVE-2023-35945 at SUSE CVE-2023-35945 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). Low SUSE bug 1214806 CVE-2023-4641 at SUSE CVE-2023-4641 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). Moderate SUSE bug 1215889 CVE-2023-38546 at SUSE CVE-2023-38546 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). The following non-security bugs were fixed: - KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - kabi/severities: add mlx5 internal symbols - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#1195175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/mlx5: Fix flow counters SF bulk query len (bsc#1195175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175). - net/mlx5: Use order-0 allocations for EQs (bsc#1195175). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Important SUSE bug 1195175 SUSE bug 1204502 SUSE bug 1206677 SUSE bug 1207034 SUSE bug 1207497 SUSE bug 1207508 SUSE bug 1207769 SUSE bug 1207878 CVE-2022-3606 at SUSE CVE-2022-3606 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) - CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) - CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). Important SUSE bug 1176588 SUSE bug 1202845 SUSE bug 1207036 SUSE bug 1207270 SUSE bug 1208995 SUSE bug 1210169 SUSE bug 1210643 SUSE bug 1210658 SUSE bug 1212703 SUSE bug 1213812 SUSE bug 1214233 SUSE bug 1214351 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1215115 SUSE bug 1215117 SUSE bug 1215150 SUSE bug 1215221 SUSE bug 1215275 SUSE bug 1215299 SUSE bug 1215322 SUSE bug 1215356 CVE-2020-36766 at SUSE CVE-2020-36766 at NVD CVE-2023-1192 at SUSE CVE-2023-1192 at NVD CVE-2023-1206 at SUSE CVE-2023-1206 at NVD CVE-2023-1859 at SUSE CVE-2023-1859 at NVD CVE-2023-2177 at SUSE CVE-2023-2177 at NVD CVE-2023-23454 at SUSE CVE-2023-23454 at NVD CVE-2023-4004 at SUSE CVE-2023-4004 at NVD CVE-2023-40283 at SUSE CVE-2023-40283 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-4389 at SUSE CVE-2023-4389 at NVD CVE-2023-4622 at SUSE CVE-2023-4622 at NVD CVE-2023-4623 at SUSE CVE-2023-4623 at NVD CVE-2023-4881 at SUSE CVE-2023-4881 at NVD CVE-2023-4921 at SUSE CVE-2023-4921 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) Important SUSE bug 1215904 SUSE bug 1215905 SUSE bug 1215908 CVE-2023-4091 at SUSE CVE-2023-4091 at NVD CVE-2023-4154 at SUSE CVE-2023-4154 at NVD CVE-2023-42669 at SUSE CVE-2023-42669 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for conmon fixes the following issues: conmon is rebuilt with the current stable release go1.21 (bsc#1215806) Important SUSE bug 1215806 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). Important SUSE bug 1215761 SUSE bug 1215762 CVE-2023-40660 at SUSE CVE-2023-40660 at NVD CVE-2023-40661 at SUSE CVE-2023-40661 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). Moderate SUSE bug 1215968 CVE-2023-43804 at SUSE CVE-2023-43804 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) Important SUSE bug 1215286 SUSE bug 1215891 CVE-2023-4813 at SUSE CVE-2023-4813 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216006 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). Important SUSE bug 1212475 SUSE bug 1216006 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for grub2 fixes the following issues: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Important SUSE bug 1215935 SUSE bug 1215936 CVE-2023-4692 at SUSE CVE-2023-4692 at NVD CVE-2023-4693 at SUSE CVE-2023-4693 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). Important SUSE bug 1176588 SUSE bug 1202845 SUSE bug 1207270 SUSE bug 1208995 SUSE bug 1210169 SUSE bug 1210643 SUSE bug 1210658 SUSE bug 1212703 SUSE bug 1213812 SUSE bug 1214233 SUSE bug 1214351 SUSE bug 1214380 SUSE bug 1214386 SUSE bug 1215115 SUSE bug 1215117 SUSE bug 1215150 SUSE bug 1215221 SUSE bug 1215275 SUSE bug 1215299 SUSE bug 1215322 SUSE bug 1215356 CVE-2020-36766 at SUSE CVE-2020-36766 at NVD CVE-2023-1192 at SUSE CVE-2023-1192 at NVD CVE-2023-1206 at SUSE CVE-2023-1206 at NVD CVE-2023-1859 at SUSE CVE-2023-1859 at NVD CVE-2023-2177 at SUSE CVE-2023-2177 at NVD CVE-2023-4004 at SUSE CVE-2023-4004 at NVD CVE-2023-40283 at SUSE CVE-2023-40283 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-4389 at SUSE CVE-2023-4389 at NVD CVE-2023-4622 at SUSE CVE-2023-4622 at NVD CVE-2023-4623 at SUSE CVE-2023-4623 at NVD CVE-2023-4881 at SUSE CVE-2023-4881 at NVD CVE-2023-4921 at SUSE CVE-2023-4921 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). Important SUSE bug 1205767 SUSE bug 1207853 SUSE bug 1210335 CVE-2023-1829 at SUSE CVE-2023-1829 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. Important SUSE bug 1206480 SUSE bug 1206684 SUSE bug 1210557 SUSE bug 1211427 SUSE bug 1212101 SUSE bug 1213915 SUSE bug 1214052 SUSE bug 1214460 CVE-2023-4039 at SUSE CVE-2023-4039 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). - CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). - CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). Important SUSE bug 1215744 SUSE bug 1215746 SUSE bug 1215747 SUSE bug 1215748 CVE-2023-34323 at SUSE CVE-2023-34323 at NVD CVE-2023-34325 at SUSE CVE-2023-34325 at NVD CVE-2023-34326 at SUSE CVE-2023-34326 at NVD CVE-2023-34327 at SUSE CVE-2023-34327 at NVD CVE-2023-34328 at SUSE CVE-2023-34328 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh2_org fixes the following issues: - Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040] Update to 1.11.0: * Enhancements and bugfixes - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake 'unity' builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: now parses attribute extensions if they exist - SFTP: no longer will busy loop if SFTP fails to initialize - SFTP: now clear various errors as expected - SFTP: no longer skips files if the line buffer is too small - SCP: add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x - Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed 'old gex' build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Bump to version 1.10.0 * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type Moderate CVE-2019-17498 at SUSE CVE-2019-17498 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) Important SUSE bug 1216123 SUSE bug 1216174 CVE-2023-44487 at SUSE CVE-2023-44487 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). Moderate SUSE bug 1216378 CVE-2023-45853 at SUSE CVE-2023-45853 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433). Important SUSE bug 1216432 SUSE bug 1216433 CVE-2023-34058 at SUSE CVE-2023-34058 at NVD CVE-2023-34059 at SUSE CVE-2023-34059 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). Important SUSE bug 1210778 SUSE bug 1210853 SUSE bug 1212051 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215467 SUSE bug 1215518 SUSE bug 1215745 SUSE bug 1215858 SUSE bug 1215860 SUSE bug 1215861 SUSE bug 1216046 SUSE bug 1216051 SUSE bug 1216134 CVE-2023-2163 at SUSE CVE-2023-2163 at NVD CVE-2023-31085 at SUSE CVE-2023-31085 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2023-34324 at SUSE CVE-2023-34324 at NVD CVE-2023-3777 at SUSE CVE-2023-3777 at NVD CVE-2023-39189 at SUSE CVE-2023-39189 at NVD CVE-2023-39192 at SUSE CVE-2023-39192 at NVD CVE-2023-39193 at SUSE CVE-2023-39193 at NVD CVE-2023-39194 at SUSE CVE-2023-39194 at NVD CVE-2023-42754 at SUSE CVE-2023-42754 at NVD CVE-2023-45862 at SUSE CVE-2023-45862 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). Important SUSE bug 1212051 SUSE bug 1214842 SUSE bug 1215095 SUSE bug 1215467 SUSE bug 1215518 SUSE bug 1215745 SUSE bug 1215858 SUSE bug 1215860 SUSE bug 1215861 SUSE bug 1216046 CVE-2023-2163 at SUSE CVE-2023-2163 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2023-34324 at SUSE CVE-2023-34324 at NVD CVE-2023-3777 at SUSE CVE-2023-3777 at NVD CVE-2023-39189 at SUSE CVE-2023-39189 at NVD CVE-2023-39192 at SUSE CVE-2023-39192 at NVD CVE-2023-39193 at SUSE CVE-2023-39193 at NVD CVE-2023-39194 at SUSE CVE-2023-39194 at NVD CVE-2023-42754 at SUSE CVE-2023-42754 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). Moderate SUSE bug 1212535 SUSE bug 1212881 SUSE bug 1212883 SUSE bug 1212888 SUSE bug 1213273 SUSE bug 1213274 SUSE bug 1213589 SUSE bug 1213590 SUSE bug 1214574 CVE-2020-18768 at SUSE CVE-2020-18768 at NVD CVE-2023-25433 at SUSE CVE-2023-25433 at NVD CVE-2023-26966 at SUSE CVE-2023-26966 at NVD CVE-2023-2908 at SUSE CVE-2023-2908 at NVD CVE-2023-3316 at SUSE CVE-2023-3316 at NVD CVE-2023-3576 at SUSE CVE-2023-3576 at NVD CVE-2023-3618 at SUSE CVE-2023-3618 at NVD CVE-2023-38288 at SUSE CVE-2023-38288 at NVD CVE-2023-38289 at SUSE CVE-2023-38289 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) Important SUSE bug 1213293 SUSE bug 1213518 SUSE bug 1214477 SUSE bug 1215157 CVE-2023-34049 at SUSE CVE-2023-34049 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Important SUSE bug 1208138 CVE-2023-0767 at SUSE CVE-2023-0767 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) Important SUSE bug 1215278 CVE-2023-23583 at SUSE CVE-2023-23583 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. Important SUSE bug 1206480 SUSE bug 1206684 SUSE bug 1210557 SUSE bug 1211427 SUSE bug 1212101 SUSE bug 1213915 SUSE bug 1214052 SUSE bug 1214460 SUSE bug 1215427 SUSE bug 1216664 CVE-2023-4039 at SUSE CVE-2023-4039 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). Moderate SUSE bug 1216129 CVE-2023-45322 at SUSE CVE-2023-45322 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). Important SUSE bug 1216654 SUSE bug 1216807 CVE-2023-46835 at SUSE CVE-2023-46835 at NVD CVE-2023-46836 at SUSE CVE-2023-46836 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). Moderate SUSE bug 1216377 CVE-2023-45803 at SUSE CVE-2023-45803 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) Important SUSE bug 1215278 CVE-2023-23583 at SUSE CVE-2023-23583 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Important SUSE bug 1216922 CVE-2023-5678 at SUSE CVE-2023-5678 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for fdo-client fixes the following issues: - Removed build key via utils/keys_gen.sh. (bsc#1216293) Moderate SUSE bug 1216293 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) Important SUSE bug 1215940 SUSE bug 1216001 SUSE bug 1216167 SUSE bug 1216696 CVE-2023-46246 at SUSE CVE-2023-46246 at NVD CVE-2023-5344 at SUSE CVE-2023-5344 at NVD CVE-2023-5441 at SUSE CVE-2023-5441 at NVD CVE-2023-5535 at SUSE CVE-2023-5535 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380) - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) - CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the 'fragment table' fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * 'Non-anchored' excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows '.' to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for 'corrupted' filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new 'experts' category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use 'max open file limit' when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports 'Actions'. * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file 'R' definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports 'exclude' files. * Max depth traversal option added. * Unsquashfs can now output a 'Pseudo file' representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs '-stat' output. * Unsquashfs 'write outside directory' exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. Important SUSE bug 1189936 SUSE bug 1190531 SUSE bug 935380 CVE-2015-4645 at SUSE CVE-2015-4645 at NVD CVE-2015-4646 at SUSE CVE-2015-4646 at NVD CVE-2021-40153 at SUSE CVE-2021-40153 at NVD CVE-2021-41072 at SUSE CVE-2021-41072 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). Important SUSE bug 1210660 CVE-2023-2137 at SUSE CVE-2023-2137 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). Moderate SUSE bug 1202436 SUSE bug 1207753 CVE-2022-48303 at SUSE CVE-2022-48303 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. - CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. - CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. - CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. - CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. - CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. - CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. - CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. - CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). Important SUSE bug 1215823 SUSE bug 1215831 CVE-2021-26345 at SUSE CVE-2021-26345 at NVD CVE-2021-46766 at SUSE CVE-2021-46766 at NVD CVE-2021-46774 at SUSE CVE-2021-46774 at NVD CVE-2022-23820 at SUSE CVE-2022-23820 at NVD CVE-2022-23830 at SUSE CVE-2022-23830 at NVD CVE-2023-20519 at SUSE CVE-2023-20519 at NVD CVE-2023-20521 at SUSE CVE-2023-20521 at NVD CVE-2023-20526 at SUSE CVE-2023-20526 at NVD CVE-2023-20533 at SUSE CVE-2023-20533 at NVD CVE-2023-20566 at SUSE CVE-2023-20566 at NVD CVE-2023-20592 at SUSE CVE-2023-20592 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Important SUSE bug 1216410 SUSE bug 1217215 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). Moderate SUSE bug 1217573 CVE-2023-46218 at SUSE CVE-2023-46218 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 Important SUSE bug 1200528 CVE-2022-1996 at SUSE CVE-2022-1996 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). Important SUSE bug 1084909 SUSE bug 1210780 SUSE bug 1214037 SUSE bug 1214344 SUSE bug 1214764 SUSE bug 1215371 SUSE bug 1216058 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217140 SUSE bug 1217332 SUSE bug 1217408 SUSE bug 1217780 CVE-2023-31083 at SUSE CVE-2023-31083 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-39198 at SUSE CVE-2023-39198 at NVD CVE-2023-45863 at SUSE CVE-2023-45863 at NVD CVE-2023-45871 at SUSE CVE-2023-45871 at NVD CVE-2023-5717 at SUSE CVE-2023-5717 at NVD CVE-2023-6176 at SUSE CVE-2023-6176 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). Important SUSE bug 1084909 SUSE bug 1210780 SUSE bug 1214037 SUSE bug 1214344 SUSE bug 1214764 SUSE bug 1215371 SUSE bug 1216058 SUSE bug 1216259 SUSE bug 1216584 SUSE bug 1216965 SUSE bug 1216976 SUSE bug 1217140 SUSE bug 1217332 SUSE bug 1217408 SUSE bug 1217780 CVE-2023-31083 at SUSE CVE-2023-31083 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-39198 at SUSE CVE-2023-39198 at NVD CVE-2023-45863 at SUSE CVE-2023-45863 at NVD CVE-2023-45871 at SUSE CVE-2023-45871 at NVD CVE-2023-5717 at SUSE CVE-2023-5717 at NVD CVE-2023-6176 at SUSE CVE-2023-6176 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). Important SUSE bug 1208067 CVE-2022-4904 at SUSE CVE-2022-4904 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). - CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). - CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). - CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). Important SUSE bug 1199483 SUSE bug 1210231 SUSE bug 1211478 SUSE bug 1212398 SUSE bug 1214680 CVE-2022-1622 at SUSE CVE-2022-1622 at NVD CVE-2022-40090 at SUSE CVE-2022-40090 at NVD CVE-2023-1916 at SUSE CVE-2023-1916 at NVD CVE-2023-26965 at SUSE CVE-2023-26965 at NVD CVE-2023-2731 at SUSE CVE-2023-2731 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) Moderate SUSE bug 1201384 SUSE bug 1218014 CVE-2023-50495 at SUSE CVE-2023-50495 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump Important SUSE bug 1214788 SUSE bug 1217950 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). - CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). Moderate SUSE bug 1215947 SUSE bug 1216419 CVE-2023-38470 at SUSE CVE-2023-38470 at NVD CVE-2023-38473 at SUSE CVE-2023-38473 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). Moderate SUSE bug 1217592 CVE-2023-49083 at SUSE CVE-2023-49083 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) Important SUSE bug 1170415 SUSE bug 1170446 SUSE bug 1178760 SUSE bug 1210141 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1215323 SUSE bug 1217513 CVE-2020-12912 at SUSE CVE-2020-12912 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8695 at SUSE CVE-2020-8695 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for jbigkit fixes the following issues: - CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). Low SUSE bug 1198146 CVE-2022-1210 at SUSE CVE-2022-1210 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). Moderate SUSE bug 1217277 CVE-2023-5981 at SUSE CVE-2023-5981 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). Moderate SUSE bug 1205244 SUSE bug 1208443 CVE-2022-45061 at SUSE CVE-2022-45061 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Moderate SUSE bug 1206579 CVE-2022-47629 at SUSE CVE-2022-47629 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Important SUSE bug 1208275 SUSE bug 1208276 SUSE bug 1208277 CVE-2022-21216 at SUSE CVE-2022-21216 at NVD CVE-2022-33196 at SUSE CVE-2022-33196 at NVD CVE-2022-38090 at SUSE CVE-2022-38090 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399). - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073). - CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125). The following non-security bugs were fixed: - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - ext4: Detect already used quota file early (bsc#1206873). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - ibmveth: Always stop tx queues during close (bsc#1065729). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, memcg: do not high throttle allocators based on wraparound - mm, memcg: fix corruption on 64-bit divisor in memory.high throttling - mm, memcg: throttle allocators based on ancestral memory.high - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - module: Remove accidental change of module_enable_x() (git-fixes). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - modules: lockdep: Suppress suspicious RCU usage warning (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - nfs: Fix an Oops in nfs_d_automount() (git-fixes). - nfs: Fix memory leaks (git-fixes). - nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - nfs: Handle missing attributes in OPEN reply (bsc#1203740). - nfs: Zero-stateid SETATTR should first return delegation (git-fixes). - nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfs_find_open_context() may only select open files (git-fixes). - nfs: nfs_xdr_status should record the procedure name (git-fixes). - nfs: we do not support removing system.nfs4_acl (git-fixes). - nfsd: Clone should commit src file metadata too (git-fixes). - nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - nfsd: Keep existing listeners on portlist error (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix error handling in NFSv4.0 callbacks (git-fixes). - nfsd: safer handling of corrupted c_type (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: error out when relink swapfile (git-fixes). - nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - nfsv4: Fix races between open and dentry revalidation (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Do not start a timer on an already queued rpc task (git-fixes). - sunrpc: Fix missing release socket in rpc_sockname() (git-fixes). - sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Handle 0 length opaque XDR object data properly (git-fixes). - sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes). - sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - sunrpc: check that domain table is empty at module unload (git-fixes). - sunrpc: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Limit sparing table size (bsc#1206643). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1203740 SUSE bug 1204614 SUSE bug 1204989 SUSE bug 1205496 SUSE bug 1205601 SUSE bug 1205695 SUSE bug 1206073 SUSE bug 1206344 SUSE bug 1206393 SUSE bug 1206399 SUSE bug 1206515 SUSE bug 1206602 SUSE bug 1206634 SUSE bug 1206635 SUSE bug 1206636 SUSE bug 1206637 SUSE bug 1206640 SUSE bug 1206641 SUSE bug 1206642 SUSE bug 1206643 SUSE bug 1206644 SUSE bug 1206645 SUSE bug 1206646 SUSE bug 1206647 SUSE bug 1206648 SUSE bug 1206649 SUSE bug 1206841 SUSE bug 1206854 SUSE bug 1206855 SUSE bug 1206857 SUSE bug 1206858 SUSE bug 1206859 SUSE bug 1206860 SUSE bug 1206873 SUSE bug 1206875 SUSE bug 1206876 SUSE bug 1206877 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1206881 SUSE bug 1206882 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1206885 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1206888 SUSE bug 1206889 SUSE bug 1206890 SUSE bug 1206891 SUSE bug 1206893 SUSE bug 1206896 SUSE bug 1206904 SUSE bug 1207036 SUSE bug 1207125 CVE-2022-3112 at SUSE CVE-2022-3112 at NVD CVE-2022-3115 at SUSE CVE-2022-3115 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-47520 at SUSE CVE-2022-47520 at NVD CVE-2023-23454 at SUSE CVE-2023-23454 at NVD CVE-2023-23455 at SUSE CVE-2023-23455 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) Important SUSE bug 1178168 SUSE bug 1182066 SUSE bug 1198331 SUSE bug 1199282 CVE-2020-25659 at SUSE CVE-2020-25659 at NVD CVE-2020-36242 at SUSE CVE-2020-36242 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). Moderate SUSE bug 1208143 CVE-2023-0361 at SUSE CVE-2023-0361 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) Moderate SUSE bug 1204425 SUSE bug 1208881 CVE-2022-3555 at SUSE CVE-2022-3555 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 at SUSE CVE-2021-30560 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599). - CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - add support for enabling livepatching related packages on -RT (jsc#PED-1706) - add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149) - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - blktrace: ensure our debugfs dir exists (git-fixes). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - config.conf: Drop armv7l, Leap 15.3 is EOL. - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - delete config/armv7hl/default. - delete config/armv7hl/lpae. - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: fix flush with external metadata device (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm integrity: select CRYPTO_SKCIPHER (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm space maps: do not reset space map allocation cursor when committing (git-fixes). - dm table: Remove BUG_ON(in_interrupt()) (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm verity: fix require_signatures module_param permissions (git-fixes). - dm verity: skip verity work if I/O error when system is shutting down (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - drivers:md:fix a potential use-after-free bug (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - hid: betop: check shape of output reports (git-fixes, bsc#1207186). - hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - kabi/severities: add mlx5 internal symbols - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508). - loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix max value for 'first_minor' (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - nbd: make the config put is called before the notifying the waiter (git-fixes). - nbd: restore default timeout when setting it to zero (git-fixes). - net/mlx5: Allocate individual capability (bsc#119175). - net/mlx5: Dynamically resize flow counters query buffer (bsc#119175). - net/mlx5: Fix flow counters SF bulk query len (bsc#119175). - net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175). - net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175). - net/mlx5: Use order-0 allocations for EQs (bsc#119175). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - rbd: work around -Wuninitialized warning (git-fixes). - rdma/core: Fix ib block iterator counter overflow (bsc#1207878). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). - revert 'constraints: increase disk space for all architectures' (bsc#1203693). - rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well. - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings. - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: core: Fix capacity set to zero after offlinining device (git-fixes). - scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: core: free sgtables in case command setup fails (git-fixes). - scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes). - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes). - scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes). - scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes). - scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes). - scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes). - scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes). - scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add check to synchronize abort and flush (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes). - scsi: qedi: Fix failed disconnect handling (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: Check for negative result value (git-fixes). - scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Fix a race condition in the tracing code (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes). - scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes). - scsi: ufs: Fix irq return code (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: Fix tm request when non-fatal error happens (git-fixes). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes). - scsi: ufs: Fix up auto hibern8 enablement (git-fixes). - scsi: ufs: Fix wrong print message in dev_err() (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes). - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). Important SUSE bug 1186449 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1203693 SUSE bug 1204502 SUSE bug 1204760 SUSE bug 1205149 SUSE bug 1206351 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207034 SUSE bug 1207051 SUSE bug 1207134 SUSE bug 1207186 SUSE bug 1207237 SUSE bug 1207497 SUSE bug 1207508 SUSE bug 1207560 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1207878 SUSE bug 1208212 SUSE bug 1208599 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208776 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208845 SUSE bug 1208971 SUSE bug 1209008 CVE-2022-3606 at SUSE CVE-2022-3606 at NVD CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-38096 at SUSE CVE-2022-38096 at NVD CVE-2022-47929 at SUSE CVE-2022-47929 at NVD CVE-2023-0045 at SUSE CVE-2023-0045 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD CVE-2023-0266 at SUSE CVE-2023-0266 at NVD CVE-2023-0590 at SUSE CVE-2023-0590 at NVD CVE-2023-0597 at SUSE CVE-2023-0597 at NVD CVE-2023-1076 at SUSE CVE-2023-1076 at NVD CVE-2023-1095 at SUSE CVE-2023-1095 at NVD CVE-2023-1118 at SUSE CVE-2023-1118 at NVD CVE-2023-1195 at SUSE CVE-2023-1195 at NVD CVE-2023-22995 at SUSE CVE-2023-22995 at NVD CVE-2023-22998 at SUSE CVE-2023-22998 at NVD CVE-2023-23000 at SUSE CVE-2023-23000 at NVD CVE-2023-23004 at SUSE CVE-2023-23004 at NVD CVE-2023-23006 at SUSE CVE-2023-23006 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD CVE-2023-25012 at SUSE CVE-2023-25012 at NVD CVE-2023-26545 at SUSE CVE-2023-26545 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). Important SUSE bug 1186449 SUSE bug 1195175 SUSE bug 1198438 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1204356 SUSE bug 1204662 SUSE bug 1206103 SUSE bug 1206351 SUSE bug 1207051 SUSE bug 1207575 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1207875 SUSE bug 1208023 SUSE bug 1208153 SUSE bug 1208212 SUSE bug 1208700 SUSE bug 1208741 SUSE bug 1208776 SUSE bug 1208816 SUSE bug 1208837 SUSE bug 1208845 SUSE bug 1208971 CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-38096 at SUSE CVE-2022-38096 at NVD CVE-2023-0045 at SUSE CVE-2023-0045 at NVD CVE-2023-0590 at SUSE CVE-2023-0590 at NVD CVE-2023-0597 at SUSE CVE-2023-0597 at NVD CVE-2023-1118 at SUSE CVE-2023-1118 at NVD CVE-2023-22995 at SUSE CVE-2023-22995 at NVD CVE-2023-22998 at SUSE CVE-2023-22998 at NVD CVE-2023-23000 at SUSE CVE-2023-23000 at NVD CVE-2023-23006 at SUSE CVE-2023-23006 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD CVE-2023-26545 at SUSE CVE-2023-26545 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 Important SUSE bug 1207780 SUSE bug 1208828 SUSE bug 1208957 SUSE bug 1208959 CVE-2023-0512 at SUSE CVE-2023-0512 at NVD CVE-2023-1127 at SUSE CVE-2023-1127 at NVD CVE-2023-1170 at SUSE CVE-2023-1170 at NVD CVE-2023-1175 at SUSE CVE-2023-1175 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Moderate SUSE bug 1206673 CVE-2022-40899 at SUSE CVE-2022-40899 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers Moderate SUSE bug 1205375 SUSE bug 1206065 CVE-2022-36109 at SUSE CVE-2022-36109 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808). - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). - CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038). - CVE-2022-1050: Fixed a use-after-free issue in pvrdma_exec_cmd() in pvrdma (bsc#1197653). - CVE-2021-3929: Fixed a DMA reentrancy issue leads to use-after-free in nvme (bsc#1193880). The following non-security bugs were fixed: - Fix bsc#1202364. Important SUSE bug 1180207 SUSE bug 1185000 SUSE bug 1193880 SUSE bug 1197653 SUSE bug 1198038 SUSE bug 1202364 SUSE bug 1205808 CVE-2020-14394 at SUSE CVE-2020-14394 at NVD CVE-2021-3507 at SUSE CVE-2021-3507 at NVD CVE-2021-3929 at SUSE CVE-2021-3929 at NVD CVE-2022-0216 at SUSE CVE-2022-0216 at NVD CVE-2022-1050 at SUSE CVE-2022-1050 at NVD CVE-2022-4144 at SUSE CVE-2022-4144 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). Important SUSE bug 1209017 SUSE bug 1209018 SUSE bug 1209019 SUSE bug 1209188 CVE-2022-42331 at SUSE CVE-2022-42331 at NVD CVE-2022-42332 at SUSE CVE-2022-42332 at NVD CVE-2022-42333 at SUSE CVE-2022-42333 at NVD CVE-2022-42334 at SUSE CVE-2022-42334 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). Important SUSE bug 1203355 SUSE bug 1208471 CVE-2023-24329 at SUSE CVE-2023-24329 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for polkit fixes the following issues: - Change permissions for rules folders (bsc#1209282) Moderate SUSE bug 1209282 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). Important SUSE bug 1220770 SUSE bug 1220771 CVE-2024-26458 at SUSE CVE-2024-26458 at NVD CVE-2024-26461 at SUSE CVE-2024-26461 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677). Important SUSE bug 1221677 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libvirt fixes the following issues: - CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation (bsc#1221815). Moderate SUSE bug 1221815 CVE-2024-2494 at SUSE CVE-2024-2494 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). Important SUSE bug 1179610 SUSE bug 1211226 SUSE bug 1215237 SUSE bug 1215375 SUSE bug 1217250 SUSE bug 1217709 SUSE bug 1217946 SUSE bug 1217947 SUSE bug 1218105 SUSE bug 1218184 SUSE bug 1218253 SUSE bug 1218258 SUSE bug 1218559 CVE-2020-26555 at SUSE CVE-2020-26555 at NVD CVE-2023-51779 at SUSE CVE-2023-51779 at NVD CVE-2023-6121 at SUSE CVE-2023-6121 at NVD CVE-2023-6606 at SUSE CVE-2023-6606 at NVD CVE-2023-6610 at SUSE CVE-2023-6610 at NVD CVE-2023-6931 at SUSE CVE-2023-6931 at NVD CVE-2023-6932 at SUSE CVE-2023-6932 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). Moderate SUSE bug 1216594 SUSE bug 1216598 CVE-2023-38469 at SUSE CVE-2023-38469 at NVD CVE-2023-38471 at SUSE CVE-2023-38471 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) Moderate SUSE bug 1221665 SUSE bug 1221667 CVE-2024-2004 at SUSE CVE-2024-2004 at NVD CVE-2024-2398 at SUSE CVE-2024-2398 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). Moderate SUSE bug 1220061 CVE-2023-45918 at SUSE CVE-2023-45918 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). Moderate SUSE bug 1220279 CVE-2024-25629 at SUSE CVE-2024-25629 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20240312 release. (bsc#1221323) - CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access - CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. - CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel? SGX may allow a privileged user to potentially enable information disclosure via local access. Moderate SUSE bug 1221323 CVE-2023-22655 at SUSE CVE-2023-22655 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-38575 at SUSE CVE-2023-38575 at NVD CVE-2023-39368 at SUSE CVE-2023-39368 at NVD CVE-2023-43490 at SUSE CVE-2023-43490 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) - Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * https://github.com/containers/buildah/releases/tag/v1.34.0 * https://github.com/containers/buildah/releases/tag/v1.33.0 * https://github.com/containers/buildah/releases/tag/v1.32.0 * https://github.com/containers/buildah/releases/tag/v1.31.0 * https://github.com/containers/buildah/releases/tag/v1.30.0 - Require cni-plugins (bsc#1220568) Important SUSE bug 1219563 SUSE bug 1220568 SUSE bug 1221677 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) Moderate SUSE bug 1221332 SUSE bug 1221334 CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2024-2193 at SUSE CVE-2024-2193 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) Important SUSE bug 1221399 CVE-2024-28182 at SUSE CVE-2024-28182 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) Important SUSE bug 1194038 SUSE bug 1207987 SUSE bug 1221831 CVE-2024-28085 at SUSE CVE-2024-28085 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). Important SUSE bug 1219901 CVE-2022-48624 at SUSE CVE-2022-48624 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) Moderate SUSE bug 1175678 SUSE bug 1218171 SUSE bug 1218544 SUSE bug 1221525 CVE-2024-0217 at SUSE CVE-2024-0217 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) Moderate SUSE bug 1217000 SUSE bug 1218475 CVE-2024-22365 at SUSE CVE-2024-22365 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) Important SUSE bug 1198101 SUSE bug 1205588 SUSE bug 1205855 SUSE bug 1210382 SUSE bug 1213945 SUSE bug 1215098 SUSE bug 1215099 SUSE bug 1215100 SUSE bug 1215101 SUSE bug 1215102 SUSE bug 1215103 SUSE bug 1219460 CVE-2022-28737 at SUSE CVE-2022-28737 at NVD CVE-2023-40546 at SUSE CVE-2023-40546 at NVD CVE-2023-40547 at SUSE CVE-2023-40547 at NVD CVE-2023-40548 at SUSE CVE-2023-40548 at NVD CVE-2023-40549 at SUSE CVE-2023-40549 at NVD CVE-2023-40550 at SUSE CVE-2023-40550 at NVD CVE-2023-40551 at SUSE CVE-2023-40551 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) Important SUSE bug 1222992 CVE-2024-2961 at SUSE CVE-2024-2961 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). Moderate SUSE bug 1222842 CVE-2024-3651 at SUSE CVE-2024-3651 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556). - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560). - CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561). - CVE-2021-46908: Fixed incorrect permission flag for mixed signed bounds arithmetic in bpf (bsc#1220425). - CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq (bsc#1220554). - CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580). - CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583). - CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566). - CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662). - CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi (bsc#1220615). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532). - CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand() (bsc#1220536). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743). - CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575). - CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638). - CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625). - CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en (bsc#1220794). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692). - CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi (bsc#1220764). - CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768). - CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769). - CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779). - CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777). - CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749). - CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739). - CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829). - CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic (bsc#1220846). - CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850). - CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532). - CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541). - CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548). - CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4 (bsc#1221575). - CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605). - CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608). - CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47136: Fixed uninitialized memory access caused by allocation via zero-initialize tc skb extension in net (bsc#1221931). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934). - CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935). - CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949). - CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952). - CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965). - CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998). - CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991). - CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002). - CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000). - CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004). - CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994). - CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992). - CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47176: Fixed crash with illegal operation exception in dasd_device_tasklet in s390/dasd (bsc#1221996). - CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997). - CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4 (bsc#1222001). - CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - doc/README.SUSE: Update information about module support status (jsc#PED-5759) - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - group-source-files.pl: Quote filenames (boo#1221077). - mm: fix gup_pud_range (bsc#1220824). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). Altered because 5.3 does not do SSP Important SUSE bug 1192145 SUSE bug 1209657 SUSE bug 1218336 SUSE bug 1218447 SUSE bug 1218479 SUSE bug 1218562 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220320 SUSE bug 1220340 SUSE bug 1220366 SUSE bug 1220400 SUSE bug 1220411 SUSE bug 1220413 SUSE bug 1220414 SUSE bug 1220425 SUSE bug 1220426 SUSE bug 1220429 SUSE bug 1220432 SUSE bug 1220442 SUSE bug 1220445 SUSE bug 1220465 SUSE bug 1220468 SUSE bug 1220475 SUSE bug 1220484 SUSE bug 1220486 SUSE bug 1220487 SUSE bug 1220516 SUSE bug 1220521 SUSE bug 1220528 SUSE bug 1220529 SUSE bug 1220532 SUSE bug 1220536 SUSE bug 1220554 SUSE bug 1220556 SUSE bug 1220557 SUSE bug 1220560 SUSE bug 1220561 SUSE bug 1220566 SUSE bug 1220575 SUSE bug 1220580 SUSE bug 1220583 SUSE bug 1220611 SUSE bug 1220615 SUSE bug 1220621 SUSE bug 1220625 SUSE bug 1220630 SUSE bug 1220631 SUSE bug 1220638 SUSE bug 1220639 SUSE bug 1220640 SUSE bug 1220662 SUSE bug 1220663 SUSE bug 1220669 SUSE bug 1220670 SUSE bug 1220677 SUSE bug 1220678 SUSE bug 1220685 SUSE bug 1220687 SUSE bug 1220688 SUSE bug 1220692 SUSE bug 1220697 SUSE bug 1220703 SUSE bug 1220706 SUSE bug 1220733 SUSE bug 1220734 SUSE bug 1220739 SUSE bug 1220743 SUSE bug 1220749 SUSE bug 1220751 SUSE bug 1220753 SUSE bug 1220758 SUSE bug 1220759 SUSE bug 1220764 SUSE bug 1220768 SUSE bug 1220769 SUSE bug 1220777 SUSE bug 1220779 SUSE bug 1220785 SUSE bug 1220790 SUSE bug 1220794 SUSE bug 1220824 SUSE bug 1220829 SUSE bug 1220836 SUSE bug 1220846 SUSE bug 1220850 SUSE bug 1220861 SUSE bug 1220871 SUSE bug 1220883 SUSE bug 1220946 SUSE bug 1220954 SUSE bug 1220969 SUSE bug 1220979 SUSE bug 1220982 SUSE bug 1220985 SUSE bug 1220987 SUSE bug 1221015 SUSE bug 1221044 SUSE bug 1221058 SUSE bug 1221061 SUSE bug 1221077 SUSE bug 1221088 SUSE bug 1221276 SUSE bug 1221293 SUSE bug 1221532 SUSE bug 1221534 SUSE bug 1221541 SUSE bug 1221548 SUSE bug 1221552 SUSE bug 1221575 SUSE bug 1221605 SUSE bug 1221606 SUSE bug 1221608 SUSE bug 1221830 SUSE bug 1221931 SUSE bug 1221932 SUSE bug 1221934 SUSE bug 1221935 SUSE bug 1221949 SUSE bug 1221952 SUSE bug 1221965 SUSE bug 1221966 SUSE bug 1221969 SUSE bug 1221973 SUSE bug 1221974 SUSE bug 1221978 SUSE bug 1221989 SUSE bug 1221990 SUSE bug 1221991 SUSE bug 1221992 SUSE bug 1221993 SUSE bug 1221994 SUSE bug 1221996 SUSE bug 1221997 SUSE bug 1221998 SUSE bug 1221999 SUSE bug 1222000 SUSE bug 1222001 SUSE bug 1222002 SUSE bug 1222003 SUSE bug 1222004 SUSE bug 1222117 SUSE bug 1222422 SUSE bug 1222585 SUSE bug 1222619 SUSE bug 1222660 SUSE bug 1222664 SUSE bug 1222669 SUSE bug 1222706 SUSE bug 1222878 CVE-2020-36780 at SUSE CVE-2020-36780 at NVD CVE-2020-36781 at SUSE CVE-2020-36781 at NVD CVE-2020-36782 at SUSE CVE-2020-36782 at NVD CVE-2020-36783 at SUSE CVE-2020-36783 at NVD CVE-2021-46908 at SUSE CVE-2021-46908 at NVD CVE-2021-46909 at SUSE CVE-2021-46909 at NVD CVE-2021-46911 at SUSE CVE-2021-46911 at NVD CVE-2021-46914 at SUSE CVE-2021-46914 at NVD CVE-2021-46917 at SUSE CVE-2021-46917 at NVD CVE-2021-46918 at SUSE CVE-2021-46918 at NVD CVE-2021-46919 at SUSE CVE-2021-46919 at NVD CVE-2021-46920 at SUSE CVE-2021-46920 at NVD CVE-2021-46921 at SUSE CVE-2021-46921 at NVD CVE-2021-46922 at SUSE CVE-2021-46922 at NVD CVE-2021-46930 at SUSE CVE-2021-46930 at NVD CVE-2021-46931 at SUSE CVE-2021-46931 at NVD CVE-2021-46933 at SUSE CVE-2021-46933 at NVD CVE-2021-46938 at SUSE CVE-2021-46938 at NVD CVE-2021-46939 at SUSE CVE-2021-46939 at NVD CVE-2021-46943 at SUSE CVE-2021-46943 at NVD CVE-2021-46944 at SUSE CVE-2021-46944 at NVD CVE-2021-46950 at SUSE CVE-2021-46950 at NVD CVE-2021-46951 at SUSE CVE-2021-46951 at NVD CVE-2021-46956 at SUSE CVE-2021-46956 at NVD CVE-2021-46958 at SUSE CVE-2021-46958 at NVD CVE-2021-46959 at SUSE CVE-2021-46959 at NVD CVE-2021-46960 at SUSE CVE-2021-46960 at NVD CVE-2021-46961 at SUSE CVE-2021-46961 at NVD CVE-2021-46962 at SUSE CVE-2021-46962 at NVD CVE-2021-46963 at SUSE CVE-2021-46963 at NVD CVE-2021-46971 at SUSE CVE-2021-46971 at NVD CVE-2021-46976 at SUSE CVE-2021-46976 at NVD CVE-2021-46980 at SUSE CVE-2021-46980 at NVD CVE-2021-46981 at SUSE CVE-2021-46981 at NVD CVE-2021-46983 at SUSE CVE-2021-46983 at NVD CVE-2021-46984 at SUSE CVE-2021-46984 at NVD CVE-2021-46988 at SUSE CVE-2021-46988 at NVD CVE-2021-46990 at SUSE CVE-2021-46990 at NVD CVE-2021-46991 at SUSE CVE-2021-46991 at NVD CVE-2021-46992 at SUSE CVE-2021-46992 at NVD CVE-2021-46998 at SUSE CVE-2021-46998 at NVD CVE-2021-47000 at SUSE CVE-2021-47000 at NVD CVE-2021-47001 at SUSE CVE-2021-47001 at NVD CVE-2021-47003 at SUSE CVE-2021-47003 at NVD CVE-2021-47006 at SUSE CVE-2021-47006 at NVD CVE-2021-47009 at SUSE CVE-2021-47009 at NVD CVE-2021-47014 at SUSE CVE-2021-47014 at NVD CVE-2021-47015 at SUSE CVE-2021-47015 at NVD CVE-2021-47017 at SUSE CVE-2021-47017 at NVD CVE-2021-47020 at SUSE CVE-2021-47020 at NVD CVE-2021-47026 at SUSE CVE-2021-47026 at NVD CVE-2021-47034 at SUSE CVE-2021-47034 at NVD CVE-2021-47035 at SUSE CVE-2021-47035 at NVD CVE-2021-47038 at SUSE CVE-2021-47038 at NVD CVE-2021-47044 at SUSE CVE-2021-47044 at NVD CVE-2021-47045 at SUSE CVE-2021-47045 at NVD CVE-2021-47046 at SUSE CVE-2021-47046 at NVD CVE-2021-47049 at SUSE CVE-2021-47049 at NVD CVE-2021-47051 at SUSE CVE-2021-47051 at NVD CVE-2021-47055 at SUSE CVE-2021-47055 at NVD CVE-2021-47056 at SUSE CVE-2021-47056 at NVD CVE-2021-47058 at SUSE CVE-2021-47058 at NVD CVE-2021-47063 at SUSE CVE-2021-47063 at NVD CVE-2021-47065 at SUSE CVE-2021-47065 at NVD CVE-2021-47068 at SUSE CVE-2021-47068 at NVD CVE-2021-47070 at SUSE CVE-2021-47070 at NVD CVE-2021-47071 at SUSE CVE-2021-47071 at NVD CVE-2021-47073 at SUSE CVE-2021-47073 at NVD CVE-2021-47077 at SUSE CVE-2021-47077 at NVD CVE-2021-47082 at SUSE CVE-2021-47082 at NVD CVE-2021-47087 at SUSE CVE-2021-47087 at NVD CVE-2021-47095 at SUSE CVE-2021-47095 at NVD CVE-2021-47097 at SUSE CVE-2021-47097 at NVD CVE-2021-47100 at SUSE CVE-2021-47100 at NVD CVE-2021-47101 at SUSE CVE-2021-47101 at NVD CVE-2021-47109 at SUSE CVE-2021-47109 at NVD CVE-2021-47110 at SUSE CVE-2021-47110 at NVD CVE-2021-47112 at SUSE CVE-2021-47112 at NVD CVE-2021-47114 at SUSE CVE-2021-47114 at NVD CVE-2021-47117 at SUSE CVE-2021-47117 at NVD CVE-2021-47118 at SUSE CVE-2021-47118 at NVD CVE-2021-47119 at SUSE CVE-2021-47119 at NVD CVE-2021-47120 at SUSE CVE-2021-47120 at NVD CVE-2021-47130 at SUSE CVE-2021-47130 at NVD CVE-2021-47136 at SUSE CVE-2021-47136 at NVD CVE-2021-47137 at SUSE CVE-2021-47137 at NVD CVE-2021-47138 at SUSE CVE-2021-47138 at NVD CVE-2021-47139 at SUSE CVE-2021-47139 at NVD CVE-2021-47141 at SUSE CVE-2021-47141 at NVD CVE-2021-47142 at SUSE CVE-2021-47142 at NVD CVE-2021-47144 at SUSE CVE-2021-47144 at NVD CVE-2021-47150 at SUSE CVE-2021-47150 at NVD CVE-2021-47153 at SUSE CVE-2021-47153 at NVD CVE-2021-47160 at SUSE CVE-2021-47160 at NVD CVE-2021-47161 at SUSE CVE-2021-47161 at NVD CVE-2021-47164 at SUSE CVE-2021-47164 at NVD CVE-2021-47165 at SUSE CVE-2021-47165 at NVD CVE-2021-47166 at SUSE CVE-2021-47166 at NVD CVE-2021-47167 at SUSE CVE-2021-47167 at NVD CVE-2021-47168 at SUSE CVE-2021-47168 at NVD CVE-2021-47169 at SUSE CVE-2021-47169 at NVD CVE-2021-47170 at SUSE CVE-2021-47170 at NVD CVE-2021-47171 at SUSE CVE-2021-47171 at NVD CVE-2021-47172 at SUSE CVE-2021-47172 at NVD CVE-2021-47173 at SUSE CVE-2021-47173 at NVD CVE-2021-47174 at SUSE CVE-2021-47174 at NVD CVE-2021-47175 at SUSE CVE-2021-47175 at NVD CVE-2021-47176 at SUSE CVE-2021-47176 at NVD CVE-2021-47177 at SUSE CVE-2021-47177 at NVD CVE-2021-47179 at SUSE CVE-2021-47179 at NVD CVE-2021-47180 at SUSE CVE-2021-47180 at NVD CVE-2021-47181 at SUSE CVE-2021-47181 at NVD CVE-2021-47183 at SUSE CVE-2021-47183 at NVD CVE-2021-47185 at SUSE CVE-2021-47185 at NVD CVE-2021-47189 at SUSE CVE-2021-47189 at NVD CVE-2021-47202 at SUSE CVE-2021-47202 at NVD CVE-2022-48626 at SUSE CVE-2022-48626 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-52454 at SUSE CVE-2023-52454 at NVD CVE-2023-52469 at SUSE CVE-2023-52469 at NVD CVE-2023-52470 at SUSE CVE-2023-52470 at NVD CVE-2023-52474 at SUSE CVE-2023-52474 at NVD CVE-2023-52476 at SUSE CVE-2023-52476 at NVD CVE-2023-52477 at SUSE CVE-2023-52477 at NVD CVE-2023-52492 at SUSE CVE-2023-52492 at NVD CVE-2023-52500 at SUSE CVE-2023-52500 at NVD CVE-2023-52508 at SUSE CVE-2023-52508 at NVD CVE-2023-52509 at SUSE CVE-2023-52509 at NVD CVE-2023-52572 at SUSE CVE-2023-52572 at NVD CVE-2023-52575 at SUSE CVE-2023-52575 at NVD CVE-2023-52583 at SUSE CVE-2023-52583 at NVD CVE-2023-52590 at SUSE CVE-2023-52590 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52607 at SUSE CVE-2023-52607 at NVD CVE-2023-52628 at SUSE CVE-2023-52628 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2023-7192 at SUSE CVE-2023-7192 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-26600 at SUSE CVE-2024-26600 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - group-source-files.pl: Quote filenames (boo#1221077). - kernel-binary: certs: Avoid trailing space - mm: fix gup_pud_range (bsc#1220824). Important SUSE bug 1184942 SUSE bug 1186060 SUSE bug 1192145 SUSE bug 1194516 SUSE bug 1208995 SUSE bug 1209635 SUSE bug 1209657 SUSE bug 1212514 SUSE bug 1213456 SUSE bug 1217987 SUSE bug 1217988 SUSE bug 1217989 SUSE bug 1218336 SUSE bug 1218447 SUSE bug 1218479 SUSE bug 1218562 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220320 SUSE bug 1220340 SUSE bug 1220366 SUSE bug 1220400 SUSE bug 1220411 SUSE bug 1220413 SUSE bug 1220414 SUSE bug 1220425 SUSE bug 1220426 SUSE bug 1220429 SUSE bug 1220432 SUSE bug 1220442 SUSE bug 1220445 SUSE bug 1220465 SUSE bug 1220468 SUSE bug 1220475 SUSE bug 1220484 SUSE bug 1220486 SUSE bug 1220487 SUSE bug 1220516 SUSE bug 1220521 SUSE bug 1220528 SUSE bug 1220529 SUSE bug 1220532 SUSE bug 1220554 SUSE bug 1220556 SUSE bug 1220557 SUSE bug 1220560 SUSE bug 1220561 SUSE bug 1220566 SUSE bug 1220575 SUSE bug 1220580 SUSE bug 1220583 SUSE bug 1220611 SUSE bug 1220615 SUSE bug 1220621 SUSE bug 1220625 SUSE bug 1220630 SUSE bug 1220631 SUSE bug 1220638 SUSE bug 1220639 SUSE bug 1220640 SUSE bug 1220641 SUSE bug 1220662 SUSE bug 1220663 SUSE bug 1220669 SUSE bug 1220670 SUSE bug 1220677 SUSE bug 1220678 SUSE bug 1220685 SUSE bug 1220687 SUSE bug 1220688 SUSE bug 1220692 SUSE bug 1220697 SUSE bug 1220703 SUSE bug 1220706 SUSE bug 1220733 SUSE bug 1220734 SUSE bug 1220739 SUSE bug 1220743 SUSE bug 1220745 SUSE bug 1220749 SUSE bug 1220751 SUSE bug 1220753 SUSE bug 1220758 SUSE bug 1220759 SUSE bug 1220764 SUSE bug 1220768 SUSE bug 1220769 SUSE bug 1220777 SUSE bug 1220779 SUSE bug 1220785 SUSE bug 1220790 SUSE bug 1220794 SUSE bug 1220824 SUSE bug 1220826 SUSE bug 1220829 SUSE bug 1220836 SUSE bug 1220846 SUSE bug 1220850 SUSE bug 1220861 SUSE bug 1220871 SUSE bug 1220883 SUSE bug 1220946 SUSE bug 1220954 SUSE bug 1220969 SUSE bug 1220979 SUSE bug 1220982 SUSE bug 1220985 SUSE bug 1220987 SUSE bug 1221015 SUSE bug 1221044 SUSE bug 1221058 SUSE bug 1221061 SUSE bug 1221077 SUSE bug 1221088 SUSE bug 1221276 SUSE bug 1221293 SUSE bug 1221532 SUSE bug 1221534 SUSE bug 1221541 SUSE bug 1221548 SUSE bug 1221552 SUSE bug 1221575 SUSE bug 1221605 SUSE bug 1221606 SUSE bug 1221608 SUSE bug 1221830 SUSE bug 1221931 SUSE bug 1221932 SUSE bug 1221934 SUSE bug 1221935 SUSE bug 1221949 SUSE bug 1221952 SUSE bug 1221965 SUSE bug 1221966 SUSE bug 1221969 SUSE bug 1221973 SUSE bug 1221974 SUSE bug 1221978 SUSE bug 1221989 SUSE bug 1221990 SUSE bug 1221991 SUSE bug 1221992 SUSE bug 1221993 SUSE bug 1221994 SUSE bug 1221996 SUSE bug 1221997 SUSE bug 1221998 SUSE bug 1221999 SUSE bug 1222000 SUSE bug 1222001 SUSE bug 1222002 SUSE bug 1222003 SUSE bug 1222004 SUSE bug 1222117 SUSE bug 1222422 SUSE bug 1222585 SUSE bug 1222619 SUSE bug 1222660 SUSE bug 1222664 SUSE bug 1222669 SUSE bug 1222706 CVE-2020-36780 at SUSE CVE-2020-36780 at NVD CVE-2020-36781 at SUSE CVE-2020-36781 at NVD CVE-2020-36782 at SUSE CVE-2020-36782 at NVD CVE-2020-36783 at SUSE CVE-2020-36783 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-46908 at SUSE CVE-2021-46908 at NVD CVE-2021-46909 at SUSE CVE-2021-46909 at NVD CVE-2021-46911 at SUSE CVE-2021-46911 at NVD CVE-2021-46914 at SUSE CVE-2021-46914 at NVD CVE-2021-46917 at SUSE CVE-2021-46917 at NVD CVE-2021-46918 at SUSE CVE-2021-46918 at NVD CVE-2021-46919 at SUSE CVE-2021-46919 at NVD CVE-2021-46920 at SUSE CVE-2021-46920 at NVD CVE-2021-46921 at SUSE CVE-2021-46921 at NVD CVE-2021-46922 at SUSE CVE-2021-46922 at NVD CVE-2021-46930 at SUSE CVE-2021-46930 at NVD CVE-2021-46931 at SUSE CVE-2021-46931 at NVD CVE-2021-46933 at SUSE CVE-2021-46933 at NVD CVE-2021-46938 at SUSE CVE-2021-46938 at NVD CVE-2021-46939 at SUSE CVE-2021-46939 at NVD CVE-2021-46943 at SUSE CVE-2021-46943 at NVD CVE-2021-46944 at SUSE CVE-2021-46944 at NVD CVE-2021-46950 at SUSE CVE-2021-46950 at NVD CVE-2021-46951 at SUSE CVE-2021-46951 at NVD CVE-2021-46956 at SUSE CVE-2021-46956 at NVD CVE-2021-46958 at SUSE CVE-2021-46958 at NVD CVE-2021-46959 at SUSE CVE-2021-46959 at NVD CVE-2021-46960 at SUSE CVE-2021-46960 at NVD CVE-2021-46961 at SUSE CVE-2021-46961 at NVD CVE-2021-46962 at SUSE CVE-2021-46962 at NVD CVE-2021-46963 at SUSE CVE-2021-46963 at NVD CVE-2021-46971 at SUSE CVE-2021-46971 at NVD CVE-2021-46976 at SUSE CVE-2021-46976 at NVD CVE-2021-46980 at SUSE CVE-2021-46980 at NVD CVE-2021-46981 at SUSE CVE-2021-46981 at NVD CVE-2021-46983 at SUSE CVE-2021-46983 at NVD CVE-2021-46984 at SUSE CVE-2021-46984 at NVD CVE-2021-46988 at SUSE CVE-2021-46988 at NVD CVE-2021-46990 at SUSE CVE-2021-46990 at NVD CVE-2021-46991 at SUSE CVE-2021-46991 at NVD CVE-2021-46992 at SUSE CVE-2021-46992 at NVD CVE-2021-46998 at SUSE CVE-2021-46998 at NVD CVE-2021-47000 at SUSE CVE-2021-47000 at NVD CVE-2021-47001 at SUSE CVE-2021-47001 at NVD CVE-2021-47003 at SUSE CVE-2021-47003 at NVD CVE-2021-47006 at SUSE CVE-2021-47006 at NVD CVE-2021-47009 at SUSE CVE-2021-47009 at NVD CVE-2021-47013 at SUSE CVE-2021-47013 at NVD CVE-2021-47014 at SUSE CVE-2021-47014 at NVD CVE-2021-47015 at SUSE CVE-2021-47015 at NVD CVE-2021-47017 at SUSE CVE-2021-47017 at NVD CVE-2021-47020 at SUSE CVE-2021-47020 at NVD CVE-2021-47026 at SUSE CVE-2021-47026 at NVD CVE-2021-47034 at SUSE CVE-2021-47034 at NVD CVE-2021-47035 at SUSE CVE-2021-47035 at NVD CVE-2021-47038 at SUSE CVE-2021-47038 at NVD CVE-2021-47044 at SUSE CVE-2021-47044 at NVD CVE-2021-47045 at SUSE CVE-2021-47045 at NVD CVE-2021-47046 at SUSE CVE-2021-47046 at NVD CVE-2021-47049 at SUSE CVE-2021-47049 at NVD CVE-2021-47051 at SUSE CVE-2021-47051 at NVD CVE-2021-47055 at SUSE CVE-2021-47055 at NVD CVE-2021-47056 at SUSE CVE-2021-47056 at NVD CVE-2021-47058 at SUSE CVE-2021-47058 at NVD CVE-2021-47061 at SUSE CVE-2021-47061 at NVD CVE-2021-47063 at SUSE CVE-2021-47063 at NVD CVE-2021-47065 at SUSE CVE-2021-47065 at NVD CVE-2021-47068 at SUSE CVE-2021-47068 at NVD CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2021-47070 at SUSE CVE-2021-47070 at NVD CVE-2021-47071 at SUSE CVE-2021-47071 at NVD CVE-2021-47073 at SUSE CVE-2021-47073 at NVD CVE-2021-47077 at SUSE CVE-2021-47077 at NVD CVE-2021-47082 at SUSE CVE-2021-47082 at NVD CVE-2021-47087 at SUSE CVE-2021-47087 at NVD CVE-2021-47095 at SUSE CVE-2021-47095 at NVD CVE-2021-47097 at SUSE CVE-2021-47097 at NVD CVE-2021-47100 at SUSE CVE-2021-47100 at NVD CVE-2021-47101 at SUSE CVE-2021-47101 at NVD CVE-2021-47109 at SUSE CVE-2021-47109 at NVD CVE-2021-47110 at SUSE CVE-2021-47110 at NVD CVE-2021-47112 at SUSE CVE-2021-47112 at NVD CVE-2021-47114 at SUSE CVE-2021-47114 at NVD CVE-2021-47117 at SUSE CVE-2021-47117 at NVD CVE-2021-47118 at SUSE CVE-2021-47118 at NVD CVE-2021-47119 at SUSE CVE-2021-47119 at NVD CVE-2021-47120 at SUSE CVE-2021-47120 at NVD CVE-2021-47130 at SUSE CVE-2021-47130 at NVD CVE-2021-47136 at SUSE CVE-2021-47136 at NVD CVE-2021-47137 at SUSE CVE-2021-47137 at NVD CVE-2021-47138 at SUSE CVE-2021-47138 at NVD CVE-2021-47139 at SUSE CVE-2021-47139 at NVD CVE-2021-47141 at SUSE CVE-2021-47141 at NVD CVE-2021-47142 at SUSE CVE-2021-47142 at NVD CVE-2021-47144 at SUSE CVE-2021-47144 at NVD CVE-2021-47150 at SUSE CVE-2021-47150 at NVD CVE-2021-47153 at SUSE CVE-2021-47153 at NVD CVE-2021-47160 at SUSE CVE-2021-47160 at NVD CVE-2021-47161 at SUSE CVE-2021-47161 at NVD CVE-2021-47164 at SUSE CVE-2021-47164 at NVD CVE-2021-47165 at SUSE CVE-2021-47165 at NVD CVE-2021-47166 at SUSE CVE-2021-47166 at NVD CVE-2021-47167 at SUSE CVE-2021-47167 at NVD CVE-2021-47168 at SUSE CVE-2021-47168 at NVD CVE-2021-47169 at SUSE CVE-2021-47169 at NVD CVE-2021-47170 at SUSE CVE-2021-47170 at NVD CVE-2021-47171 at SUSE CVE-2021-47171 at NVD CVE-2021-47172 at SUSE CVE-2021-47172 at NVD CVE-2021-47173 at SUSE CVE-2021-47173 at NVD CVE-2021-47174 at SUSE CVE-2021-47174 at NVD CVE-2021-47175 at SUSE CVE-2021-47175 at NVD CVE-2021-47176 at SUSE CVE-2021-47176 at NVD CVE-2021-47177 at SUSE CVE-2021-47177 at NVD CVE-2021-47179 at SUSE CVE-2021-47179 at NVD CVE-2021-47180 at SUSE CVE-2021-47180 at NVD CVE-2021-47181 at SUSE CVE-2021-47181 at NVD CVE-2021-47183 at SUSE CVE-2021-47183 at NVD CVE-2021-47185 at SUSE CVE-2021-47185 at NVD CVE-2021-47189 at SUSE CVE-2021-47189 at NVD CVE-2022-0487 at SUSE CVE-2022-0487 at NVD CVE-2022-4744 at SUSE CVE-2022-4744 at NVD CVE-2022-48626 at SUSE CVE-2022-48626 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1192 at SUSE CVE-2023-1192 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-35827 at SUSE CVE-2023-35827 at NVD CVE-2023-52454 at SUSE CVE-2023-52454 at NVD CVE-2023-52469 at SUSE CVE-2023-52469 at NVD CVE-2023-52470 at SUSE CVE-2023-52470 at NVD CVE-2023-52474 at SUSE CVE-2023-52474 at NVD CVE-2023-52476 at SUSE CVE-2023-52476 at NVD CVE-2023-52477 at SUSE CVE-2023-52477 at NVD CVE-2023-52492 at SUSE CVE-2023-52492 at NVD CVE-2023-52500 at SUSE CVE-2023-52500 at NVD CVE-2023-52508 at SUSE CVE-2023-52508 at NVD CVE-2023-52509 at SUSE CVE-2023-52509 at NVD CVE-2023-52572 at SUSE CVE-2023-52572 at NVD CVE-2023-52575 at SUSE CVE-2023-52575 at NVD CVE-2023-52583 at SUSE CVE-2023-52583 at NVD CVE-2023-52590 at SUSE CVE-2023-52590 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52607 at SUSE CVE-2023-52607 at NVD CVE-2023-52628 at SUSE CVE-2023-52628 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2023-6356 at SUSE CVE-2023-6356 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2023-6535 at SUSE CVE-2023-6535 at NVD CVE-2023-6536 at SUSE CVE-2023-6536 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2023-7192 at SUSE CVE-2023-7192 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-26600 at SUSE CVE-2024-26600 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). - io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709). Important SUSE bug 1179610 SUSE bug 1215237 SUSE bug 1215375 SUSE bug 1217250 SUSE bug 1217709 SUSE bug 1217946 SUSE bug 1217947 SUSE bug 1218105 SUSE bug 1218253 SUSE bug 1218258 SUSE bug 1218559 CVE-2020-26555 at SUSE CVE-2020-26555 at NVD CVE-2023-51779 at SUSE CVE-2023-51779 at NVD CVE-2023-6121 at SUSE CVE-2023-6121 at NVD CVE-2023-6606 at SUSE CVE-2023-6606 at NVD CVE-2023-6610 at SUSE CVE-2023-6610 at NVD CVE-2023-6931 at SUSE CVE-2023-6931 at NVD CVE-2023-6932 at SUSE CVE-2023-6932 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) Important SUSE bug 1222849 CVE-2024-32487 at SUSE CVE-2024-32487 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302) Moderate SUSE bug 1221984 SUSE bug 1222302 SUSE bug 1222453 CVE-2023-46842 at SUSE CVE-2023-46842 at NVD CVE-2024-2201 at SUSE CVE-2024-2201 at NVD CVE-2024-31142 at SUSE CVE-2024-31142 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) Important SUSE bug 1223100 CVE-2023-3758 at SUSE CVE-2023-3758 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2023-38472: Fix reachable assertion in avahi_rdata_parse() (bsc#1216853). Moderate SUSE bug 1216853 CVE-2023-38472 at SUSE CVE-2023-38472 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). Moderate SUSE bug 1222548 CVE-2024-2511 at SUSE CVE-2024-2511 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). Important SUSE bug 1190576 SUSE bug 1192145 SUSE bug 1200313 SUSE bug 1201489 SUSE bug 1203906 SUSE bug 1203935 SUSE bug 1204614 SUSE bug 1211592 SUSE bug 1218562 SUSE bug 1218917 SUSE bug 1219169 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220513 SUSE bug 1220755 SUSE bug 1220854 SUSE bug 1221113 SUSE bug 1221299 SUSE bug 1221543 SUSE bug 1221545 SUSE bug 1222449 SUSE bug 1222482 SUSE bug 1222503 SUSE bug 1222559 SUSE bug 1222585 SUSE bug 1222624 SUSE bug 1222666 SUSE bug 1222669 SUSE bug 1222709 SUSE bug 1222790 SUSE bug 1222792 SUSE bug 1222829 SUSE bug 1222876 SUSE bug 1222878 SUSE bug 1222881 SUSE bug 1222883 SUSE bug 1222894 SUSE bug 1222976 SUSE bug 1223016 SUSE bug 1223057 SUSE bug 1223111 SUSE bug 1223187 SUSE bug 1223202 SUSE bug 1223475 SUSE bug 1223482 SUSE bug 1223509 SUSE bug 1223513 SUSE bug 1223522 SUSE bug 1223824 SUSE bug 1223921 SUSE bug 1223923 SUSE bug 1223931 SUSE bug 1223941 SUSE bug 1223948 SUSE bug 1223952 SUSE bug 1223963 CVE-2021-46955 at SUSE CVE-2021-46955 at NVD CVE-2021-47041 at SUSE CVE-2021-47041 at NVD CVE-2021-47074 at SUSE CVE-2021-47074 at NVD CVE-2021-47113 at SUSE CVE-2021-47113 at NVD CVE-2021-47131 at SUSE CVE-2021-47131 at NVD CVE-2021-47184 at SUSE CVE-2021-47184 at NVD CVE-2021-47185 at SUSE CVE-2021-47185 at NVD CVE-2021-47194 at SUSE CVE-2021-47194 at NVD CVE-2021-47198 at SUSE CVE-2021-47198 at NVD CVE-2021-47201 at SUSE CVE-2021-47201 at NVD CVE-2021-47202 at SUSE CVE-2021-47202 at NVD CVE-2021-47203 at SUSE CVE-2021-47203 at NVD CVE-2021-47206 at SUSE CVE-2021-47206 at NVD CVE-2021-47207 at SUSE CVE-2021-47207 at NVD CVE-2021-47212 at SUSE CVE-2021-47212 at NVD CVE-2021-47216 at SUSE CVE-2021-47216 at NVD CVE-2022-48631 at SUSE CVE-2022-48631 at NVD CVE-2022-48638 at SUSE CVE-2022-48638 at NVD CVE-2022-48650 at SUSE CVE-2022-48650 at NVD CVE-2022-48651 at SUSE CVE-2022-48651 at NVD CVE-2022-48654 at SUSE CVE-2022-48654 at NVD CVE-2022-48672 at SUSE CVE-2022-48672 at NVD CVE-2022-48686 at SUSE CVE-2022-48686 at NVD CVE-2022-48687 at SUSE CVE-2022-48687 at NVD CVE-2022-48693 at SUSE CVE-2022-48693 at NVD CVE-2022-48695 at SUSE CVE-2022-48695 at NVD CVE-2022-48701 at SUSE CVE-2022-48701 at NVD CVE-2022-48702 at SUSE CVE-2022-48702 at NVD CVE-2023-2860 at SUSE CVE-2023-2860 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-0841 at SUSE CVE-2024-0841 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-23307 at SUSE CVE-2024-23307 at NVD CVE-2024-26610 at SUSE CVE-2024-26610 at NVD CVE-2024-26688 at SUSE CVE-2024-26688 at NVD CVE-2024-26689 at SUSE CVE-2024-26689 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26744 at SUSE CVE-2024-26744 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26840 at SUSE CVE-2024-26840 at NVD CVE-2024-26852 at SUSE CVE-2024-26852 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26898 at SUSE CVE-2024-26898 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). Important SUSE bug 1190576 SUSE bug 1192145 SUSE bug 1200313 SUSE bug 1201489 SUSE bug 1203906 SUSE bug 1203935 SUSE bug 1204614 SUSE bug 1211592 SUSE bug 1218562 SUSE bug 1218917 SUSE bug 1219169 SUSE bug 1219170 SUSE bug 1219264 SUSE bug 1220513 SUSE bug 1220755 SUSE bug 1220854 SUSE bug 1221113 SUSE bug 1221299 SUSE bug 1221543 SUSE bug 1221545 SUSE bug 1222449 SUSE bug 1222482 SUSE bug 1222503 SUSE bug 1222559 SUSE bug 1222624 SUSE bug 1222666 SUSE bug 1222709 SUSE bug 1222790 SUSE bug 1222792 SUSE bug 1222829 SUSE bug 1222876 SUSE bug 1222881 SUSE bug 1222883 SUSE bug 1222894 SUSE bug 1222976 SUSE bug 1223016 SUSE bug 1223057 SUSE bug 1223111 SUSE bug 1223187 SUSE bug 1223202 SUSE bug 1223475 SUSE bug 1223482 SUSE bug 1223509 SUSE bug 1223513 SUSE bug 1223522 SUSE bug 1223824 SUSE bug 1223921 SUSE bug 1223923 SUSE bug 1223931 SUSE bug 1223941 SUSE bug 1223948 SUSE bug 1223952 SUSE bug 1223963 CVE-2021-46955 at SUSE CVE-2021-46955 at NVD CVE-2021-47041 at SUSE CVE-2021-47041 at NVD CVE-2021-47074 at SUSE CVE-2021-47074 at NVD CVE-2021-47113 at SUSE CVE-2021-47113 at NVD CVE-2021-47131 at SUSE CVE-2021-47131 at NVD CVE-2021-47184 at SUSE CVE-2021-47184 at NVD CVE-2021-47194 at SUSE CVE-2021-47194 at NVD CVE-2021-47198 at SUSE CVE-2021-47198 at NVD CVE-2021-47201 at SUSE CVE-2021-47201 at NVD CVE-2021-47203 at SUSE CVE-2021-47203 at NVD CVE-2021-47206 at SUSE CVE-2021-47206 at NVD CVE-2021-47207 at SUSE CVE-2021-47207 at NVD CVE-2021-47212 at SUSE CVE-2021-47212 at NVD CVE-2021-47216 at SUSE CVE-2021-47216 at NVD CVE-2022-48631 at SUSE CVE-2022-48631 at NVD CVE-2022-48638 at SUSE CVE-2022-48638 at NVD CVE-2022-48650 at SUSE CVE-2022-48650 at NVD CVE-2022-48651 at SUSE CVE-2022-48651 at NVD CVE-2022-48654 at SUSE CVE-2022-48654 at NVD CVE-2022-48672 at SUSE CVE-2022-48672 at NVD CVE-2022-48686 at SUSE CVE-2022-48686 at NVD CVE-2022-48687 at SUSE CVE-2022-48687 at NVD CVE-2022-48693 at SUSE CVE-2022-48693 at NVD CVE-2022-48695 at SUSE CVE-2022-48695 at NVD CVE-2022-48701 at SUSE CVE-2022-48701 at NVD CVE-2022-48702 at SUSE CVE-2022-48702 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-23307 at SUSE CVE-2024-23307 at NVD CVE-2024-26610 at SUSE CVE-2024-26610 at NVD CVE-2024-26688 at SUSE CVE-2024-26688 at NVD CVE-2024-26689 at SUSE CVE-2024-26689 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26744 at SUSE CVE-2024-26744 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26840 at SUSE CVE-2024-26840 at NVD CVE-2024-26852 at SUSE CVE-2024-26852 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26898 at SUSE CVE-2024-26898 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) Important SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1213638 CVE-2018-6798 at SUSE CVE-2018-6798 at NVD CVE-2018-6913 at SUSE CVE-2018-6913 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed a potential security vulnerability in some Intel? Processors that may have allowed information disclosure. - CVE-2023-46103: Fixed a potential security vulnerability in Intel? Core™ Ultra Processors that may have allowed denial of service. - CVE-2023-45745,CVE-2023-47855: Fixed a potential security vulnerabilities in some Intel? Trust Domain Extensions (TDX) module software that may have allowed escalation of privilege. Important SUSE bug 1224277 CVE-2023-45733 at SUSE CVE-2023-45733 at NVD CVE-2023-45745 at SUSE CVE-2023-45745 at NVD CVE-2023-46103 at SUSE CVE-2023-46103 at NVD CVE-2023-47855 at SUSE CVE-2023-47855 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for opensc fixes the following issues: - CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386) Moderate SUSE bug 1219386 CVE-2023-5992 at SUSE CVE-2023-5992 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gdk-pixbuf fixes the following issues: - CVE-2022-48622: Fixed files rejection with multiple anih chunks (bsc#1219276). Important SUSE bug 1219276 CVE-2022-48622 at SUSE CVE-2022-48622 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) Moderate SUSE bug 1218722 SUSE bug 1223980 CVE-2024-22195 at SUSE CVE-2024-22195 at NVD CVE-2024-34064 at SUSE CVE-2024-34064 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). Moderate SUSE bug 1224788 CVE-2024-35195 at SUSE CVE-2024-35195 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) Important SUSE bug 1224806 CVE-2024-4453 at SUSE CVE-2024-4453 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) Important SUSE bug 1221940 SUSE bug 1223423 SUSE bug 1223424 SUSE bug 1223425 CVE-2024-33599 at SUSE CVE-2024-33599 at NVD CVE-2024-33600 at SUSE CVE-2024-33600 at NVD CVE-2024-33601 at SUSE CVE-2024-33601 at NVD CVE-2024-33602 at SUSE CVE-2024-33602 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) Important SUSE bug 1223179 SUSE bug 1225365 CVE-2024-35235 at SUSE CVE-2024-35235 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273) Moderate SUSE bug 1219273 CVE-2023-27534 at SUSE CVE-2023-27534 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1152472 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1174585 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176869 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1184631 SUSE bug 1185589 SUSE bug 1185902 SUSE bug 1186885 SUSE bug 1188616 SUSE bug 1188772 SUSE bug 1189883 SUSE bug 1190795 SUSE bug 1191452 SUSE bug 1192107 SUSE bug 1194288 SUSE bug 1194591 SUSE bug 1196956 SUSE bug 1197760 SUSE bug 1198029 SUSE bug 1199304 SUSE bug 1200619 SUSE bug 1203389 SUSE bug 1206646 SUSE bug 1209657 SUSE bug 1210335 SUSE bug 1210629 SUSE bug 1213476 SUSE bug 1215420 SUSE bug 1216702 SUSE bug 1217169 SUSE bug 1220137 SUSE bug 1220144 SUSE bug 1220754 SUSE bug 1220877 SUSE bug 1220960 SUSE bug 1221044 SUSE bug 1221113 SUSE bug 1221829 SUSE bug 1222251 SUSE bug 1222619 SUSE bug 1222838 SUSE bug 1222867 SUSE bug 1223084 SUSE bug 1223138 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223512 SUSE bug 1223626 SUSE bug 1223715 SUSE bug 1223932 SUSE bug 1223934 SUSE bug 1224099 SUSE bug 1224174 SUSE bug 1224438 SUSE bug 1224482 SUSE bug 1224511 SUSE bug 1224592 SUSE bug 1224816 SUSE bug 1224826 SUSE bug 1224830 SUSE bug 1224831 SUSE bug 1224832 SUSE bug 1224834 SUSE bug 1224841 SUSE bug 1224842 SUSE bug 1224843 SUSE bug 1224844 SUSE bug 1224846 SUSE bug 1224849 SUSE bug 1224852 SUSE bug 1224853 SUSE bug 1224854 SUSE bug 1224859 SUSE bug 1224882 SUSE bug 1224886 SUSE bug 1224888 SUSE bug 1224889 SUSE bug 1224891 SUSE bug 1224892 SUSE bug 1224893 SUSE bug 1224899 SUSE bug 1224904 SUSE bug 1224907 SUSE bug 1224909 SUSE bug 1224916 SUSE bug 1224917 SUSE bug 1224922 SUSE bug 1224923 SUSE bug 1224924 SUSE bug 1224926 SUSE bug 1224928 SUSE bug 1224953 SUSE bug 1224954 SUSE bug 1224955 SUSE bug 1224957 SUSE bug 1224961 SUSE bug 1224963 SUSE bug 1224965 SUSE bug 1224966 SUSE bug 1224968 SUSE bug 1224981 SUSE bug 1224982 SUSE bug 1224983 SUSE bug 1224984 SUSE bug 1224987 SUSE bug 1224990 SUSE bug 1224993 SUSE bug 1224996 SUSE bug 1224997 SUSE bug 1225026 SUSE bug 1225030 SUSE bug 1225058 SUSE bug 1225060 SUSE bug 1225083 SUSE bug 1225084 SUSE bug 1225091 SUSE bug 1225112 SUSE bug 1225113 SUSE bug 1225128 SUSE bug 1225140 SUSE bug 1225143 SUSE bug 1225148 SUSE bug 1225155 SUSE bug 1225164 SUSE bug 1225177 SUSE bug 1225178 SUSE bug 1225181 SUSE bug 1225192 SUSE bug 1225193 SUSE bug 1225198 SUSE bug 1225201 SUSE bug 1225206 SUSE bug 1225207 SUSE bug 1225208 SUSE bug 1225214 SUSE bug 1225223 SUSE bug 1225224 SUSE bug 1225230 SUSE bug 1225232 SUSE bug 1225233 SUSE bug 1225237 SUSE bug 1225238 SUSE bug 1225243 SUSE bug 1225244 SUSE bug 1225247 SUSE bug 1225251 SUSE bug 1225252 SUSE bug 1225256 SUSE bug 1225261 SUSE bug 1225262 SUSE bug 1225263 SUSE bug 1225301 SUSE bug 1225303 SUSE bug 1225316 SUSE bug 1225318 SUSE bug 1225320 SUSE bug 1225321 SUSE bug 1225322 SUSE bug 1225326 SUSE bug 1225327 SUSE bug 1225328 SUSE bug 1225330 SUSE bug 1225333 SUSE bug 1225336 SUSE bug 1225341 SUSE bug 1225346 SUSE bug 1225351 SUSE bug 1225354 SUSE bug 1225355 SUSE bug 1225357 SUSE bug 1225358 SUSE bug 1225360 SUSE bug 1225361 SUSE bug 1225366 SUSE bug 1225367 SUSE bug 1225369 SUSE bug 1225370 SUSE bug 1225372 SUSE bug 1225374 SUSE bug 1225384 SUSE bug 1225386 SUSE bug 1225387 SUSE bug 1225390 SUSE bug 1225393 SUSE bug 1225400 SUSE bug 1225404 SUSE bug 1225405 SUSE bug 1225409 SUSE bug 1225411 SUSE bug 1225424 SUSE bug 1225427 SUSE bug 1225435 SUSE bug 1225437 SUSE bug 1225438 SUSE bug 1225439 SUSE bug 1225446 SUSE bug 1225447 SUSE bug 1225448 SUSE bug 1225450 SUSE bug 1225453 SUSE bug 1225455 SUSE bug 1225468 SUSE bug 1225499 SUSE bug 1225500 SUSE bug 1225508 SUSE bug 1225534 CVE-2020-36788 at SUSE CVE-2020-36788 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD CVE-2021-43527 at SUSE CVE-2021-43527 at NVD CVE-2021-47104 at SUSE CVE-2021-47104 at NVD CVE-2021-47192 at SUSE CVE-2021-47192 at NVD CVE-2021-47200 at SUSE CVE-2021-47200 at NVD CVE-2021-47220 at SUSE CVE-2021-47220 at NVD CVE-2021-47227 at SUSE CVE-2021-47227 at NVD CVE-2021-47228 at SUSE CVE-2021-47228 at NVD CVE-2021-47229 at SUSE CVE-2021-47229 at NVD CVE-2021-47230 at SUSE CVE-2021-47230 at NVD CVE-2021-47231 at SUSE CVE-2021-47231 at NVD CVE-2021-47235 at SUSE CVE-2021-47235 at NVD CVE-2021-47236 at SUSE CVE-2021-47236 at NVD CVE-2021-47237 at SUSE CVE-2021-47237 at NVD CVE-2021-47239 at SUSE CVE-2021-47239 at NVD CVE-2021-47240 at SUSE CVE-2021-47240 at NVD CVE-2021-47241 at SUSE CVE-2021-47241 at NVD CVE-2021-47246 at SUSE CVE-2021-47246 at NVD CVE-2021-47252 at SUSE CVE-2021-47252 at NVD CVE-2021-47253 at SUSE CVE-2021-47253 at NVD CVE-2021-47254 at SUSE CVE-2021-47254 at NVD CVE-2021-47255 at SUSE CVE-2021-47255 at NVD CVE-2021-47258 at SUSE CVE-2021-47258 at NVD CVE-2021-47259 at SUSE CVE-2021-47259 at NVD CVE-2021-47260 at SUSE CVE-2021-47260 at NVD CVE-2021-47261 at SUSE CVE-2021-47261 at NVD CVE-2021-47263 at SUSE CVE-2021-47263 at NVD CVE-2021-47265 at SUSE CVE-2021-47265 at NVD CVE-2021-47267 at SUSE CVE-2021-47267 at NVD CVE-2021-47269 at SUSE CVE-2021-47269 at NVD CVE-2021-47270 at SUSE CVE-2021-47270 at NVD CVE-2021-47274 at SUSE CVE-2021-47274 at NVD CVE-2021-47275 at SUSE CVE-2021-47275 at NVD CVE-2021-47276 at SUSE CVE-2021-47276 at NVD CVE-2021-47280 at SUSE CVE-2021-47280 at NVD CVE-2021-47281 at SUSE CVE-2021-47281 at NVD CVE-2021-47284 at SUSE CVE-2021-47284 at NVD CVE-2021-47285 at SUSE CVE-2021-47285 at NVD CVE-2021-47288 at SUSE CVE-2021-47288 at NVD CVE-2021-47289 at SUSE CVE-2021-47289 at NVD CVE-2021-47296 at SUSE CVE-2021-47296 at NVD CVE-2021-47301 at SUSE CVE-2021-47301 at NVD CVE-2021-47302 at SUSE CVE-2021-47302 at NVD CVE-2021-47305 at SUSE CVE-2021-47305 at NVD CVE-2021-47307 at SUSE CVE-2021-47307 at NVD CVE-2021-47308 at SUSE CVE-2021-47308 at NVD CVE-2021-47314 at SUSE CVE-2021-47314 at NVD CVE-2021-47315 at SUSE CVE-2021-47315 at NVD CVE-2021-47320 at SUSE CVE-2021-47320 at NVD CVE-2021-47321 at SUSE CVE-2021-47321 at NVD CVE-2021-47323 at SUSE CVE-2021-47323 at NVD CVE-2021-47324 at SUSE CVE-2021-47324 at NVD CVE-2021-47329 at SUSE CVE-2021-47329 at NVD CVE-2021-47330 at SUSE CVE-2021-47330 at NVD CVE-2021-47332 at SUSE CVE-2021-47332 at NVD CVE-2021-47333 at SUSE CVE-2021-47333 at NVD CVE-2021-47334 at SUSE CVE-2021-47334 at NVD CVE-2021-47337 at SUSE CVE-2021-47337 at NVD CVE-2021-47338 at SUSE CVE-2021-47338 at NVD CVE-2021-47340 at SUSE CVE-2021-47340 at NVD CVE-2021-47341 at SUSE CVE-2021-47341 at NVD CVE-2021-47343 at SUSE CVE-2021-47343 at NVD CVE-2021-47344 at SUSE CVE-2021-47344 at NVD CVE-2021-47347 at SUSE CVE-2021-47347 at NVD CVE-2021-47348 at SUSE CVE-2021-47348 at NVD CVE-2021-47350 at SUSE CVE-2021-47350 at NVD CVE-2021-47353 at SUSE CVE-2021-47353 at NVD CVE-2021-47354 at SUSE CVE-2021-47354 at NVD CVE-2021-47356 at SUSE CVE-2021-47356 at NVD CVE-2021-47369 at SUSE CVE-2021-47369 at NVD CVE-2021-47375 at SUSE CVE-2021-47375 at NVD CVE-2021-47378 at SUSE CVE-2021-47378 at NVD CVE-2021-47381 at SUSE CVE-2021-47381 at NVD CVE-2021-47382 at SUSE CVE-2021-47382 at NVD CVE-2021-47383 at SUSE CVE-2021-47383 at NVD CVE-2021-47387 at SUSE CVE-2021-47387 at NVD CVE-2021-47388 at SUSE CVE-2021-47388 at NVD CVE-2021-47391 at SUSE CVE-2021-47391 at NVD CVE-2021-47392 at SUSE CVE-2021-47392 at NVD CVE-2021-47393 at SUSE CVE-2021-47393 at NVD CVE-2021-47395 at SUSE CVE-2021-47395 at NVD CVE-2021-47396 at SUSE CVE-2021-47396 at NVD CVE-2021-47399 at SUSE CVE-2021-47399 at NVD CVE-2021-47402 at SUSE CVE-2021-47402 at NVD CVE-2021-47404 at SUSE CVE-2021-47404 at NVD CVE-2021-47405 at SUSE CVE-2021-47405 at NVD CVE-2021-47409 at SUSE CVE-2021-47409 at NVD CVE-2021-47413 at SUSE CVE-2021-47413 at NVD CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2021-47422 at SUSE CVE-2021-47422 at NVD CVE-2021-47423 at SUSE CVE-2021-47423 at NVD CVE-2021-47424 at SUSE CVE-2021-47424 at NVD CVE-2021-47425 at SUSE CVE-2021-47425 at NVD CVE-2021-47426 at SUSE CVE-2021-47426 at NVD CVE-2021-47428 at SUSE CVE-2021-47428 at NVD CVE-2021-47431 at SUSE CVE-2021-47431 at NVD CVE-2021-47434 at SUSE CVE-2021-47434 at NVD CVE-2021-47435 at SUSE CVE-2021-47435 at NVD CVE-2021-47436 at SUSE CVE-2021-47436 at NVD CVE-2021-47441 at SUSE CVE-2021-47441 at NVD CVE-2021-47442 at SUSE CVE-2021-47442 at NVD CVE-2021-47443 at SUSE CVE-2021-47443 at NVD CVE-2021-47444 at SUSE CVE-2021-47444 at NVD CVE-2021-47445 at SUSE CVE-2021-47445 at NVD CVE-2021-47451 at SUSE CVE-2021-47451 at NVD CVE-2021-47456 at SUSE CVE-2021-47456 at NVD CVE-2021-47458 at SUSE CVE-2021-47458 at NVD CVE-2021-47460 at SUSE CVE-2021-47460 at NVD CVE-2021-47464 at SUSE CVE-2021-47464 at NVD CVE-2021-47465 at SUSE CVE-2021-47465 at NVD CVE-2021-47468 at SUSE CVE-2021-47468 at NVD CVE-2021-47473 at SUSE CVE-2021-47473 at NVD CVE-2021-47478 at SUSE CVE-2021-47478 at NVD CVE-2021-47480 at SUSE CVE-2021-47480 at NVD CVE-2021-47482 at SUSE CVE-2021-47482 at NVD CVE-2021-47483 at SUSE CVE-2021-47483 at NVD CVE-2021-47485 at SUSE CVE-2021-47485 at NVD CVE-2021-47493 at SUSE CVE-2021-47493 at NVD CVE-2021-47494 at SUSE CVE-2021-47494 at NVD CVE-2021-47495 at SUSE CVE-2021-47495 at NVD CVE-2021-47496 at SUSE CVE-2021-47496 at NVD CVE-2021-47497 at SUSE CVE-2021-47497 at NVD CVE-2021-47498 at SUSE CVE-2021-47498 at NVD CVE-2021-47499 at SUSE CVE-2021-47499 at NVD CVE-2021-47500 at SUSE CVE-2021-47500 at NVD CVE-2021-47501 at SUSE CVE-2021-47501 at NVD CVE-2021-47502 at SUSE CVE-2021-47502 at NVD CVE-2021-47503 at SUSE CVE-2021-47503 at NVD CVE-2021-47505 at SUSE CVE-2021-47505 at NVD CVE-2021-47506 at SUSE CVE-2021-47506 at NVD CVE-2021-47507 at SUSE CVE-2021-47507 at NVD CVE-2021-47509 at SUSE CVE-2021-47509 at NVD CVE-2021-47511 at SUSE CVE-2021-47511 at NVD CVE-2021-47512 at SUSE CVE-2021-47512 at NVD CVE-2021-47516 at SUSE CVE-2021-47516 at NVD CVE-2021-47518 at SUSE CVE-2021-47518 at NVD CVE-2021-47521 at SUSE CVE-2021-47521 at NVD CVE-2021-47522 at SUSE CVE-2021-47522 at NVD CVE-2021-47523 at SUSE CVE-2021-47523 at NVD CVE-2021-47535 at SUSE CVE-2021-47535 at NVD CVE-2021-47536 at SUSE CVE-2021-47536 at NVD CVE-2021-47538 at SUSE CVE-2021-47538 at NVD CVE-2021-47540 at SUSE CVE-2021-47540 at NVD CVE-2021-47541 at SUSE CVE-2021-47541 at NVD CVE-2021-47542 at SUSE CVE-2021-47542 at NVD CVE-2021-47549 at SUSE CVE-2021-47549 at NVD CVE-2021-47557 at SUSE CVE-2021-47557 at NVD CVE-2021-47562 at SUSE CVE-2021-47562 at NVD CVE-2021-47563 at SUSE CVE-2021-47563 at NVD CVE-2021-47565 at SUSE CVE-2021-47565 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-48636 at SUSE CVE-2022-48636 at NVD CVE-2022-48673 at SUSE CVE-2022-48673 at NVD CVE-2022-48704 at SUSE CVE-2022-48704 at NVD CVE-2022-48710 at SUSE CVE-2022-48710 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1829 at SUSE CVE-2023-1829 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52433 at SUSE CVE-2023-52433 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-52655 at SUSE CVE-2023-52655 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2024-26581 at SUSE CVE-2024-26581 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26828 at SUSE CVE-2024-26828 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26929 at SUSE CVE-2024-26929 at NVD CVE-2024-26930 at SUSE CVE-2024-26930 at NVD CVE-2024-27398 at SUSE CVE-2024-27398 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233) Moderate SUSE bug 1212233 CVE-2023-3164 at SUSE CVE-2023-3164 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Important SUSE bug 1225551 CVE-2024-4741 at SUSE CVE-2024-4741 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122) - CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136) Important SUSE bug 1224122 SUSE bug 1226136 CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). Important SUSE bug 1221400 SUSE bug 1224323 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). Important SUSE bug 1065729 SUSE bug 1151927 SUSE bug 1152472 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1174585 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1176869 SUSE bug 1178134 SUSE bug 1181147 SUSE bug 1184631 SUSE bug 1185570 SUSE bug 1185589 SUSE bug 1185902 SUSE bug 1186885 SUSE bug 1187357 SUSE bug 1188616 SUSE bug 1188772 SUSE bug 1189883 SUSE bug 1190795 SUSE bug 1191452 SUSE bug 1192107 SUSE bug 1194288 SUSE bug 1194591 SUSE bug 1196956 SUSE bug 1197760 SUSE bug 1198029 SUSE bug 1199304 SUSE bug 1200619 SUSE bug 1203389 SUSE bug 1206646 SUSE bug 1209657 SUSE bug 1210335 SUSE bug 1210629 SUSE bug 1213476 SUSE bug 1215420 SUSE bug 1216702 SUSE bug 1217169 SUSE bug 1220137 SUSE bug 1220144 SUSE bug 1220754 SUSE bug 1220877 SUSE bug 1220960 SUSE bug 1221044 SUSE bug 1221113 SUSE bug 1221829 SUSE bug 1222251 SUSE bug 1222619 SUSE bug 1222838 SUSE bug 1222867 SUSE bug 1223084 SUSE bug 1223138 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223512 SUSE bug 1223932 SUSE bug 1223934 SUSE bug 1224099 SUSE bug 1224174 SUSE bug 1224438 SUSE bug 1224482 SUSE bug 1224511 SUSE bug 1224592 SUSE bug 1224816 SUSE bug 1224826 SUSE bug 1224830 SUSE bug 1224831 SUSE bug 1224832 SUSE bug 1224834 SUSE bug 1224841 SUSE bug 1224842 SUSE bug 1224843 SUSE bug 1224844 SUSE bug 1224846 SUSE bug 1224849 SUSE bug 1224852 SUSE bug 1224853 SUSE bug 1224854 SUSE bug 1224859 SUSE bug 1224882 SUSE bug 1224886 SUSE bug 1224888 SUSE bug 1224889 SUSE bug 1224891 SUSE bug 1224892 SUSE bug 1224893 SUSE bug 1224899 SUSE bug 1224904 SUSE bug 1224907 SUSE bug 1224909 SUSE bug 1224916 SUSE bug 1224917 SUSE bug 1224922 SUSE bug 1224923 SUSE bug 1224924 SUSE bug 1224926 SUSE bug 1224928 SUSE bug 1224953 SUSE bug 1224954 SUSE bug 1224955 SUSE bug 1224957 SUSE bug 1224961 SUSE bug 1224963 SUSE bug 1224965 SUSE bug 1224966 SUSE bug 1224968 SUSE bug 1224981 SUSE bug 1224982 SUSE bug 1224983 SUSE bug 1224984 SUSE bug 1224987 SUSE bug 1224990 SUSE bug 1224993 SUSE bug 1224996 SUSE bug 1224997 SUSE bug 1225026 SUSE bug 1225030 SUSE bug 1225058 SUSE bug 1225060 SUSE bug 1225083 SUSE bug 1225084 SUSE bug 1225091 SUSE bug 1225112 SUSE bug 1225113 SUSE bug 1225128 SUSE bug 1225140 SUSE bug 1225143 SUSE bug 1225148 SUSE bug 1225155 SUSE bug 1225164 SUSE bug 1225177 SUSE bug 1225178 SUSE bug 1225181 SUSE bug 1225192 SUSE bug 1225193 SUSE bug 1225198 SUSE bug 1225201 SUSE bug 1225206 SUSE bug 1225207 SUSE bug 1225208 SUSE bug 1225214 SUSE bug 1225223 SUSE bug 1225224 SUSE bug 1225230 SUSE bug 1225232 SUSE bug 1225233 SUSE bug 1225237 SUSE bug 1225238 SUSE bug 1225243 SUSE bug 1225244 SUSE bug 1225247 SUSE bug 1225251 SUSE bug 1225252 SUSE bug 1225256 SUSE bug 1225261 SUSE bug 1225262 SUSE bug 1225263 SUSE bug 1225301 SUSE bug 1225303 SUSE bug 1225316 SUSE bug 1225318 SUSE bug 1225320 SUSE bug 1225321 SUSE bug 1225322 SUSE bug 1225326 SUSE bug 1225327 SUSE bug 1225328 SUSE bug 1225330 SUSE bug 1225333 SUSE bug 1225336 SUSE bug 1225341 SUSE bug 1225346 SUSE bug 1225351 SUSE bug 1225354 SUSE bug 1225355 SUSE bug 1225357 SUSE bug 1225358 SUSE bug 1225360 SUSE bug 1225361 SUSE bug 1225366 SUSE bug 1225367 SUSE bug 1225369 SUSE bug 1225370 SUSE bug 1225372 SUSE bug 1225374 SUSE bug 1225384 SUSE bug 1225386 SUSE bug 1225387 SUSE bug 1225390 SUSE bug 1225393 SUSE bug 1225400 SUSE bug 1225404 SUSE bug 1225405 SUSE bug 1225409 SUSE bug 1225411 SUSE bug 1225424 SUSE bug 1225427 SUSE bug 1225435 SUSE bug 1225437 SUSE bug 1225438 SUSE bug 1225439 SUSE bug 1225446 SUSE bug 1225447 SUSE bug 1225448 SUSE bug 1225450 SUSE bug 1225453 SUSE bug 1225455 SUSE bug 1225468 SUSE bug 1225499 SUSE bug 1225500 SUSE bug 1225508 SUSE bug 1225534 CVE-2020-36788 at SUSE CVE-2020-36788 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD CVE-2021-43527 at SUSE CVE-2021-43527 at NVD CVE-2021-47104 at SUSE CVE-2021-47104 at NVD CVE-2021-47192 at SUSE CVE-2021-47192 at NVD CVE-2021-47200 at SUSE CVE-2021-47200 at NVD CVE-2021-47220 at SUSE CVE-2021-47220 at NVD CVE-2021-47227 at SUSE CVE-2021-47227 at NVD CVE-2021-47228 at SUSE CVE-2021-47228 at NVD CVE-2021-47229 at SUSE CVE-2021-47229 at NVD CVE-2021-47230 at SUSE CVE-2021-47230 at NVD CVE-2021-47231 at SUSE CVE-2021-47231 at NVD CVE-2021-47235 at SUSE CVE-2021-47235 at NVD CVE-2021-47236 at SUSE CVE-2021-47236 at NVD CVE-2021-47237 at SUSE CVE-2021-47237 at NVD CVE-2021-47239 at SUSE CVE-2021-47239 at NVD CVE-2021-47240 at SUSE CVE-2021-47240 at NVD CVE-2021-47241 at SUSE CVE-2021-47241 at NVD CVE-2021-47246 at SUSE CVE-2021-47246 at NVD CVE-2021-47252 at SUSE CVE-2021-47252 at NVD CVE-2021-47253 at SUSE CVE-2021-47253 at NVD CVE-2021-47254 at SUSE CVE-2021-47254 at NVD CVE-2021-47255 at SUSE CVE-2021-47255 at NVD CVE-2021-47258 at SUSE CVE-2021-47258 at NVD CVE-2021-47259 at SUSE CVE-2021-47259 at NVD CVE-2021-47260 at SUSE CVE-2021-47260 at NVD CVE-2021-47261 at SUSE CVE-2021-47261 at NVD CVE-2021-47263 at SUSE CVE-2021-47263 at NVD CVE-2021-47265 at SUSE CVE-2021-47265 at NVD CVE-2021-47267 at SUSE CVE-2021-47267 at NVD CVE-2021-47269 at SUSE CVE-2021-47269 at NVD CVE-2021-47270 at SUSE CVE-2021-47270 at NVD CVE-2021-47274 at SUSE CVE-2021-47274 at NVD CVE-2021-47275 at SUSE CVE-2021-47275 at NVD CVE-2021-47276 at SUSE CVE-2021-47276 at NVD CVE-2021-47280 at SUSE CVE-2021-47280 at NVD CVE-2021-47281 at SUSE CVE-2021-47281 at NVD CVE-2021-47284 at SUSE CVE-2021-47284 at NVD CVE-2021-47285 at SUSE CVE-2021-47285 at NVD CVE-2021-47288 at SUSE CVE-2021-47288 at NVD CVE-2021-47289 at SUSE CVE-2021-47289 at NVD CVE-2021-47296 at SUSE CVE-2021-47296 at NVD CVE-2021-47301 at SUSE CVE-2021-47301 at NVD CVE-2021-47302 at SUSE CVE-2021-47302 at NVD CVE-2021-47305 at SUSE CVE-2021-47305 at NVD CVE-2021-47307 at SUSE CVE-2021-47307 at NVD CVE-2021-47308 at SUSE CVE-2021-47308 at NVD CVE-2021-47314 at SUSE CVE-2021-47314 at NVD CVE-2021-47315 at SUSE CVE-2021-47315 at NVD CVE-2021-47320 at SUSE CVE-2021-47320 at NVD CVE-2021-47321 at SUSE CVE-2021-47321 at NVD CVE-2021-47323 at SUSE CVE-2021-47323 at NVD CVE-2021-47324 at SUSE CVE-2021-47324 at NVD CVE-2021-47329 at SUSE CVE-2021-47329 at NVD CVE-2021-47330 at SUSE CVE-2021-47330 at NVD CVE-2021-47332 at SUSE CVE-2021-47332 at NVD CVE-2021-47333 at SUSE CVE-2021-47333 at NVD CVE-2021-47334 at SUSE CVE-2021-47334 at NVD CVE-2021-47337 at SUSE CVE-2021-47337 at NVD CVE-2021-47338 at SUSE CVE-2021-47338 at NVD CVE-2021-47340 at SUSE CVE-2021-47340 at NVD CVE-2021-47341 at SUSE CVE-2021-47341 at NVD CVE-2021-47343 at SUSE CVE-2021-47343 at NVD CVE-2021-47344 at SUSE CVE-2021-47344 at NVD CVE-2021-47347 at SUSE CVE-2021-47347 at NVD CVE-2021-47348 at SUSE CVE-2021-47348 at NVD CVE-2021-47350 at SUSE CVE-2021-47350 at NVD CVE-2021-47353 at SUSE CVE-2021-47353 at NVD CVE-2021-47354 at SUSE CVE-2021-47354 at NVD CVE-2021-47356 at SUSE CVE-2021-47356 at NVD CVE-2021-47369 at SUSE CVE-2021-47369 at NVD CVE-2021-47375 at SUSE CVE-2021-47375 at NVD CVE-2021-47378 at SUSE CVE-2021-47378 at NVD CVE-2021-47381 at SUSE CVE-2021-47381 at NVD CVE-2021-47382 at SUSE CVE-2021-47382 at NVD CVE-2021-47383 at SUSE CVE-2021-47383 at NVD CVE-2021-47387 at SUSE CVE-2021-47387 at NVD CVE-2021-47388 at SUSE CVE-2021-47388 at NVD CVE-2021-47391 at SUSE CVE-2021-47391 at NVD CVE-2021-47392 at SUSE CVE-2021-47392 at NVD CVE-2021-47393 at SUSE CVE-2021-47393 at NVD CVE-2021-47395 at SUSE CVE-2021-47395 at NVD CVE-2021-47396 at SUSE CVE-2021-47396 at NVD CVE-2021-47399 at SUSE CVE-2021-47399 at NVD CVE-2021-47402 at SUSE CVE-2021-47402 at NVD CVE-2021-47404 at SUSE CVE-2021-47404 at NVD CVE-2021-47405 at SUSE CVE-2021-47405 at NVD CVE-2021-47409 at SUSE CVE-2021-47409 at NVD CVE-2021-47413 at SUSE CVE-2021-47413 at NVD CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2021-47422 at SUSE CVE-2021-47422 at NVD CVE-2021-47423 at SUSE CVE-2021-47423 at NVD CVE-2021-47424 at SUSE CVE-2021-47424 at NVD CVE-2021-47425 at SUSE CVE-2021-47425 at NVD CVE-2021-47426 at SUSE CVE-2021-47426 at NVD CVE-2021-47428 at SUSE CVE-2021-47428 at NVD CVE-2021-47431 at SUSE CVE-2021-47431 at NVD CVE-2021-47434 at SUSE CVE-2021-47434 at NVD CVE-2021-47435 at SUSE CVE-2021-47435 at NVD CVE-2021-47436 at SUSE CVE-2021-47436 at NVD CVE-2021-47441 at SUSE CVE-2021-47441 at NVD CVE-2021-47442 at SUSE CVE-2021-47442 at NVD CVE-2021-47443 at SUSE CVE-2021-47443 at NVD CVE-2021-47444 at SUSE CVE-2021-47444 at NVD CVE-2021-47445 at SUSE CVE-2021-47445 at NVD CVE-2021-47451 at SUSE CVE-2021-47451 at NVD CVE-2021-47456 at SUSE CVE-2021-47456 at NVD CVE-2021-47458 at SUSE CVE-2021-47458 at NVD CVE-2021-47460 at SUSE CVE-2021-47460 at NVD CVE-2021-47464 at SUSE CVE-2021-47464 at NVD CVE-2021-47465 at SUSE CVE-2021-47465 at NVD CVE-2021-47468 at SUSE CVE-2021-47468 at NVD CVE-2021-47473 at SUSE CVE-2021-47473 at NVD CVE-2021-47478 at SUSE CVE-2021-47478 at NVD CVE-2021-47480 at SUSE CVE-2021-47480 at NVD CVE-2021-47482 at SUSE CVE-2021-47482 at NVD CVE-2021-47483 at SUSE CVE-2021-47483 at NVD CVE-2021-47485 at SUSE CVE-2021-47485 at NVD CVE-2021-47493 at SUSE CVE-2021-47493 at NVD CVE-2021-47494 at SUSE CVE-2021-47494 at NVD CVE-2021-47495 at SUSE CVE-2021-47495 at NVD CVE-2021-47496 at SUSE CVE-2021-47496 at NVD CVE-2021-47497 at SUSE CVE-2021-47497 at NVD CVE-2021-47498 at SUSE CVE-2021-47498 at NVD CVE-2021-47499 at SUSE CVE-2021-47499 at NVD CVE-2021-47500 at SUSE CVE-2021-47500 at NVD CVE-2021-47501 at SUSE CVE-2021-47501 at NVD CVE-2021-47502 at SUSE CVE-2021-47502 at NVD CVE-2021-47503 at SUSE CVE-2021-47503 at NVD CVE-2021-47505 at SUSE CVE-2021-47505 at NVD CVE-2021-47506 at SUSE CVE-2021-47506 at NVD CVE-2021-47507 at SUSE CVE-2021-47507 at NVD CVE-2021-47509 at SUSE CVE-2021-47509 at NVD CVE-2021-47511 at SUSE CVE-2021-47511 at NVD CVE-2021-47512 at SUSE CVE-2021-47512 at NVD CVE-2021-47516 at SUSE CVE-2021-47516 at NVD CVE-2021-47518 at SUSE CVE-2021-47518 at NVD CVE-2021-47521 at SUSE CVE-2021-47521 at NVD CVE-2021-47522 at SUSE CVE-2021-47522 at NVD CVE-2021-47523 at SUSE CVE-2021-47523 at NVD CVE-2021-47535 at SUSE CVE-2021-47535 at NVD CVE-2021-47536 at SUSE CVE-2021-47536 at NVD CVE-2021-47538 at SUSE CVE-2021-47538 at NVD CVE-2021-47540 at SUSE CVE-2021-47540 at NVD CVE-2021-47541 at SUSE CVE-2021-47541 at NVD CVE-2021-47542 at SUSE CVE-2021-47542 at NVD CVE-2021-47549 at SUSE CVE-2021-47549 at NVD CVE-2021-47557 at SUSE CVE-2021-47557 at NVD CVE-2021-47562 at SUSE CVE-2021-47562 at NVD CVE-2021-47563 at SUSE CVE-2021-47563 at NVD CVE-2021-47565 at SUSE CVE-2021-47565 at NVD CVE-2022-1195 at SUSE CVE-2022-1195 at NVD CVE-2022-20132 at SUSE CVE-2022-20132 at NVD CVE-2022-48636 at SUSE CVE-2022-48636 at NVD CVE-2022-48673 at SUSE CVE-2022-48673 at NVD CVE-2022-48704 at SUSE CVE-2022-48704 at NVD CVE-2022-48710 at SUSE CVE-2022-48710 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1829 at SUSE CVE-2023-1829 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52433 at SUSE CVE-2023-52433 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-52655 at SUSE CVE-2023-52655 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2024-26581 at SUSE CVE-2024-26581 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26828 at SUSE CVE-2024-26828 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26929 at SUSE CVE-2024-26929 at NVD CVE-2024-26930 at SUSE CVE-2024-26930 at NVD CVE-2024-27398 at SUSE CVE-2024-27398 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). Low SUSE bug 1224044 CVE-2024-34397 at SUSE CVE-2024-34397 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). Low SUSE bug 1224282 CVE-2024-34459 at SUSE CVE-2024-34459 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). Important SUSE bug 1227186 SUSE bug 1227187 CVE-2024-37370 at SUSE CVE-2024-37370 at NVD CVE-2024-37371 at SUSE CVE-2024-37371 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). Important SUSE bug 1156395 SUSE bug 1171988 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1181147 SUSE bug 1191958 SUSE bug 1195065 SUSE bug 1195254 SUSE bug 1195798 SUSE bug 1202623 SUSE bug 1218148 SUSE bug 1219224 SUSE bug 1219633 SUSE bug 1222015 SUSE bug 1223011 SUSE bug 1223384 SUSE bug 1224671 SUSE bug 1224703 SUSE bug 1224749 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224865 SUSE bug 1225010 SUSE bug 1225047 SUSE bug 1225109 SUSE bug 1225161 SUSE bug 1225184 SUSE bug 1225203 SUSE bug 1225487 SUSE bug 1225518 SUSE bug 1225611 SUSE bug 1225732 SUSE bug 1225749 SUSE bug 1225840 SUSE bug 1225866 SUSE bug 1226226 SUSE bug 1226537 SUSE bug 1226552 SUSE bug 1226554 SUSE bug 1226557 SUSE bug 1226558 SUSE bug 1226562 SUSE bug 1226563 SUSE bug 1226575 SUSE bug 1226583 SUSE bug 1226585 SUSE bug 1226587 SUSE bug 1226595 SUSE bug 1226614 SUSE bug 1226619 SUSE bug 1226621 SUSE bug 1226624 SUSE bug 1226643 SUSE bug 1226644 SUSE bug 1226645 SUSE bug 1226647 SUSE bug 1226650 SUSE bug 1226669 SUSE bug 1226670 SUSE bug 1226672 SUSE bug 1226674 SUSE bug 1226679 SUSE bug 1226686 SUSE bug 1226691 SUSE bug 1226692 SUSE bug 1226698 SUSE bug 1226703 SUSE bug 1226708 SUSE bug 1226709 SUSE bug 1226711 SUSE bug 1226712 SUSE bug 1226713 SUSE bug 1226715 SUSE bug 1226716 SUSE bug 1226720 SUSE bug 1226721 SUSE bug 1226732 SUSE bug 1226758 SUSE bug 1226762 SUSE bug 1226786 SUSE bug 1226962 CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-43389 at SUSE CVE-2021-43389 at NVD CVE-2021-4439 at SUSE CVE-2021-4439 at NVD CVE-2021-47247 at SUSE CVE-2021-47247 at NVD CVE-2021-47311 at SUSE CVE-2021-47311 at NVD CVE-2021-47328 at SUSE CVE-2021-47328 at NVD CVE-2021-47368 at SUSE CVE-2021-47368 at NVD CVE-2021-47372 at SUSE CVE-2021-47372 at NVD CVE-2021-47379 at SUSE CVE-2021-47379 at NVD CVE-2021-47571 at SUSE CVE-2021-47571 at NVD CVE-2021-47576 at SUSE CVE-2021-47576 at NVD CVE-2021-47583 at SUSE CVE-2021-47583 at NVD CVE-2021-47589 at SUSE CVE-2021-47589 at NVD CVE-2021-47595 at SUSE CVE-2021-47595 at NVD CVE-2021-47596 at SUSE CVE-2021-47596 at NVD CVE-2021-47600 at SUSE CVE-2021-47600 at NVD CVE-2021-47602 at SUSE CVE-2021-47602 at NVD CVE-2021-47609 at SUSE CVE-2021-47609 at NVD CVE-2021-47611 at SUSE CVE-2021-47611 at NVD CVE-2021-47612 at SUSE CVE-2021-47612 at NVD CVE-2021-47617 at SUSE CVE-2021-47617 at NVD CVE-2021-47618 at SUSE CVE-2021-47618 at NVD CVE-2021-47619 at SUSE CVE-2021-47619 at NVD CVE-2021-47620 at SUSE CVE-2021-47620 at NVD CVE-2022-0435 at SUSE CVE-2022-0435 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD CVE-2022-2938 at SUSE CVE-2022-2938 at NVD CVE-2022-48711 at SUSE CVE-2022-48711 at NVD CVE-2022-48715 at SUSE CVE-2022-48715 at NVD CVE-2022-48717 at SUSE CVE-2022-48717 at NVD CVE-2022-48722 at SUSE CVE-2022-48722 at NVD CVE-2022-48724 at SUSE CVE-2022-48724 at NVD CVE-2022-48726 at SUSE CVE-2022-48726 at NVD CVE-2022-48728 at SUSE CVE-2022-48728 at NVD CVE-2022-48730 at SUSE CVE-2022-48730 at NVD CVE-2022-48732 at SUSE CVE-2022-48732 at NVD CVE-2022-48736 at SUSE CVE-2022-48736 at NVD CVE-2022-48737 at SUSE CVE-2022-48737 at NVD CVE-2022-48738 at SUSE CVE-2022-48738 at NVD CVE-2022-48746 at SUSE CVE-2022-48746 at NVD CVE-2022-48747 at SUSE CVE-2022-48747 at NVD CVE-2022-48748 at SUSE CVE-2022-48748 at NVD CVE-2022-48749 at SUSE CVE-2022-48749 at NVD CVE-2022-48752 at SUSE CVE-2022-48752 at NVD CVE-2022-48754 at SUSE CVE-2022-48754 at NVD CVE-2022-48756 at SUSE CVE-2022-48756 at NVD CVE-2022-48758 at SUSE CVE-2022-48758 at NVD CVE-2022-48759 at SUSE CVE-2022-48759 at NVD CVE-2022-48760 at SUSE CVE-2022-48760 at NVD CVE-2022-48767 at SUSE CVE-2022-48767 at NVD CVE-2022-48768 at SUSE CVE-2022-48768 at NVD CVE-2022-48771 at SUSE CVE-2022-48771 at NVD CVE-2023-24023 at SUSE CVE-2023-24023 at NVD CVE-2023-52707 at SUSE CVE-2023-52707 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-26923 at SUSE CVE-2024-26923 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38545 at SUSE CVE-2024-38545 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-38560 at SUSE CVE-2024-38560 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). Important SUSE bug 1156395 SUSE bug 1171988 SUSE bug 1176447 SUSE bug 1176774 SUSE bug 1181147 SUSE bug 1191958 SUSE bug 1195065 SUSE bug 1195254 SUSE bug 1195798 SUSE bug 1202623 SUSE bug 1218148 SUSE bug 1219224 SUSE bug 1219633 SUSE bug 1222015 SUSE bug 1223011 SUSE bug 1224671 SUSE bug 1224703 SUSE bug 1224749 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224865 SUSE bug 1225010 SUSE bug 1225047 SUSE bug 1225109 SUSE bug 1225161 SUSE bug 1225184 SUSE bug 1225203 SUSE bug 1225487 SUSE bug 1225518 SUSE bug 1225611 SUSE bug 1225732 SUSE bug 1225749 SUSE bug 1225840 SUSE bug 1225866 SUSE bug 1226226 SUSE bug 1226537 SUSE bug 1226552 SUSE bug 1226554 SUSE bug 1226557 SUSE bug 1226558 SUSE bug 1226562 SUSE bug 1226563 SUSE bug 1226575 SUSE bug 1226583 SUSE bug 1226585 SUSE bug 1226587 SUSE bug 1226595 SUSE bug 1226614 SUSE bug 1226619 SUSE bug 1226621 SUSE bug 1226624 SUSE bug 1226643 SUSE bug 1226644 SUSE bug 1226645 SUSE bug 1226647 SUSE bug 1226650 SUSE bug 1226669 SUSE bug 1226670 SUSE bug 1226672 SUSE bug 1226674 SUSE bug 1226679 SUSE bug 1226686 SUSE bug 1226691 SUSE bug 1226692 SUSE bug 1226698 SUSE bug 1226703 SUSE bug 1226708 SUSE bug 1226709 SUSE bug 1226711 SUSE bug 1226712 SUSE bug 1226713 SUSE bug 1226715 SUSE bug 1226716 SUSE bug 1226720 SUSE bug 1226721 SUSE bug 1226732 SUSE bug 1226762 SUSE bug 1226785 SUSE bug 1226786 SUSE bug 1226962 CVE-2021-43389 at SUSE CVE-2021-43389 at NVD CVE-2021-4439 at SUSE CVE-2021-4439 at NVD CVE-2021-47247 at SUSE CVE-2021-47247 at NVD CVE-2021-47311 at SUSE CVE-2021-47311 at NVD CVE-2021-47328 at SUSE CVE-2021-47328 at NVD CVE-2021-47368 at SUSE CVE-2021-47368 at NVD CVE-2021-47372 at SUSE CVE-2021-47372 at NVD CVE-2021-47379 at SUSE CVE-2021-47379 at NVD CVE-2021-47571 at SUSE CVE-2021-47571 at NVD CVE-2021-47576 at SUSE CVE-2021-47576 at NVD CVE-2021-47583 at SUSE CVE-2021-47583 at NVD CVE-2021-47589 at SUSE CVE-2021-47589 at NVD CVE-2021-47595 at SUSE CVE-2021-47595 at NVD CVE-2021-47596 at SUSE CVE-2021-47596 at NVD CVE-2021-47600 at SUSE CVE-2021-47600 at NVD CVE-2021-47602 at SUSE CVE-2021-47602 at NVD CVE-2021-47609 at SUSE CVE-2021-47609 at NVD CVE-2021-47611 at SUSE CVE-2021-47611 at NVD CVE-2021-47612 at SUSE CVE-2021-47612 at NVD CVE-2021-47617 at SUSE CVE-2021-47617 at NVD CVE-2021-47618 at SUSE CVE-2021-47618 at NVD CVE-2021-47619 at SUSE CVE-2021-47619 at NVD CVE-2021-47620 at SUSE CVE-2021-47620 at NVD CVE-2022-2938 at SUSE CVE-2022-2938 at NVD CVE-2022-48711 at SUSE CVE-2022-48711 at NVD CVE-2022-48715 at SUSE CVE-2022-48715 at NVD CVE-2022-48717 at SUSE CVE-2022-48717 at NVD CVE-2022-48722 at SUSE CVE-2022-48722 at NVD CVE-2022-48724 at SUSE CVE-2022-48724 at NVD CVE-2022-48726 at SUSE CVE-2022-48726 at NVD CVE-2022-48728 at SUSE CVE-2022-48728 at NVD CVE-2022-48730 at SUSE CVE-2022-48730 at NVD CVE-2022-48732 at SUSE CVE-2022-48732 at NVD CVE-2022-48736 at SUSE CVE-2022-48736 at NVD CVE-2022-48737 at SUSE CVE-2022-48737 at NVD CVE-2022-48738 at SUSE CVE-2022-48738 at NVD CVE-2022-48746 at SUSE CVE-2022-48746 at NVD CVE-2022-48747 at SUSE CVE-2022-48747 at NVD CVE-2022-48748 at SUSE CVE-2022-48748 at NVD CVE-2022-48749 at SUSE CVE-2022-48749 at NVD CVE-2022-48752 at SUSE CVE-2022-48752 at NVD CVE-2022-48754 at SUSE CVE-2022-48754 at NVD CVE-2022-48756 at SUSE CVE-2022-48756 at NVD CVE-2022-48758 at SUSE CVE-2022-48758 at NVD CVE-2022-48759 at SUSE CVE-2022-48759 at NVD CVE-2022-48760 at SUSE CVE-2022-48760 at NVD CVE-2022-48767 at SUSE CVE-2022-48767 at NVD CVE-2022-48768 at SUSE CVE-2022-48768 at NVD CVE-2022-48771 at SUSE CVE-2022-48771 at NVD CVE-2023-24023 at SUSE CVE-2023-24023 at NVD CVE-2023-52707 at SUSE CVE-2023-52707 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38545 at SUSE CVE-2024-38545 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-38560 at SUSE CVE-2024-38560 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). Moderate SUSE bug 1141157 CVE-2019-13225 at SUSE CVE-2019-13225 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit fixes the following issues: - CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). Moderate SUSE bug 1226040 CVE-2024-6126 at SUSE CVE-2024-6126 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) Important SUSE bug 1219559 SUSE bug 1220664 SUSE bug 1221563 SUSE bug 1221854 SUSE bug 1222075 SUSE bug 1226447 SUSE bug 1226448 CVE-2023-52425 at SUSE CVE-2023-52425 at NVD CVE-2024-0397 at SUSE CVE-2024-0397 at NVD CVE-2024-0450 at SUSE CVE-2024-0450 at NVD CVE-2024-4032 at SUSE CVE-2024-4032 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). Important SUSE bug 1222453 SUSE bug 1227355 CVE-2024-2201 at SUSE CVE-2024-2201 at NVD CVE-2024-31143 at SUSE CVE-2024-31143 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: - FIPS: Added more safe memset (bsc#1222811). - FIPS: Adjusted AES GCM restrictions (bsc#1222830). - FIPS: Adjusted approved ciphers (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118, bsc#1222807, bsc#1222828, bsc#1222834, bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116). Update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string<uint8_t> * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. Moderate SUSE bug 1214980 SUSE bug 1222804 SUSE bug 1222807 SUSE bug 1222811 SUSE bug 1222813 SUSE bug 1222814 SUSE bug 1222821 SUSE bug 1222822 SUSE bug 1222826 SUSE bug 1222828 SUSE bug 1222830 SUSE bug 1222833 SUSE bug 1222834 SUSE bug 1224113 SUSE bug 1224115 SUSE bug 1224116 SUSE bug 1224118 CVE-2023-5388 at SUSE CVE-2023-5388 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) Moderate SUSE bug 1218851 CVE-2023-46839 at SUSE CVE-2023-46839 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). Important SUSE bug 916845 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) Moderate SUSE bug 1226469 CVE-2024-37891 at SUSE CVE-2024-37891 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184) Important SUSE bug 1228184 CVE-2024-40897 at SUSE CVE-2024-40897 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) Moderate SUSE bug 1228770 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 Important SUSE bug 1220356 SUSE bug 1227525 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - NFS: Clean up directory array handling (bsc#1226662). - NFS: Clean up nfs_readdir_page_filler() (bsc#1226662). - NFS: Clean up readdir struct nfs_cache_array (bsc#1226662). - NFS: Do not discard readdir results (bsc#1226662). - NFS: Do not overfill uncached readdir pages (bsc#1226662). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - NFS: Fix up directory verifier races (bsc#1226662). - NFS: Further optimisations for 'ls -l' (bsc#1226662). - NFS: More readdir cleanups (bsc#1226662). - NFS: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFS: Support larger readdir buffers (bsc#1226662). - NFS: Use the 64-bit server readdir cookies when possible (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - X.509: Fix the parser of extended key usage for length (bsc#1218820 bsc#1226666). - nfs: optimise readdir cache page invalidation (bsc#1226662). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). Important SUSE bug 1216834 SUSE bug 1218820 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1221539 SUSE bug 1222728 SUSE bug 1222824 SUSE bug 1223863 SUSE bug 1224918 SUSE bug 1225431 SUSE bug 1226519 SUSE bug 1226550 SUSE bug 1226574 SUSE bug 1226662 SUSE bug 1226666 SUSE bug 1227213 SUSE bug 1227362 SUSE bug 1227487 SUSE bug 1227716 SUSE bug 1227750 SUSE bug 1227810 SUSE bug 1227836 SUSE bug 1227976 SUSE bug 1228013 SUSE bug 1228040 SUSE bug 1228114 SUSE bug 1228328 SUSE bug 1228561 SUSE bug 1228644 SUSE bug 1228743 CVE-2021-47126 at SUSE CVE-2021-47126 at NVD CVE-2021-47219 at SUSE CVE-2021-47219 at NVD CVE-2021-47291 at SUSE CVE-2021-47291 at NVD CVE-2021-47520 at SUSE CVE-2021-47520 at NVD CVE-2021-47580 at SUSE CVE-2021-47580 at NVD CVE-2021-47598 at SUSE CVE-2021-47598 at NVD CVE-2022-48792 at SUSE CVE-2022-48792 at NVD CVE-2022-48821 at SUSE CVE-2022-48821 at NVD CVE-2022-48822 at SUSE CVE-2022-48822 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26800 at SUSE CVE-2024-26800 at NVD CVE-2024-36974 at SUSE CVE-2024-36974 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gtk3 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120). Important SUSE bug 1228120 CVE-2024-6655 at SUSE CVE-2024-6655 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Moderate SUSE bug 1227138 CVE-2024-5535 at SUSE CVE-2024-5535 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) Moderate SUSE bug 1228535 CVE-2024-7264 at SUSE CVE-2024-7264 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for kernel-firmware fixes the following issues: - CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) Important SUSE bug 1229069 CVE-2023-31315 at SUSE CVE-2023-31315 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463). - CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539). - CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824). - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918). - CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404). - CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431). - CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575). - CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013). - CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). - CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). The following non-security bugs were fixed: - Fix spurious WARNING caused by a qxl driver patch (bsc#1227213) - nfs: Clean up directory array handling (bsc#1226662). - nfs: Clean up nfs_readdir_page_filler() (bsc#1226662). - nfs: Clean up readdir struct nfs_cache_array (bsc#1226662). - nfs: Do not discard readdir results (bsc#1226662). - nfs: Do not overfill uncached readdir pages (bsc#1226662). - nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662). - nfs: Fix up directory verifier races (bsc#1226662). - nfs: Further optimisations for 'ls -l' (bsc#1226662). - nfs: More readdir cleanups (bsc#1226662). - nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662). - nfs: Reduce use of uncached readdir (bsc#1226662). - nfs: Support larger readdir buffers (bsc#1226662). - nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662). - nfs: optimise readdir cache page invalidation (bsc#1226662). - nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666). Important SUSE bug 1065729 SUSE bug 1179610 SUSE bug 1186463 SUSE bug 1216834 SUSE bug 1218820 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1220187 SUSE bug 1221539 SUSE bug 1222728 SUSE bug 1222824 SUSE bug 1223863 SUSE bug 1224918 SUSE bug 1225404 SUSE bug 1225431 SUSE bug 1226519 SUSE bug 1226550 SUSE bug 1226574 SUSE bug 1226575 SUSE bug 1226662 SUSE bug 1226666 SUSE bug 1226785 SUSE bug 1227213 SUSE bug 1227362 SUSE bug 1227487 SUSE bug 1227716 SUSE bug 1227750 SUSE bug 1227810 SUSE bug 1227836 SUSE bug 1227976 SUSE bug 1228013 SUSE bug 1228040 SUSE bug 1228114 SUSE bug 1228328 SUSE bug 1228561 SUSE bug 1228644 SUSE bug 1228743 CVE-2020-26558 at SUSE CVE-2020-26558 at NVD CVE-2021-0129 at SUSE CVE-2021-0129 at NVD CVE-2021-47126 at SUSE CVE-2021-47126 at NVD CVE-2021-47219 at SUSE CVE-2021-47219 at NVD CVE-2021-47291 at SUSE CVE-2021-47291 at NVD CVE-2021-47506 at SUSE CVE-2021-47506 at NVD CVE-2021-47520 at SUSE CVE-2021-47520 at NVD CVE-2021-47580 at SUSE CVE-2021-47580 at NVD CVE-2021-47598 at SUSE CVE-2021-47598 at NVD CVE-2021-47600 at SUSE CVE-2021-47600 at NVD CVE-2022-48792 at SUSE CVE-2022-48792 at NVD CVE-2022-48821 at SUSE CVE-2022-48821 at NVD CVE-2022-48822 at SUSE CVE-2022-48822 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26585 at SUSE CVE-2024-26585 at NVD CVE-2024-26800 at SUSE CVE-2024-26800 at NVD CVE-2024-36974 at SUSE CVE-2024-36974 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) Important SUSE bug 1218894 CVE-2024-21626 at SUSE CVE-2024-21626 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968) - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) Other fixes: - Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311) Important SUSE bug 1212968 SUSE bug 1215311 SUSE bug 1227322 CVE-2023-2861 at SUSE CVE-2023-2861 at NVD CVE-2024-4467 at SUSE CVE-2024-4467 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). Low SUSE bug 1224044 CVE-2024-34397 at SUSE CVE-2024-34397 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Important SUSE bug 1228574 SUSE bug 1228575 CVE-2024-31145 at SUSE CVE-2024-31145 at NVD CVE-2024-31146 at SUSE CVE-2024-31146 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2024-6104: Fixed sensitive information disclosure in log files in go-retryablehttp (bsc#1227052) Moderate SUSE bug 1227052 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240813 release (bsc#1229129) - CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html) - CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html) - CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html) - CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html) - CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html) Other issues fixed: - Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details. - Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details - Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details. - Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details. - Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details. - Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details. - Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details. - Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details. - Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details. - Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8 | CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3 | EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3 | KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11 | TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile - update to 20240531: * Update for functional issues. Refer to Intel Pentium Silver and Intel Celeron Processor Specification Update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx Important SUSE bug 1229129 CVE-2023-42667 at SUSE CVE-2023-42667 at NVD CVE-2023-49141 at SUSE CVE-2023-49141 at NVD CVE-2024-24853 at SUSE CVE-2024-24853 at NVD CVE-2024-24980 at SUSE CVE-2024-24980 at NVD CVE-2024-25939 at SUSE CVE-2024-25939 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924) Moderate SUSE bug 1228924 CVE-2024-7006 at SUSE CVE-2024-7006 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP Critical SUSE bug 1214855 SUSE bug 1219267 SUSE bug 1219268 SUSE bug 1219438 SUSE bug 1221243 SUSE bug 1221677 SUSE bug 1221916 SUSE bug 1223409 SUSE bug 1224117 SUSE bug 1228324 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD CVE-2024-23651 at SUSE CVE-2024-23651 at NVD CVE-2024-23652 at SUSE CVE-2024-23652 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) - CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535) Moderate SUSE bug 1228535 SUSE bug 1230093 CVE-2024-7264 at SUSE CVE-2024-7264 at NVD CVE-2024-8096 at SUSE CVE-2024-8096 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) Important SUSE bug 1200528 SUSE bug 1217070 SUSE bug 1228553 CVE-2022-1996 at SUSE CVE-2022-1996 at NVD CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) Low SUSE bug 1230092 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657). - CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510). - CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109). Important SUSE bug 1176447 SUSE bug 1195668 SUSE bug 1195928 SUSE bug 1195957 SUSE bug 1196018 SUSE bug 1196516 SUSE bug 1196823 SUSE bug 1202346 SUSE bug 1209636 SUSE bug 1209799 SUSE bug 1210629 SUSE bug 1216834 SUSE bug 1222251 SUSE bug 1225109 SUSE bug 1225584 SUSE bug 1227832 SUSE bug 1227924 SUSE bug 1227928 SUSE bug 1227932 SUSE bug 1227935 SUSE bug 1227941 SUSE bug 1227942 SUSE bug 1227945 SUSE bug 1227952 SUSE bug 1227964 SUSE bug 1227969 SUSE bug 1227985 SUSE bug 1227987 SUSE bug 1227988 SUSE bug 1227989 SUSE bug 1227997 SUSE bug 1228000 SUSE bug 1228004 SUSE bug 1228005 SUSE bug 1228006 SUSE bug 1228015 SUSE bug 1228020 SUSE bug 1228037 SUSE bug 1228045 SUSE bug 1228060 SUSE bug 1228062 SUSE bug 1228066 SUSE bug 1228466 SUSE bug 1228516 SUSE bug 1228576 SUSE bug 1228959 SUSE bug 1229400 SUSE bug 1229454 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229510 SUSE bug 1229512 SUSE bug 1229598 SUSE bug 1229604 SUSE bug 1229607 SUSE bug 1229620 SUSE bug 1229621 SUSE bug 1229624 SUSE bug 1229626 SUSE bug 1229629 SUSE bug 1229630 SUSE bug 1229637 SUSE bug 1229641 SUSE bug 1229657 SUSE bug 1229707 CVE-2021-4441 at SUSE CVE-2021-4441 at NVD CVE-2022-48775 at SUSE CVE-2022-48775 at NVD CVE-2022-48778 at SUSE CVE-2022-48778 at NVD CVE-2022-48787 at SUSE CVE-2022-48787 at NVD CVE-2022-48788 at SUSE CVE-2022-48788 at NVD CVE-2022-48789 at SUSE CVE-2022-48789 at NVD CVE-2022-48790 at SUSE CVE-2022-48790 at NVD CVE-2022-48798 at SUSE CVE-2022-48798 at NVD CVE-2022-48802 at SUSE CVE-2022-48802 at NVD CVE-2022-48805 at SUSE CVE-2022-48805 at NVD CVE-2022-48811 at SUSE CVE-2022-48811 at NVD CVE-2022-48823 at SUSE CVE-2022-48823 at NVD CVE-2022-48824 at SUSE CVE-2022-48824 at NVD CVE-2022-48827 at SUSE CVE-2022-48827 at NVD CVE-2022-48834 at SUSE CVE-2022-48834 at NVD CVE-2022-48835 at SUSE CVE-2022-48835 at NVD CVE-2022-48836 at SUSE CVE-2022-48836 at NVD CVE-2022-48837 at SUSE CVE-2022-48837 at NVD CVE-2022-48838 at SUSE CVE-2022-48838 at NVD CVE-2022-48839 at SUSE CVE-2022-48839 at NVD CVE-2022-48843 at SUSE CVE-2022-48843 at NVD CVE-2022-48851 at SUSE CVE-2022-48851 at NVD CVE-2022-48853 at SUSE CVE-2022-48853 at NVD CVE-2022-48856 at SUSE CVE-2022-48856 at NVD CVE-2022-48857 at SUSE CVE-2022-48857 at NVD CVE-2022-48858 at SUSE CVE-2022-48858 at NVD CVE-2022-48872 at SUSE CVE-2022-48872 at NVD CVE-2022-48873 at SUSE CVE-2022-48873 at NVD CVE-2022-48901 at SUSE CVE-2022-48901 at NVD CVE-2022-48905 at SUSE CVE-2022-48905 at NVD CVE-2022-48912 at SUSE CVE-2022-48912 at NVD CVE-2022-48917 at SUSE CVE-2022-48917 at NVD CVE-2022-48919 at SUSE CVE-2022-48919 at NVD CVE-2022-48925 at SUSE CVE-2022-48925 at NVD CVE-2022-48926 at SUSE CVE-2022-48926 at NVD CVE-2022-48928 at SUSE CVE-2022-48928 at NVD CVE-2022-48930 at SUSE CVE-2022-48930 at NVD CVE-2022-48933 at SUSE CVE-2022-48933 at NVD CVE-2022-48934 at SUSE CVE-2022-48934 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657). - CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510). - CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109). - scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002). Important SUSE bug 1176447 SUSE bug 1195668 SUSE bug 1195928 SUSE bug 1195957 SUSE bug 1196018 SUSE bug 1196516 SUSE bug 1196823 SUSE bug 1202346 SUSE bug 1209636 SUSE bug 1209799 SUSE bug 1210629 SUSE bug 1216834 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1222251 SUSE bug 1222728 SUSE bug 1223948 SUSE bug 1225109 SUSE bug 1225584 SUSE bug 1227832 SUSE bug 1227924 SUSE bug 1227928 SUSE bug 1227932 SUSE bug 1227935 SUSE bug 1227941 SUSE bug 1227942 SUSE bug 1227945 SUSE bug 1227952 SUSE bug 1227964 SUSE bug 1227969 SUSE bug 1227985 SUSE bug 1227987 SUSE bug 1227988 SUSE bug 1227989 SUSE bug 1227997 SUSE bug 1228000 SUSE bug 1228002 SUSE bug 1228004 SUSE bug 1228005 SUSE bug 1228006 SUSE bug 1228015 SUSE bug 1228020 SUSE bug 1228037 SUSE bug 1228045 SUSE bug 1228060 SUSE bug 1228062 SUSE bug 1228066 SUSE bug 1228114 SUSE bug 1228516 SUSE bug 1228576 SUSE bug 1228959 SUSE bug 1229400 SUSE bug 1229454 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229510 SUSE bug 1229512 SUSE bug 1229598 SUSE bug 1229604 SUSE bug 1229607 SUSE bug 1229620 SUSE bug 1229621 SUSE bug 1229624 SUSE bug 1229626 SUSE bug 1229629 SUSE bug 1229630 SUSE bug 1229637 SUSE bug 1229641 SUSE bug 1229657 SUSE bug 1229707 CVE-2021-4441 at SUSE CVE-2021-4441 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-20368 at SUSE CVE-2022-20368 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD CVE-2022-2964 at SUSE CVE-2022-2964 at NVD CVE-2022-48686 at SUSE CVE-2022-48686 at NVD CVE-2022-48775 at SUSE CVE-2022-48775 at NVD CVE-2022-48778 at SUSE CVE-2022-48778 at NVD CVE-2022-48787 at SUSE CVE-2022-48787 at NVD CVE-2022-48788 at SUSE CVE-2022-48788 at NVD CVE-2022-48789 at SUSE CVE-2022-48789 at NVD CVE-2022-48790 at SUSE CVE-2022-48790 at NVD CVE-2022-48791 at SUSE CVE-2022-48791 at NVD CVE-2022-48798 at SUSE CVE-2022-48798 at NVD CVE-2022-48802 at SUSE CVE-2022-48802 at NVD CVE-2022-48805 at SUSE CVE-2022-48805 at NVD CVE-2022-48811 at SUSE CVE-2022-48811 at NVD CVE-2022-48823 at SUSE CVE-2022-48823 at NVD CVE-2022-48824 at SUSE CVE-2022-48824 at NVD CVE-2022-48827 at SUSE CVE-2022-48827 at NVD CVE-2022-48834 at SUSE CVE-2022-48834 at NVD CVE-2022-48835 at SUSE CVE-2022-48835 at NVD CVE-2022-48836 at SUSE CVE-2022-48836 at NVD CVE-2022-48837 at SUSE CVE-2022-48837 at NVD CVE-2022-48838 at SUSE CVE-2022-48838 at NVD CVE-2022-48839 at SUSE CVE-2022-48839 at NVD CVE-2022-48843 at SUSE CVE-2022-48843 at NVD CVE-2022-48851 at SUSE CVE-2022-48851 at NVD CVE-2022-48853 at SUSE CVE-2022-48853 at NVD CVE-2022-48856 at SUSE CVE-2022-48856 at NVD CVE-2022-48857 at SUSE CVE-2022-48857 at NVD CVE-2022-48858 at SUSE CVE-2022-48858 at NVD CVE-2022-48872 at SUSE CVE-2022-48872 at NVD CVE-2022-48873 at SUSE CVE-2022-48873 at NVD CVE-2022-48901 at SUSE CVE-2022-48901 at NVD CVE-2022-48905 at SUSE CVE-2022-48905 at NVD CVE-2022-48912 at SUSE CVE-2022-48912 at NVD CVE-2022-48917 at SUSE CVE-2022-48917 at NVD CVE-2022-48919 at SUSE CVE-2022-48919 at NVD CVE-2022-48925 at SUSE CVE-2022-48925 at NVD CVE-2022-48926 at SUSE CVE-2022-48926 at NVD CVE-2022-48928 at SUSE CVE-2022-48928 at NVD CVE-2022-48930 at SUSE CVE-2022-48930 at NVD CVE-2022-48933 at SUSE CVE-2022-48933 at NVD CVE-2022-48934 at SUSE CVE-2022-48934 at NVD CVE-2023-1582 at SUSE CVE-2023-1582 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26800 at SUSE CVE-2024-26800 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002) The following non-security bugs were fixed: - powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error). - scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002) Important SUSE bug 1228002 CVE-2022-48791 at SUSE CVE-2022-48791 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240910 release (bsc#1230400) - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. Moderate SUSE bug 1230400 CVE-2024-23984 at SUSE CVE-2024-23984 at NVD CVE-2024-24968 at SUSE CVE-2024-24968 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) Moderate SUSE bug 1230366 CVE-2024-45817 at SUSE CVE-2024-45817 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. Important SUSE bug 1227233 SUSE bug 1227378 SUSE bug 1227999 SUSE bug 1228780 SUSE bug 1229596 SUSE bug 1230227 CVE-2024-5642 at SUSE CVE-2024-5642 at NVD CVE-2024-6232 at SUSE CVE-2024-6232 at NVD CVE-2024-6923 at SUSE CVE-2024-6923 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) Moderate SUSE bug 1229930 SUSE bug 1229931 SUSE bug 1229932 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) Moderate SUSE bug 1230020 SUSE bug 1230034 CVE-2023-7256 at SUSE CVE-2023-7256 at NVD CVE-2024-8006 at SUSE CVE-2024-8006 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for opensc fixes the following issues: - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076) - CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075) - CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074) - CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073) - CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072) - CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071) - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364) Low SUSE bug 1217722 SUSE bug 1230071 SUSE bug 1230072 SUSE bug 1230073 SUSE bug 1230074 SUSE bug 1230075 SUSE bug 1230076 SUSE bug 1230364 CVE-2024-45615 at SUSE CVE-2024-45615 at NVD CVE-2024-45616 at SUSE CVE-2024-45616 at NVD CVE-2024-45617 at SUSE CVE-2024-45617 at NVD CVE-2024-45618 at SUSE CVE-2024-45618 at NVD CVE-2024-45619 at SUSE CVE-2024-45619 at NVD CVE-2024-45620 at SUSE CVE-2024-45620 at NVD CVE-2024-8443 at SUSE CVE-2024-8443 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). The following non-security bugs were fixed: - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). - ext4: add reserved GDT blocks check (bsc#1230326). - ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). - kabi: add __nf_queue_get_refs() for kabi compliance. - No -rt specific changes this merge. - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326). Important SUSE bug 1226666 SUSE bug 1227487 SUSE bug 1229633 SUSE bug 1230015 SUSE bug 1230245 SUSE bug 1230326 SUSE bug 1230398 SUSE bug 1230434 SUSE bug 1230519 SUSE bug 1230767 CVE-2022-48911 at SUSE CVE-2022-48911 at NVD CVE-2022-48945 at SUSE CVE-2022-48945 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398). - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519). - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145). The following non-security bugs were fixed: - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326). - ext4: add reserved GDT blocks check (bsc#1230326). - ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326). - kabi: add __nf_queue_get_refs() for kabi compliance. - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326). Important SUSE bug 1220826 SUSE bug 1226145 SUSE bug 1226666 SUSE bug 1227487 SUSE bug 1228466 SUSE bug 1229633 SUSE bug 1230015 SUSE bug 1230245 SUSE bug 1230326 SUSE bug 1230398 SUSE bug 1230434 SUSE bug 1230519 SUSE bug 1230767 CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2022-48911 at SUSE CVE-2022-48911 at NVD CVE-2022-48945 at SUSE CVE-2022-48945 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: Security fixes: - CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241) Other fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906) Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) Moderate SUSE bug 1220262 CVE-2023-50782 at SUSE CVE-2023-50782 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). Moderate SUSE bug 1232579 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622). - CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624). Bug fixes: - Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542). Important SUSE bug 1232542 SUSE bug 1232622 SUSE bug 1232624 CVE-2024-45818 at SUSE CVE-2024-45818 at NVD CVE-2024-45819 at SUSE CVE-2024-45819 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282). Important SUSE bug 1233282 CVE-2024-52533 at SUSE CVE-2024-52533 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) - CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. - CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - Update for functional issues. New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12 | EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13 | SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 New Disclosures Updated in Prior Releases: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3 - Intel CPU Microcode was updated to the 20241029 release Update for functional issues. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14 Important SUSE bug 1233313 CVE-2024-21820 at SUSE CVE-2024-21820 at NVD CVE-2024-21853 at SUSE CVE-2024-21853 at NVD CVE-2024-23918 at SUSE CVE-2024-23918 at NVD CVE-2024-23984 at SUSE CVE-2024-23984 at NVD CVE-2024-24968 at SUSE CVE-2024-24968 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893). - CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979). - CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286). - CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304). - CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069). - CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070). - CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136). - CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890). - CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938). - CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961). - CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960). - CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193). - CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200). - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203). - CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073). - CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). The following non-security bugs were fixed: - kernel-binary: generate and install compile_commands.json (bsc#1228971) - kernel-binary: vdso: Own module_dir - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375). - mkspec-dtb: add toplevel symlinks also on arm - net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). Important SUSE bug 1195775 SUSE bug 1204171 SUSE bug 1205796 SUSE bug 1209290 SUSE bug 1216223 SUSE bug 1218562 SUSE bug 1219125 SUSE bug 1223384 SUSE bug 1223524 SUSE bug 1223824 SUSE bug 1225189 SUSE bug 1225336 SUSE bug 1225611 SUSE bug 1226145 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1228743 SUSE bug 1229042 SUSE bug 1229454 SUSE bug 1229456 SUSE bug 1230429 SUSE bug 1230454 SUSE bug 1231073 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231195 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231203 SUSE bug 1231293 SUSE bug 1231375 SUSE bug 1231502 SUSE bug 1231673 SUSE bug 1231861 SUSE bug 1231887 SUSE bug 1231890 SUSE bug 1231893 SUSE bug 1231895 SUSE bug 1231936 SUSE bug 1231938 SUSE bug 1231942 SUSE bug 1231960 SUSE bug 1231961 SUSE bug 1231979 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1232033 SUSE bug 1232069 SUSE bug 1232070 SUSE bug 1232097 SUSE bug 1232136 SUSE bug 1232145 SUSE bug 1232262 SUSE bug 1232282 SUSE bug 1232286 SUSE bug 1232304 SUSE bug 1232383 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232432 SUSE bug 1232519 CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD CVE-2022-48664 at SUSE CVE-2022-48664 at NVD CVE-2022-48947 at SUSE CVE-2022-48947 at NVD CVE-2022-48956 at SUSE CVE-2022-48956 at NVD CVE-2022-48960 at SUSE CVE-2022-48960 at NVD CVE-2022-48962 at SUSE CVE-2022-48962 at NVD CVE-2022-48967 at SUSE CVE-2022-48967 at NVD CVE-2022-48970 at SUSE CVE-2022-48970 at NVD CVE-2022-48988 at SUSE CVE-2022-48988 at NVD CVE-2022-48991 at SUSE CVE-2022-48991 at NVD CVE-2022-48999 at SUSE CVE-2022-48999 at NVD CVE-2022-49003 at SUSE CVE-2022-49003 at NVD CVE-2022-49014 at SUSE CVE-2022-49014 at NVD CVE-2022-49015 at SUSE CVE-2022-49015 at NVD CVE-2022-49023 at SUSE CVE-2022-49023 at NVD CVE-2022-49025 at SUSE CVE-2022-49025 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46815 at SUSE CVE-2024-46815 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47589: igbvf: fix double free in `igbvf_probe` (bsc#1226557). - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893). - CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979). - CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286). - CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304). - CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069). - CVE-2022-48991: khugepaged: retract_page_tables() remember to test exit (bsc#1232070 prerequisity). - CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136). - CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890). - CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938). - CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961). - CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200). - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203). - CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073). - CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). The following non-security bugs were fixed: - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375). - kernel-binary: generate and install compile_commands.json (bsc#1228971) - kernel-binary: vdso: Own module_dir - mkspec-dtb: add toplevel symlinks also on arm - net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). Important SUSE bug 1195775 SUSE bug 1204171 SUSE bug 1205796 SUSE bug 1206344 SUSE bug 1209290 SUSE bug 1216223 SUSE bug 1218562 SUSE bug 1219125 SUSE bug 1223384 SUSE bug 1223524 SUSE bug 1223824 SUSE bug 1225189 SUSE bug 1225336 SUSE bug 1225611 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1226557 SUSE bug 1228743 SUSE bug 1229042 SUSE bug 1229454 SUSE bug 1229456 SUSE bug 1230429 SUSE bug 1230454 SUSE bug 1231073 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231203 SUSE bug 1231293 SUSE bug 1231375 SUSE bug 1231502 SUSE bug 1231673 SUSE bug 1231861 SUSE bug 1231887 SUSE bug 1231890 SUSE bug 1231893 SUSE bug 1231895 SUSE bug 1231936 SUSE bug 1231938 SUSE bug 1231942 SUSE bug 1231960 SUSE bug 1231961 SUSE bug 1231979 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1232033 SUSE bug 1232069 SUSE bug 1232070 SUSE bug 1232097 SUSE bug 1232136 SUSE bug 1232145 SUSE bug 1232262 SUSE bug 1232280 SUSE bug 1232282 SUSE bug 1232286 SUSE bug 1232304 SUSE bug 1232383 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232432 SUSE bug 1232519 CVE-2021-47416 at SUSE CVE-2021-47416 at NVD CVE-2021-47589 at SUSE CVE-2021-47589 at NVD CVE-2022-3435 at SUSE CVE-2022-3435 at NVD CVE-2022-45934 at SUSE CVE-2022-45934 at NVD CVE-2022-48664 at SUSE CVE-2022-48664 at NVD CVE-2022-48947 at SUSE CVE-2022-48947 at NVD CVE-2022-48956 at SUSE CVE-2022-48956 at NVD CVE-2022-48960 at SUSE CVE-2022-48960 at NVD CVE-2022-48962 at SUSE CVE-2022-48962 at NVD CVE-2022-48967 at SUSE CVE-2022-48967 at NVD CVE-2022-48970 at SUSE CVE-2022-48970 at NVD CVE-2022-48988 at SUSE CVE-2022-48988 at NVD CVE-2022-48991 at SUSE CVE-2022-48991 at NVD CVE-2022-48999 at SUSE CVE-2022-48999 at NVD CVE-2022-49003 at SUSE CVE-2022-49003 at NVD CVE-2022-49014 at SUSE CVE-2022-49014 at NVD CVE-2022-49015 at SUSE CVE-2022-49015 at NVD CVE-2022-49023 at SUSE CVE-2022-49023 at NVD CVE-2022-49025 at SUSE CVE-2022-49025 at NVD CVE-2023-28327 at SUSE CVE-2023-28327 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) Low SUSE bug 1231795 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420) Moderate SUSE bug 1233420 CVE-2024-52616 at SUSE CVE-2024-52616 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) Moderate SUSE bug 1234068 CVE-2024-11053 at SUSE CVE-2024-11053 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070) - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). The following non-security bugs were fixed: - Update config files (bsc#1218644). - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - initramfs: avoid filename buffer overrun (bsc#1232436). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Flush XDP packets on error (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: Set tx_info->xdpf value to NULL (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: Use bitmask to indicate packet redirection (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353). Important SUSE bug 1154353 SUSE bug 1198778 SUSE bug 1218644 SUSE bug 1220927 SUSE bug 1231939 SUSE bug 1231940 SUSE bug 1231958 SUSE bug 1231962 SUSE bug 1231991 SUSE bug 1231992 SUSE bug 1231995 SUSE bug 1232006 SUSE bug 1232163 SUSE bug 1232172 SUSE bug 1232224 SUSE bug 1232436 SUSE bug 1232860 SUSE bug 1232907 SUSE bug 1232919 SUSE bug 1232928 SUSE bug 1233070 SUSE bug 1233117 SUSE bug 1233293 SUSE bug 1233453 SUSE bug 1233456 SUSE bug 1233468 SUSE bug 1233479 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233555 SUSE bug 1233557 CVE-2022-48985 at SUSE CVE-2022-48985 at NVD CVE-2022-49006 at SUSE CVE-2022-49006 at NVD CVE-2022-49010 at SUSE CVE-2022-49010 at NVD CVE-2022-49011 at SUSE CVE-2022-49011 at NVD CVE-2022-49019 at SUSE CVE-2022-49019 at NVD CVE-2022-49021 at SUSE CVE-2022-49021 at NVD CVE-2022-49022 at SUSE CVE-2022-49022 at NVD CVE-2022-49029 at SUSE CVE-2022-49029 at NVD CVE-2022-49031 at SUSE CVE-2022-49031 at NVD CVE-2022-49032 at SUSE CVE-2022-49032 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52524: net: nfc: llcp: Add lock when modifying device list (bsc#1220927). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224). - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). The following non-security bugs were fixed: - e1000e: Correct NVM checksum verification flow (jsc#SLE-8100). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778). - initramfs: avoid filename buffer overrun (bsc#1232436). - kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778). - net: ena: Add debug prints for invalid req_id resets (bsc#1198778). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198778). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778). - net: ena: Change the name of bad_csum variable (bsc#1198778). - net: ena: Extract recurring driver reset code into a function (bsc#1198778). - net: ena: Flush XDP packets on error (bsc#1198778). - net: ena: Improve error logging in driver (bsc#1198778). - net: ena: Move reset completion print to the reset function (bsc#1198778). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778). - net: ena: Remove module param and change message severity (bsc#1198778). - net: ena: Remove redundant return code check (bsc#1198778). - net: ena: Remove unused code (bsc#1198778). - net: ena: Set tx_info->xdpf value to NULL (bsc#1198778). - net: ena: Update XDP verdict upon failure (bsc#1198778). - net: ena: Use bitmask to indicate packet redirection (bsc#1198778). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778). - net: ena: add device distinct log prefix to files (bsc#1198778). - net: ena: add jiffies of last napi call to stats (bsc#1198778). - net: ena: aggregate doorbell common operations into a function (bsc#1198778). - net: ena: aggregate stats increase into a function (bsc#1198778). - net: ena: fix DMA mapping function issues in XDP (bsc#1198778). - net: ena: fix coding style nits (bsc#1198778). - net: ena: fix inaccurate print type (bsc#1198778). - net: ena: introduce XDP redirect implementation (bsc#1198778). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778). - net: ena: re-organize code to improve readability (bsc#1198778). - net: ena: remove extra words from comments (bsc#1198778). - net: ena: store values in their appropriate variables types (bsc#1198778). - net: ena: use build_skb() in RX path (bsc#1198778). - net: ena: use constant value for net_device allocation (bsc#1198778). - net: ena: use xdp_frame in XDP TX flow (bsc#1198778). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778). - tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353). Important SUSE bug 1154353 SUSE bug 1198778 SUSE bug 1218644 SUSE bug 1220927 SUSE bug 1231939 SUSE bug 1231940 SUSE bug 1231958 SUSE bug 1231962 SUSE bug 1231991 SUSE bug 1231992 SUSE bug 1231995 SUSE bug 1232006 SUSE bug 1232163 SUSE bug 1232172 SUSE bug 1232224 SUSE bug 1232436 SUSE bug 1232860 SUSE bug 1232907 SUSE bug 1232919 SUSE bug 1232928 SUSE bug 1233070 SUSE bug 1233117 SUSE bug 1233293 SUSE bug 1233453 SUSE bug 1233456 SUSE bug 1233468 SUSE bug 1233479 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233555 SUSE bug 1233557 CVE-2022-48985 at SUSE CVE-2022-48985 at NVD CVE-2022-49006 at SUSE CVE-2022-49006 at NVD CVE-2022-49010 at SUSE CVE-2022-49010 at NVD CVE-2022-49011 at SUSE CVE-2022-49011 at NVD CVE-2022-49019 at SUSE CVE-2022-49019 at NVD CVE-2022-49021 at SUSE CVE-2022-49021 at NVD CVE-2022-49022 at SUSE CVE-2022-49022 at NVD CVE-2022-49029 at SUSE CVE-2022-49029 at NVD CVE-2022-49031 at SUSE CVE-2022-49031 at NVD CVE-2022-49032 at SUSE CVE-2022-49032 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for socat fixes the following issues: - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462) Moderate SUSE bug 1225462 CVE-2024-54661 at SUSE CVE-2024-54661 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update updates installation-images and tftpboot images to contain the latest shim for secure boot. Important SUSE bug 1233813 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ovmf fixes the following issues: - CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount (bsc#1225889) Moderate SUSE bug 1225889 CVE-2024-1298 at SUSE CVE-2024-1298 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819 - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Allow a parallel docker-stable RPM to exists in repositories. - Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.17.1> - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348) - Mark docker-buildx as required since classic 'docker build' has been deprecated since Docker 23.0. (bsc#1230331) - Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. (bsc#1230333) - Update to Docker 26.1.5-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2615> bsc#1230294 - This update includes fixes for: * CVE-2024-41110. bsc#1228324 * CVE-2023-47108. bsc#1217070 bsc#1229806 * CVE-2023-45142. bsc#1228553 bsc#1229806 - Update to Docker 26.1.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2614> - Update to Docker 26.1.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2610> - Update --add-runtime to point to correct binary path. Important SUSE bug 1217070 SUSE bug 1228324 SUSE bug 1228553 SUSE bug 1229806 SUSE bug 1230294 SUSE bug 1230331 SUSE bug 1230333 SUSE bug 1231348 SUSE bug 1232999 SUSE bug 1233819 CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) Other fixes: - websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391). - fix an intermittent test failure (glgo#GNOME/soup#399). - updated to version 2.68.4. Important SUSE bug 1233285 SUSE bug 1233287 SUSE bug 1233292 CVE-2024-52530 at SUSE CVE-2024-52530 at NVD CVE-2024-52531 at SUSE CVE-2024-52531 at NVD CVE-2024-52532 at SUSE CVE-2024-52532 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 Important SUSE bug 1219123 SUSE bug 1219189 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. Important SUSE bug 1218894 CVE-2024-21626 at SUSE CVE-2024-21626 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). Important SUSE bug 1219576 CVE-2024-25062 at SUSE CVE-2024-25062 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). Important SUSE bug 1108281 SUSE bug 1193285 SUSE bug 1216702 SUSE bug 1217987 SUSE bug 1217988 SUSE bug 1217989 SUSE bug 1218713 SUSE bug 1218730 SUSE bug 1218752 SUSE bug 1218757 SUSE bug 1218768 SUSE bug 1218804 SUSE bug 1218832 SUSE bug 1218836 SUSE bug 1219053 SUSE bug 1219120 SUSE bug 1219412 SUSE bug 1219434 CVE-2021-33631 at SUSE CVE-2021-33631 at NVD CVE-2023-46838 at SUSE CVE-2023-46838 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-51043 at SUSE CVE-2023-51043 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-51782 at SUSE CVE-2023-51782 at NVD CVE-2023-6040 at SUSE CVE-2023-6040 at NVD CVE-2023-6356 at SUSE CVE-2023-6356 at NVD CVE-2023-6535 at SUSE CVE-2023-6535 at NVD CVE-2023-6536 at SUSE CVE-2023-6536 at NVD CVE-2023-6915 at SUSE CVE-2023-6915 at NVD CVE-2024-0565 at SUSE CVE-2024-0565 at NVD CVE-2024-0775 at SUSE CVE-2024-0775 at NVD CVE-2024-1086 at SUSE CVE-2024-1086 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). Important SUSE bug 1108281 SUSE bug 1193285 SUSE bug 1215275 SUSE bug 1216702 SUSE bug 1217987 SUSE bug 1217988 SUSE bug 1217989 SUSE bug 1218713 SUSE bug 1218730 SUSE bug 1218752 SUSE bug 1218757 SUSE bug 1218768 SUSE bug 1218804 SUSE bug 1218832 SUSE bug 1218836 SUSE bug 1219053 SUSE bug 1219120 SUSE bug 1219412 SUSE bug 1219434 CVE-2021-33631 at SUSE CVE-2021-33631 at NVD CVE-2023-46838 at SUSE CVE-2023-46838 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-4921 at SUSE CVE-2023-4921 at NVD CVE-2023-51043 at SUSE CVE-2023-51043 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-51782 at SUSE CVE-2023-51782 at NVD CVE-2023-6040 at SUSE CVE-2023-6040 at NVD CVE-2023-6356 at SUSE CVE-2023-6356 at NVD CVE-2023-6535 at SUSE CVE-2023-6535 at NVD CVE-2023-6536 at SUSE CVE-2023-6536 at NVD CVE-2023-6915 at SUSE CVE-2023-6915 at NVD CVE-2024-0565 at SUSE CVE-2024-0565 at NVD CVE-2024-0775 at SUSE CVE-2024-0775 at NVD CVE-2024-1086 at SUSE CVE-2024-1086 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430) - CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431) Bugs fixed: - Ensure that pillar refresh loads beacons from pillar without restart - Fix the aptpkg.py unit test failure - Prefer unittest.mock to python-mock in test suite - Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649) - Revert changes to set Salt configured user early in the stack (bsc#1216284) - Align behavior of some modules when using salt-call via symlink (bsc#1215963) - Fix gitfs '__env__' and improve cache cleaning (bsc#1193948) - Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed Important SUSE bug 1193948 SUSE bug 1211649 SUSE bug 1215963 SUSE bug 1216284 SUSE bug 1219430 SUSE bug 1219431 CVE-2024-22231 at SUSE CVE-2024-22231 at NVD CVE-2024-22232 at SUSE CVE-2024-22232 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files Important SUSE bug 1158095 SUSE bug 1168699 SUSE bug 1174713 SUSE bug 1189608 SUSE bug 1211188 SUSE bug 1211190 SUSE bug 1218126 SUSE bug 1218186 SUSE bug 1218209 CVE-2019-14889 at SUSE CVE-2019-14889 at NVD CVE-2020-16135 at SUSE CVE-2020-16135 at NVD CVE-2020-1730 at SUSE CVE-2020-1730 at NVD CVE-2021-3634 at SUSE CVE-2021-3634 at NVD CVE-2023-1667 at SUSE CVE-2023-1667 at NVD CVE-2023-2283 at SUSE CVE-2023-2283 at NVD CVE-2023-48795 at SUSE CVE-2023-48795 at NVD CVE-2023-6004 at SUSE CVE-2023-6004 at NVD CVE-2023-6918 at SUSE CVE-2023-6918 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh2_org fixes the following issues: - Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com' when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. Important SUSE bug 1218971 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) Important SUSE bug 1216198 CVE-2023-5388 at SUSE CVE-2023-5388 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). Moderate SUSE bug 1210638 CVE-2023-27043 at SUSE CVE-2023-27043 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). Important SUSE bug 1219267 SUSE bug 1219268 SUSE bug 1219438 CVE-2024-23651 at SUSE CVE-2024-23651 at NVD CVE-2024-23652 at SUSE CVE-2024-23652 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213). Moderate SUSE bug 1219213 CVE-2023-52356 at SUSE CVE-2023-52356 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) Important SUSE bug 1218215 CVE-2023-51385 at SUSE CVE-2023-51385 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). Moderate SUSE bug 1218127 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). Low SUSE bug 1217969 CVE-2023-39804 at SUSE CVE-2023-39804 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). Important SUSE bug 1219975 CVE-2023-52160 at SUSE CVE-2023-52160 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) Moderate SUSE bug 1218571 SUSE bug 1219238 CVE-2023-7207 at SUSE CVE-2023-7207 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). Moderate SUSE bug 1219243 CVE-2024-0727 at SUSE CVE-2024-0727 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). Important SUSE bug 1219026 SUSE bug 1220389 CVE-2023-42465 at SUSE CVE-2023-42465 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). Important SUSE bug 1155518 SUSE bug 1184436 SUSE bug 1185988 SUSE bug 1186286 SUSE bug 1200599 SUSE bug 1207653 SUSE bug 1212514 SUSE bug 1213456 SUSE bug 1216223 SUSE bug 1218195 SUSE bug 1218689 SUSE bug 1218915 SUSE bug 1219127 SUSE bug 1219128 SUSE bug 1219146 SUSE bug 1219295 SUSE bug 1219653 SUSE bug 1219827 SUSE bug 1219835 SUSE bug 1219915 SUSE bug 1220009 SUSE bug 1220140 SUSE bug 1220187 SUSE bug 1220238 SUSE bug 1220240 SUSE bug 1220241 SUSE bug 1220243 SUSE bug 1220250 SUSE bug 1220253 SUSE bug 1220255 SUSE bug 1220328 SUSE bug 1220330 SUSE bug 1220344 SUSE bug 1220398 SUSE bug 1220409 SUSE bug 1220416 SUSE bug 1220418 SUSE bug 1220421 SUSE bug 1220436 SUSE bug 1220444 SUSE bug 1220459 SUSE bug 1220469 SUSE bug 1220482 SUSE bug 1220526 SUSE bug 1220538 SUSE bug 1220570 SUSE bug 1220572 SUSE bug 1220599 SUSE bug 1220627 SUSE bug 1220641 SUSE bug 1220649 SUSE bug 1220660 SUSE bug 1220700 SUSE bug 1220735 SUSE bug 1220736 SUSE bug 1220737 SUSE bug 1220742 SUSE bug 1220745 SUSE bug 1220767 SUSE bug 1220796 SUSE bug 1220825 SUSE bug 1220826 SUSE bug 1220831 SUSE bug 1220845 SUSE bug 1220860 SUSE bug 1220863 SUSE bug 1220870 SUSE bug 1220917 SUSE bug 1220918 SUSE bug 1220930 SUSE bug 1220931 SUSE bug 1220932 SUSE bug 1221039 SUSE bug 1221040 CVE-2019-25162 at SUSE CVE-2019-25162 at NVD CVE-2020-36777 at SUSE CVE-2020-36777 at NVD CVE-2020-36784 at SUSE CVE-2020-36784 at NVD CVE-2021-46904 at SUSE CVE-2021-46904 at NVD CVE-2021-46905 at SUSE CVE-2021-46905 at NVD CVE-2021-46906 at SUSE CVE-2021-46906 at NVD CVE-2021-46915 at SUSE CVE-2021-46915 at NVD CVE-2021-46924 at SUSE CVE-2021-46924 at NVD CVE-2021-46929 at SUSE CVE-2021-46929 at NVD CVE-2021-46932 at SUSE CVE-2021-46932 at NVD CVE-2021-46934 at SUSE CVE-2021-46934 at NVD CVE-2021-46953 at SUSE CVE-2021-46953 at NVD CVE-2021-46964 at SUSE CVE-2021-46964 at NVD CVE-2021-46966 at SUSE CVE-2021-46966 at NVD CVE-2021-46968 at SUSE CVE-2021-46968 at NVD CVE-2021-46974 at SUSE CVE-2021-46974 at NVD CVE-2021-46989 at SUSE CVE-2021-46989 at NVD CVE-2021-47005 at SUSE CVE-2021-47005 at NVD CVE-2021-47012 at SUSE CVE-2021-47012 at NVD CVE-2021-47013 at SUSE CVE-2021-47013 at NVD CVE-2021-47054 at SUSE CVE-2021-47054 at NVD CVE-2021-47060 at SUSE CVE-2021-47060 at NVD CVE-2021-47061 at SUSE CVE-2021-47061 at NVD CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2021-47076 at SUSE CVE-2021-47076 at NVD CVE-2021-47078 at SUSE CVE-2021-47078 at NVD CVE-2021-47083 at SUSE CVE-2021-47083 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-48627 at SUSE CVE-2022-48627 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-35827 at SUSE CVE-2023-35827 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-51042 at SUSE CVE-2023-51042 at NVD CVE-2023-52340 at SUSE CVE-2023-52340 at NVD CVE-2023-52429 at SUSE CVE-2023-52429 at NVD CVE-2023-52439 at SUSE CVE-2023-52439 at NVD CVE-2023-52443 at SUSE CVE-2023-52443 at NVD CVE-2023-52445 at SUSE CVE-2023-52445 at NVD CVE-2023-52448 at SUSE CVE-2023-52448 at NVD CVE-2023-52449 at SUSE CVE-2023-52449 at NVD CVE-2023-52451 at SUSE CVE-2023-52451 at NVD CVE-2023-52463 at SUSE CVE-2023-52463 at NVD CVE-2023-52475 at SUSE CVE-2023-52475 at NVD CVE-2023-52478 at SUSE CVE-2023-52478 at NVD CVE-2023-52482 at SUSE CVE-2023-52482 at NVD CVE-2023-52502 at SUSE CVE-2023-52502 at NVD CVE-2023-52530 at SUSE CVE-2023-52530 at NVD CVE-2023-52531 at SUSE CVE-2023-52531 at NVD CVE-2023-52532 at SUSE CVE-2023-52532 at NVD CVE-2023-52569 at SUSE CVE-2023-52569 at NVD CVE-2023-52574 at SUSE CVE-2023-52574 at NVD CVE-2023-52597 at SUSE CVE-2023-52597 at NVD CVE-2023-52605 at SUSE CVE-2023-52605 at NVD CVE-2023-6817 at SUSE CVE-2023-6817 at NVD CVE-2024-0340 at SUSE CVE-2024-0340 at NVD CVE-2024-0607 at SUSE CVE-2024-0607 at NVD CVE-2024-1151 at SUSE CVE-2024-1151 at NVD CVE-2024-23849 at SUSE CVE-2024-23849 at NVD CVE-2024-23851 at SUSE CVE-2024-23851 at NVD CVE-2024-26585 at SUSE CVE-2024-26585 at NVD CVE-2024-26586 at SUSE CVE-2024-26586 at NVD CVE-2024-26589 at SUSE CVE-2024-26589 at NVD CVE-2024-26593 at SUSE CVE-2024-26593 at NVD CVE-2024-26595 at SUSE CVE-2024-26595 at NVD CVE-2024-26602 at SUSE CVE-2024-26602 at NVD CVE-2024-26607 at SUSE CVE-2024-26607 at NVD CVE-2024-26622 at SUSE CVE-2024-26622 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk. - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). Important SUSE bug 1200599 SUSE bug 1207653 SUSE bug 1212514 SUSE bug 1213456 SUSE bug 1216223 SUSE bug 1218195 SUSE bug 1218689 SUSE bug 1218915 SUSE bug 1219127 SUSE bug 1219128 SUSE bug 1219146 SUSE bug 1219295 SUSE bug 1219653 SUSE bug 1219827 SUSE bug 1219835 SUSE bug 1219915 SUSE bug 1220009 SUSE bug 1220140 SUSE bug 1220187 SUSE bug 1220238 SUSE bug 1220240 SUSE bug 1220241 SUSE bug 1220243 SUSE bug 1220250 SUSE bug 1220253 SUSE bug 1220255 SUSE bug 1220328 SUSE bug 1220330 SUSE bug 1220344 SUSE bug 1220398 SUSE bug 1220409 SUSE bug 1220416 SUSE bug 1220418 SUSE bug 1220421 SUSE bug 1220436 SUSE bug 1220444 SUSE bug 1220459 SUSE bug 1220469 SUSE bug 1220482 SUSE bug 1220526 SUSE bug 1220538 SUSE bug 1220570 SUSE bug 1220572 SUSE bug 1220599 SUSE bug 1220627 SUSE bug 1220641 SUSE bug 1220649 SUSE bug 1220660 SUSE bug 1220689 SUSE bug 1220700 SUSE bug 1220735 SUSE bug 1220736 SUSE bug 1220737 SUSE bug 1220742 SUSE bug 1220745 SUSE bug 1220767 SUSE bug 1220796 SUSE bug 1220825 SUSE bug 1220826 SUSE bug 1220831 SUSE bug 1220845 SUSE bug 1220860 SUSE bug 1220863 SUSE bug 1220870 SUSE bug 1220917 SUSE bug 1220918 SUSE bug 1220930 SUSE bug 1220931 SUSE bug 1220932 SUSE bug 1221039 SUSE bug 1221040 CVE-2019-25162 at SUSE CVE-2019-25162 at NVD CVE-2020-36777 at SUSE CVE-2020-36777 at NVD CVE-2020-36784 at SUSE CVE-2020-36784 at NVD CVE-2021-46904 at SUSE CVE-2021-46904 at NVD CVE-2021-46905 at SUSE CVE-2021-46905 at NVD CVE-2021-46906 at SUSE CVE-2021-46906 at NVD CVE-2021-46915 at SUSE CVE-2021-46915 at NVD CVE-2021-46924 at SUSE CVE-2021-46924 at NVD CVE-2021-46929 at SUSE CVE-2021-46929 at NVD CVE-2021-46932 at SUSE CVE-2021-46932 at NVD CVE-2021-46934 at SUSE CVE-2021-46934 at NVD CVE-2021-46953 at SUSE CVE-2021-46953 at NVD CVE-2021-46964 at SUSE CVE-2021-46964 at NVD CVE-2021-46966 at SUSE CVE-2021-46966 at NVD CVE-2021-46968 at SUSE CVE-2021-46968 at NVD CVE-2021-46974 at SUSE CVE-2021-46974 at NVD CVE-2021-46989 at SUSE CVE-2021-46989 at NVD CVE-2021-47005 at SUSE CVE-2021-47005 at NVD CVE-2021-47012 at SUSE CVE-2021-47012 at NVD CVE-2021-47013 at SUSE CVE-2021-47013 at NVD CVE-2021-47054 at SUSE CVE-2021-47054 at NVD CVE-2021-47060 at SUSE CVE-2021-47060 at NVD CVE-2021-47061 at SUSE CVE-2021-47061 at NVD CVE-2021-47069 at SUSE CVE-2021-47069 at NVD CVE-2021-47076 at SUSE CVE-2021-47076 at NVD CVE-2021-47078 at SUSE CVE-2021-47078 at NVD CVE-2021-47083 at SUSE CVE-2021-47083 at NVD CVE-2022-20154 at SUSE CVE-2022-20154 at NVD CVE-2022-48627 at SUSE CVE-2022-48627 at NVD CVE-2023-28746 at SUSE CVE-2023-28746 at NVD CVE-2023-35827 at SUSE CVE-2023-35827 at NVD CVE-2023-46343 at SUSE CVE-2023-46343 at NVD CVE-2023-51042 at SUSE CVE-2023-51042 at NVD CVE-2023-52340 at SUSE CVE-2023-52340 at NVD CVE-2023-52429 at SUSE CVE-2023-52429 at NVD CVE-2023-52439 at SUSE CVE-2023-52439 at NVD CVE-2023-52443 at SUSE CVE-2023-52443 at NVD CVE-2023-52445 at SUSE CVE-2023-52445 at NVD CVE-2023-52448 at SUSE CVE-2023-52448 at NVD CVE-2023-52449 at SUSE CVE-2023-52449 at NVD CVE-2023-52451 at SUSE CVE-2023-52451 at NVD CVE-2023-52463 at SUSE CVE-2023-52463 at NVD CVE-2023-52475 at SUSE CVE-2023-52475 at NVD CVE-2023-52478 at SUSE CVE-2023-52478 at NVD CVE-2023-52482 at SUSE CVE-2023-52482 at NVD CVE-2023-52502 at SUSE CVE-2023-52502 at NVD CVE-2023-52530 at SUSE CVE-2023-52530 at NVD CVE-2023-52531 at SUSE CVE-2023-52531 at NVD CVE-2023-52532 at SUSE CVE-2023-52532 at NVD CVE-2023-52569 at SUSE CVE-2023-52569 at NVD CVE-2023-52574 at SUSE CVE-2023-52574 at NVD CVE-2023-52597 at SUSE CVE-2023-52597 at NVD CVE-2023-52605 at SUSE CVE-2023-52605 at NVD CVE-2023-6817 at SUSE CVE-2023-6817 at NVD CVE-2024-0340 at SUSE CVE-2024-0340 at NVD CVE-2024-0607 at SUSE CVE-2024-0607 at NVD CVE-2024-1151 at SUSE CVE-2024-1151 at NVD CVE-2024-23849 at SUSE CVE-2024-23849 at NVD CVE-2024-23851 at SUSE CVE-2024-23851 at NVD CVE-2024-26585 at SUSE CVE-2024-26585 at NVD CVE-2024-26586 at SUSE CVE-2024-26586 at NVD CVE-2024-26589 at SUSE CVE-2024-26589 at NVD CVE-2024-26593 at SUSE CVE-2024-26593 at NVD CVE-2024-26595 at SUSE CVE-2024-26595 at NVD CVE-2024-26602 at SUSE CVE-2024-26602 at NVD CVE-2024-26607 at SUSE CVE-2024-26607 at NVD CVE-2024-26622 at SUSE CVE-2024-26622 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865). Moderate SUSE bug 1218865 CVE-2023-5981 at SUSE CVE-2023-5981 at NVD CVE-2024-0553 at SUSE CVE-2024-0553 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) Moderate SUSE bug 1217445 SUSE bug 1217589 SUSE bug 1218866 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 Important SUSE bug 1215005 SUSE bug 1217316 SUSE bug 1217320 SUSE bug 1217321 SUSE bug 1217324 SUSE bug 1217326 SUSE bug 1217329 SUSE bug 1217330 SUSE bug 1217432 SUSE bug 1219581 CVE-2023-4750 at SUSE CVE-2023-4750 at NVD CVE-2023-48231 at SUSE CVE-2023-48231 at NVD CVE-2023-48232 at SUSE CVE-2023-48232 at NVD CVE-2023-48233 at SUSE CVE-2023-48233 at NVD CVE-2023-48234 at SUSE CVE-2023-48234 at NVD CVE-2023-48235 at SUSE CVE-2023-48235 at NVD CVE-2023-48236 at SUSE CVE-2023-48236 at NVD CVE-2023-48237 at SUSE CVE-2023-48237 at NVD CVE-2023-48706 at SUSE CVE-2023-48706 at NVD CVE-2024-22667 at SUSE CVE-2024-22667 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). Important SUSE bug 1214691 SUSE bug 1219666 CVE-2022-48566 at SUSE CVE-2022-48566 at NVD CVE-2023-6597 at SUSE CVE-2023-6597 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). Moderate SUSE bug 1219885 CVE-2023-46841 at SUSE CVE-2023-46841 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686). - CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590). - CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687). Moderate SUSE bug 1213590 SUSE bug 1214686 SUSE bug 1214687 SUSE bug 1221187 CVE-2023-38288 at SUSE CVE-2023-38288 at NVD CVE-2023-40745 at SUSE CVE-2023-40745 at NVD CVE-2023-41175 at SUSE CVE-2023-41175 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) Important SUSE bug 1238591 SUSE bug 1239625 SUSE bug 1239637 CVE-2023-40403 at SUSE CVE-2023-40403 at NVD CVE-2024-55549 at SUSE CVE-2024-55549 at NVD CVE-2025-24855 at SUSE CVE-2025-24855 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) Moderate SUSE bug 1238879 CVE-2025-27516 at SUSE CVE-2025-27516 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). Important SUSE bug 1239330 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). Low SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) Important SUSE bug 1237367 SUSE bug 1239185 SUSE bug 1239322 CVE-2024-23650 at SUSE CVE-2024-23650 at NVD CVE-2024-29018 at SUSE CVE-2024-29018 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). Moderate SUSE bug 1234452 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do Important SUSE bug 1239618 CVE-2024-8176 at SUSE CVE-2024-8176 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719). - CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729). - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787). - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969). Important SUSE bug 1065729 SUSE bug 1179878 SUSE bug 1180814 SUSE bug 1185762 SUSE bug 1195823 SUSE bug 1196444 SUSE bug 1197158 SUSE bug 1197227 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197472 SUSE bug 1197661 SUSE bug 1197926 SUSE bug 1198577 SUSE bug 1198660 SUSE bug 1199657 SUSE bug 1200045 SUSE bug 1200217 SUSE bug 1200571 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200825 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1201193 SUSE bug 1201381 SUSE bug 1201610 SUSE bug 1202672 SUSE bug 1202711 SUSE bug 1203769 SUSE bug 1207186 SUSE bug 1209547 SUSE bug 1210647 SUSE bug 1213167 SUSE bug 1224867 SUSE bug 1225742 SUSE bug 1230326 SUSE bug 1231375 SUSE bug 1233479 SUSE bug 1233557 SUSE bug 1235433 SUSE bug 1235528 SUSE bug 1237530 SUSE bug 1237718 SUSE bug 1237721 SUSE bug 1237723 SUSE bug 1237726 SUSE bug 1237734 SUSE bug 1237735 SUSE bug 1237736 SUSE bug 1237738 SUSE bug 1237739 SUSE bug 1237740 SUSE bug 1237742 SUSE bug 1237746 SUSE bug 1237748 SUSE bug 1237752 SUSE bug 1237778 SUSE bug 1237782 SUSE bug 1237783 SUSE bug 1237784 SUSE bug 1237788 SUSE bug 1237798 SUSE bug 1237810 SUSE bug 1237813 SUSE bug 1237814 SUSE bug 1237815 SUSE bug 1237823 SUSE bug 1237829 SUSE bug 1237831 SUSE bug 1237839 SUSE bug 1237840 SUSE bug 1237846 SUSE bug 1237868 SUSE bug 1237872 SUSE bug 1237903 SUSE bug 1237916 SUSE bug 1237918 SUSE bug 1237932 SUSE bug 1237940 SUSE bug 1237941 SUSE bug 1237951 SUSE bug 1237954 SUSE bug 1237958 SUSE bug 1237963 SUSE bug 1237983 SUSE bug 1237984 SUSE bug 1237996 SUSE bug 1237997 SUSE bug 1237998 SUSE bug 1238000 SUSE bug 1238007 SUSE bug 1238013 SUSE bug 1238022 SUSE bug 1238030 SUSE bug 1238036 SUSE bug 1238046 SUSE bug 1238071 SUSE bug 1238079 SUSE bug 1238096 SUSE bug 1238099 SUSE bug 1238103 SUSE bug 1238108 SUSE bug 1238111 SUSE bug 1238123 SUSE bug 1238126 SUSE bug 1238131 SUSE bug 1238135 SUSE bug 1238139 SUSE bug 1238146 SUSE bug 1238149 SUSE bug 1238150 SUSE bug 1238155 SUSE bug 1238156 SUSE bug 1238158 SUSE bug 1238162 SUSE bug 1238166 SUSE bug 1238168 SUSE bug 1238169 SUSE bug 1238170 SUSE bug 1238171 SUSE bug 1238172 SUSE bug 1238175 SUSE bug 1238177 SUSE bug 1238181 SUSE bug 1238183 SUSE bug 1238184 SUSE bug 1238228 SUSE bug 1238229 SUSE bug 1238231 SUSE bug 1238235 SUSE bug 1238236 SUSE bug 1238239 SUSE bug 1238241 SUSE bug 1238242 SUSE bug 1238243 SUSE bug 1238244 SUSE bug 1238249 SUSE bug 1238255 SUSE bug 1238256 SUSE bug 1238257 SUSE bug 1238263 SUSE bug 1238264 SUSE bug 1238266 SUSE bug 1238267 SUSE bug 1238269 SUSE bug 1238271 SUSE bug 1238272 SUSE bug 1238274 SUSE bug 1238275 SUSE bug 1238276 SUSE bug 1238278 SUSE bug 1238279 SUSE bug 1238281 SUSE bug 1238284 SUSE bug 1238289 SUSE bug 1238293 SUSE bug 1238306 SUSE bug 1238307 SUSE bug 1238313 SUSE bug 1238327 SUSE bug 1238331 SUSE bug 1238333 SUSE bug 1238334 SUSE bug 1238336 SUSE bug 1238337 SUSE bug 1238338 SUSE bug 1238343 SUSE bug 1238372 SUSE bug 1238373 SUSE bug 1238377 SUSE bug 1238382 SUSE bug 1238386 SUSE bug 1238393 SUSE bug 1238394 SUSE bug 1238395 SUSE bug 1238413 SUSE bug 1238416 SUSE bug 1238417 SUSE bug 1238419 SUSE bug 1238420 SUSE bug 1238429 SUSE bug 1238430 SUSE bug 1238435 SUSE bug 1238441 SUSE bug 1238443 SUSE bug 1238454 SUSE bug 1238462 SUSE bug 1238467 SUSE bug 1238469 SUSE bug 1238539 SUSE bug 1238543 SUSE bug 1238546 SUSE bug 1238599 SUSE bug 1238600 SUSE bug 1238612 SUSE bug 1238615 SUSE bug 1238617 SUSE bug 1238618 SUSE bug 1238621 SUSE bug 1238623 SUSE bug 1238625 SUSE bug 1238626 SUSE bug 1238630 SUSE bug 1238631 SUSE bug 1238633 SUSE bug 1238635 SUSE bug 1238638 SUSE bug 1238639 SUSE bug 1238641 SUSE bug 1238643 SUSE bug 1238645 SUSE bug 1238646 SUSE bug 1238653 SUSE bug 1238655 SUSE bug 1238663 SUSE bug 1238705 SUSE bug 1238707 SUSE bug 1238710 SUSE bug 1238712 SUSE bug 1238718 SUSE bug 1238719 SUSE bug 1238721 SUSE bug 1238722 SUSE bug 1238727 SUSE bug 1238729 SUSE bug 1238750 SUSE bug 1238787 SUSE bug 1238789 SUSE bug 1238805 SUSE bug 1238809 SUSE bug 1238814 SUSE bug 1238815 SUSE bug 1238819 SUSE bug 1238821 SUSE bug 1238822 SUSE bug 1238823 SUSE bug 1238825 SUSE bug 1238835 SUSE bug 1238838 SUSE bug 1238868 SUSE bug 1238869 SUSE bug 1238871 SUSE bug 1238892 SUSE bug 1238893 SUSE bug 1238911 SUSE bug 1238919 SUSE bug 1238925 SUSE bug 1238930 SUSE bug 1238933 SUSE bug 1238937 SUSE bug 1238938 SUSE bug 1238939 SUSE bug 1238948 SUSE bug 1238949 SUSE bug 1238952 SUSE bug 1239001 SUSE bug 1239035 SUSE bug 1239040 SUSE bug 1239041 SUSE bug 1239060 SUSE bug 1239070 SUSE bug 1239071 SUSE bug 1239076 SUSE bug 1239109 SUSE bug 1239115 SUSE bug 1239454 SUSE bug 1239969 SUSE bug 1240207 SUSE bug 1240213 SUSE bug 1240218 SUSE bug 1240227 SUSE bug 1240272 SUSE bug 1240276 SUSE bug 1240288 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-47248 at SUSE CVE-2021-47248 at NVD CVE-2021-47631 at SUSE CVE-2021-47631 at NVD CVE-2021-47641 at SUSE CVE-2021-47641 at NVD CVE-2021-47642 at SUSE CVE-2021-47642 at NVD CVE-2021-47650 at SUSE CVE-2021-47650 at NVD CVE-2021-47651 at SUSE CVE-2021-47651 at NVD CVE-2021-47652 at SUSE CVE-2021-47652 at NVD CVE-2021-47653 at SUSE CVE-2021-47653 at NVD CVE-2021-47659 at SUSE CVE-2021-47659 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-49044 at SUSE CVE-2022-49044 at NVD CVE-2022-49051 at SUSE CVE-2022-49051 at NVD CVE-2022-49053 at SUSE CVE-2022-49053 at NVD CVE-2022-49055 at SUSE CVE-2022-49055 at NVD CVE-2022-49058 at SUSE CVE-2022-49058 at NVD CVE-2022-49059 at SUSE CVE-2022-49059 at NVD CVE-2022-49063 at SUSE CVE-2022-49063 at NVD CVE-2022-49065 at SUSE CVE-2022-49065 at NVD CVE-2022-49073 at SUSE CVE-2022-49073 at NVD CVE-2022-49076 at SUSE CVE-2022-49076 at NVD CVE-2022-49078 at SUSE CVE-2022-49078 at NVD CVE-2022-49082 at SUSE CVE-2022-49082 at NVD CVE-2022-49083 at SUSE CVE-2022-49083 at NVD CVE-2022-49085 at SUSE CVE-2022-49085 at NVD CVE-2022-49091 at SUSE CVE-2022-49091 at NVD CVE-2022-49095 at SUSE CVE-2022-49095 at NVD CVE-2022-49098 at SUSE CVE-2022-49098 at NVD CVE-2022-49100 at SUSE CVE-2022-49100 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2022-49114 at SUSE CVE-2022-49114 at NVD CVE-2022-49122 at SUSE CVE-2022-49122 at NVD CVE-2022-49137 at SUSE CVE-2022-49137 at NVD CVE-2022-49145 at SUSE CVE-2022-49145 at NVD CVE-2022-49151 at SUSE CVE-2022-49151 at NVD CVE-2022-49153 at SUSE CVE-2022-49153 at NVD CVE-2022-49155 at SUSE CVE-2022-49155 at NVD CVE-2022-49156 at SUSE CVE-2022-49156 at NVD CVE-2022-49157 at SUSE CVE-2022-49157 at NVD CVE-2022-49158 at SUSE CVE-2022-49158 at NVD CVE-2022-49159 at SUSE CVE-2022-49159 at NVD CVE-2022-49160 at SUSE CVE-2022-49160 at NVD CVE-2022-49162 at SUSE CVE-2022-49162 at NVD CVE-2022-49164 at SUSE CVE-2022-49164 at NVD CVE-2022-49175 at SUSE CVE-2022-49175 at NVD CVE-2022-49185 at SUSE CVE-2022-49185 at NVD CVE-2022-49189 at SUSE CVE-2022-49189 at NVD CVE-2022-49196 at SUSE CVE-2022-49196 at NVD CVE-2022-49200 at SUSE CVE-2022-49200 at NVD CVE-2022-49201 at SUSE CVE-2022-49201 at NVD CVE-2022-49206 at SUSE CVE-2022-49206 at NVD CVE-2022-49212 at SUSE CVE-2022-49212 at NVD CVE-2022-49213 at SUSE CVE-2022-49213 at NVD CVE-2022-49216 at SUSE CVE-2022-49216 at NVD CVE-2022-49217 at SUSE CVE-2022-49217 at NVD CVE-2022-49224 at SUSE CVE-2022-49224 at NVD CVE-2022-49226 at SUSE CVE-2022-49226 at NVD CVE-2022-49232 at SUSE CVE-2022-49232 at NVD CVE-2022-49235 at SUSE CVE-2022-49235 at NVD CVE-2022-49239 at SUSE CVE-2022-49239 at NVD CVE-2022-49242 at SUSE CVE-2022-49242 at NVD CVE-2022-49243 at SUSE CVE-2022-49243 at NVD CVE-2022-49247 at SUSE CVE-2022-49247 at NVD CVE-2022-49248 at SUSE CVE-2022-49248 at NVD CVE-2022-49253 at SUSE CVE-2022-49253 at NVD CVE-2022-49259 at SUSE CVE-2022-49259 at NVD CVE-2022-49261 at SUSE CVE-2022-49261 at NVD CVE-2022-49263 at SUSE CVE-2022-49263 at NVD CVE-2022-49264 at SUSE CVE-2022-49264 at NVD CVE-2022-49271 at SUSE CVE-2022-49271 at NVD CVE-2022-49272 at SUSE CVE-2022-49272 at NVD CVE-2022-49275 at SUSE CVE-2022-49275 at NVD CVE-2022-49279 at SUSE CVE-2022-49279 at NVD CVE-2022-49280 at SUSE CVE-2022-49280 at NVD CVE-2022-49281 at SUSE CVE-2022-49281 at NVD CVE-2022-49285 at SUSE CVE-2022-49285 at NVD CVE-2022-49287 at SUSE CVE-2022-49287 at NVD CVE-2022-49288 at SUSE CVE-2022-49288 at NVD CVE-2022-49290 at SUSE CVE-2022-49290 at NVD CVE-2022-49291 at SUSE CVE-2022-49291 at NVD CVE-2022-49292 at SUSE CVE-2022-49292 at NVD CVE-2022-49293 at SUSE CVE-2022-49293 at NVD CVE-2022-49295 at SUSE CVE-2022-49295 at NVD CVE-2022-49297 at SUSE CVE-2022-49297 at NVD CVE-2022-49298 at SUSE CVE-2022-49298 at NVD CVE-2022-49299 at SUSE CVE-2022-49299 at NVD CVE-2022-49300 at SUSE CVE-2022-49300 at NVD CVE-2022-49301 at SUSE CVE-2022-49301 at NVD CVE-2022-49302 at SUSE CVE-2022-49302 at NVD CVE-2022-49304 at SUSE CVE-2022-49304 at NVD CVE-2022-49305 at SUSE CVE-2022-49305 at NVD CVE-2022-49307 at SUSE CVE-2022-49307 at NVD CVE-2022-49313 at SUSE CVE-2022-49313 at NVD CVE-2022-49314 at SUSE CVE-2022-49314 at NVD CVE-2022-49315 at SUSE CVE-2022-49315 at NVD CVE-2022-49316 at SUSE CVE-2022-49316 at NVD CVE-2022-49320 at SUSE CVE-2022-49320 at NVD CVE-2022-49321 at SUSE CVE-2022-49321 at NVD CVE-2022-49326 at SUSE CVE-2022-49326 at NVD CVE-2022-49327 at SUSE CVE-2022-49327 at NVD CVE-2022-49331 at SUSE CVE-2022-49331 at NVD CVE-2022-49332 at SUSE CVE-2022-49332 at NVD CVE-2022-49335 at SUSE CVE-2022-49335 at NVD CVE-2022-49343 at SUSE CVE-2022-49343 at NVD CVE-2022-49347 at SUSE CVE-2022-49347 at NVD CVE-2022-49349 at SUSE CVE-2022-49349 at NVD CVE-2022-49352 at SUSE CVE-2022-49352 at NVD CVE-2022-49357 at SUSE CVE-2022-49357 at NVD CVE-2022-49370 at SUSE CVE-2022-49370 at NVD CVE-2022-49371 at SUSE CVE-2022-49371 at NVD CVE-2022-49373 at SUSE CVE-2022-49373 at NVD CVE-2022-49375 at SUSE CVE-2022-49375 at NVD CVE-2022-49376 at SUSE CVE-2022-49376 at NVD CVE-2022-49382 at SUSE CVE-2022-49382 at NVD CVE-2022-49385 at SUSE CVE-2022-49385 at NVD CVE-2022-49389 at SUSE CVE-2022-49389 at NVD CVE-2022-49394 at SUSE CVE-2022-49394 at NVD CVE-2022-49396 at SUSE CVE-2022-49396 at NVD CVE-2022-49397 at SUSE CVE-2022-49397 at NVD CVE-2022-49398 at SUSE CVE-2022-49398 at NVD CVE-2022-49399 at SUSE CVE-2022-49399 at NVD CVE-2022-49402 at SUSE CVE-2022-49402 at NVD CVE-2022-49404 at SUSE CVE-2022-49404 at NVD CVE-2022-49409 at SUSE CVE-2022-49409 at NVD CVE-2022-49410 at SUSE CVE-2022-49410 at NVD CVE-2022-49411 at SUSE CVE-2022-49411 at NVD CVE-2022-49413 at SUSE CVE-2022-49413 at NVD CVE-2022-49414 at SUSE CVE-2022-49414 at NVD CVE-2022-49416 at SUSE CVE-2022-49416 at NVD CVE-2022-49421 at SUSE CVE-2022-49421 at NVD CVE-2022-49422 at SUSE CVE-2022-49422 at NVD CVE-2022-49437 at SUSE CVE-2022-49437 at NVD CVE-2022-49438 at SUSE CVE-2022-49438 at NVD CVE-2022-49441 at SUSE CVE-2022-49441 at NVD CVE-2022-49442 at SUSE CVE-2022-49442 at NVD CVE-2022-49446 at SUSE CVE-2022-49446 at NVD CVE-2022-49451 at SUSE CVE-2022-49451 at NVD CVE-2022-49455 at SUSE CVE-2022-49455 at NVD CVE-2022-49459 at SUSE CVE-2022-49459 at NVD CVE-2022-49460 at SUSE CVE-2022-49460 at NVD CVE-2022-49462 at SUSE CVE-2022-49462 at NVD CVE-2022-49465 at SUSE CVE-2022-49465 at NVD CVE-2022-49467 at SUSE CVE-2022-49467 at NVD CVE-2022-49473 at SUSE CVE-2022-49473 at NVD CVE-2022-49474 at SUSE CVE-2022-49474 at NVD CVE-2022-49475 at SUSE CVE-2022-49475 at NVD CVE-2022-49478 at SUSE CVE-2022-49478 at NVD CVE-2022-49481 at SUSE CVE-2022-49481 at NVD CVE-2022-49482 at SUSE CVE-2022-49482 at NVD CVE-2022-49488 at SUSE CVE-2022-49488 at NVD CVE-2022-49489 at SUSE CVE-2022-49489 at NVD CVE-2022-49490 at SUSE CVE-2022-49490 at NVD CVE-2022-49491 at SUSE CVE-2022-49491 at NVD CVE-2022-49493 at SUSE CVE-2022-49493 at NVD CVE-2022-49495 at SUSE CVE-2022-49495 at NVD CVE-2022-49498 at SUSE CVE-2022-49498 at NVD CVE-2022-49503 at SUSE CVE-2022-49503 at NVD CVE-2022-49504 at SUSE CVE-2022-49504 at NVD CVE-2022-49505 at SUSE CVE-2022-49505 at NVD CVE-2022-49508 at SUSE CVE-2022-49508 at NVD CVE-2022-49514 at SUSE CVE-2022-49514 at NVD CVE-2022-49517 at SUSE CVE-2022-49517 at NVD CVE-2022-49521 at SUSE CVE-2022-49521 at NVD CVE-2022-49522 at SUSE CVE-2022-49522 at NVD CVE-2022-49524 at SUSE CVE-2022-49524 at NVD CVE-2022-49525 at SUSE CVE-2022-49525 at NVD CVE-2022-49526 at SUSE CVE-2022-49526 at NVD CVE-2022-49527 at SUSE CVE-2022-49527 at NVD CVE-2022-49532 at SUSE CVE-2022-49532 at NVD CVE-2022-49534 at SUSE CVE-2022-49534 at NVD CVE-2022-49535 at SUSE CVE-2022-49535 at NVD CVE-2022-49536 at SUSE CVE-2022-49536 at NVD CVE-2022-49537 at SUSE CVE-2022-49537 at NVD CVE-2022-49541 at SUSE CVE-2022-49541 at NVD CVE-2022-49542 at SUSE CVE-2022-49542 at NVD CVE-2022-49544 at SUSE CVE-2022-49544 at NVD CVE-2022-49545 at SUSE CVE-2022-49545 at NVD CVE-2022-49546 at SUSE CVE-2022-49546 at NVD CVE-2022-49555 at SUSE CVE-2022-49555 at NVD CVE-2022-49563 at SUSE CVE-2022-49563 at NVD CVE-2022-49564 at SUSE CVE-2022-49564 at NVD CVE-2022-49566 at SUSE CVE-2022-49566 at NVD CVE-2022-49609 at SUSE CVE-2022-49609 at NVD CVE-2022-49610 at SUSE CVE-2022-49610 at NVD CVE-2022-49611 at SUSE CVE-2022-49611 at NVD CVE-2022-49623 at SUSE CVE-2022-49623 at NVD CVE-2022-49627 at SUSE CVE-2022-49627 at NVD CVE-2022-49631 at SUSE CVE-2022-49631 at NVD CVE-2022-49640 at SUSE CVE-2022-49640 at NVD CVE-2022-49641 at SUSE CVE-2022-49641 at NVD CVE-2022-49643 at SUSE CVE-2022-49643 at NVD CVE-2022-49644 at SUSE CVE-2022-49644 at NVD CVE-2022-49645 at SUSE CVE-2022-49645 at NVD CVE-2022-49646 at SUSE CVE-2022-49646 at NVD CVE-2022-49647 at SUSE CVE-2022-49647 at NVD CVE-2022-49648 at SUSE CVE-2022-49648 at NVD CVE-2022-49649 at SUSE CVE-2022-49649 at NVD CVE-2022-49652 at SUSE CVE-2022-49652 at NVD CVE-2022-49657 at SUSE CVE-2022-49657 at NVD CVE-2022-49661 at SUSE CVE-2022-49661 at NVD CVE-2022-49670 at SUSE CVE-2022-49670 at NVD CVE-2022-49671 at SUSE CVE-2022-49671 at NVD CVE-2022-49673 at SUSE CVE-2022-49673 at NVD CVE-2022-49674 at SUSE CVE-2022-49674 at NVD CVE-2022-49678 at SUSE CVE-2022-49678 at NVD CVE-2022-49685 at SUSE CVE-2022-49685 at NVD CVE-2022-49687 at SUSE CVE-2022-49687 at NVD CVE-2022-49693 at SUSE CVE-2022-49693 at NVD CVE-2022-49700 at SUSE CVE-2022-49700 at NVD CVE-2022-49701 at SUSE CVE-2022-49701 at NVD CVE-2022-49703 at SUSE CVE-2022-49703 at NVD CVE-2022-49707 at SUSE CVE-2022-49707 at NVD CVE-2022-49708 at SUSE CVE-2022-49708 at NVD CVE-2022-49710 at SUSE CVE-2022-49710 at NVD CVE-2022-49711 at SUSE CVE-2022-49711 at NVD CVE-2022-49712 at SUSE CVE-2022-49712 at NVD CVE-2022-49713 at SUSE CVE-2022-49713 at NVD CVE-2022-49720 at SUSE CVE-2022-49720 at NVD CVE-2022-49723 at SUSE CVE-2022-49723 at NVD CVE-2022-49724 at SUSE CVE-2022-49724 at NVD CVE-2022-49729 at SUSE CVE-2022-49729 at NVD CVE-2022-49730 at SUSE CVE-2022-49730 at NVD CVE-2022-49731 at SUSE CVE-2022-49731 at NVD CVE-2022-49733 at SUSE CVE-2022-49733 at NVD CVE-2022-49739 at SUSE CVE-2022-49739 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-52935 at SUSE CVE-2023-52935 at NVD CVE-2023-52973 at SUSE CVE-2023-52973 at NVD CVE-2023-52974 at SUSE CVE-2023-52974 at NVD CVE-2023-53000 at SUSE CVE-2023-53000 at NVD CVE-2023-53015 at SUSE CVE-2023-53015 at NVD CVE-2023-53024 at SUSE CVE-2023-53024 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867). - CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903). - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719). - CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729). - CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787). - CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969). Important SUSE bug 1065729 SUSE bug 1179878 SUSE bug 1180814 SUSE bug 1185762 SUSE bug 1195823 SUSE bug 1196444 SUSE bug 1197158 SUSE bug 1197227 SUSE bug 1197302 SUSE bug 1197331 SUSE bug 1197472 SUSE bug 1197661 SUSE bug 1197926 SUSE bug 1198577 SUSE bug 1198660 SUSE bug 1199657 SUSE bug 1200045 SUSE bug 1200217 SUSE bug 1200571 SUSE bug 1200807 SUSE bug 1200809 SUSE bug 1200825 SUSE bug 1200871 SUSE bug 1200872 SUSE bug 1201193 SUSE bug 1201381 SUSE bug 1201610 SUSE bug 1202672 SUSE bug 1202711 SUSE bug 1203769 SUSE bug 1207186 SUSE bug 1209547 SUSE bug 1210647 SUSE bug 1213167 SUSE bug 1224867 SUSE bug 1225742 SUSE bug 1230326 SUSE bug 1231375 SUSE bug 1233479 SUSE bug 1233557 SUSE bug 1235433 SUSE bug 1235528 SUSE bug 1237530 SUSE bug 1237718 SUSE bug 1237721 SUSE bug 1237723 SUSE bug 1237726 SUSE bug 1237734 SUSE bug 1237735 SUSE bug 1237736 SUSE bug 1237738 SUSE bug 1237739 SUSE bug 1237740 SUSE bug 1237742 SUSE bug 1237746 SUSE bug 1237748 SUSE bug 1237752 SUSE bug 1237778 SUSE bug 1237782 SUSE bug 1237783 SUSE bug 1237784 SUSE bug 1237788 SUSE bug 1237798 SUSE bug 1237810 SUSE bug 1237813 SUSE bug 1237814 SUSE bug 1237815 SUSE bug 1237823 SUSE bug 1237829 SUSE bug 1237831 SUSE bug 1237839 SUSE bug 1237840 SUSE bug 1237846 SUSE bug 1237868 SUSE bug 1237872 SUSE bug 1237903 SUSE bug 1237916 SUSE bug 1237918 SUSE bug 1237932 SUSE bug 1237940 SUSE bug 1237941 SUSE bug 1237951 SUSE bug 1237954 SUSE bug 1237958 SUSE bug 1237963 SUSE bug 1237983 SUSE bug 1237984 SUSE bug 1237996 SUSE bug 1237997 SUSE bug 1237998 SUSE bug 1238000 SUSE bug 1238007 SUSE bug 1238013 SUSE bug 1238022 SUSE bug 1238030 SUSE bug 1238036 SUSE bug 1238046 SUSE bug 1238071 SUSE bug 1238079 SUSE bug 1238096 SUSE bug 1238099 SUSE bug 1238103 SUSE bug 1238108 SUSE bug 1238111 SUSE bug 1238123 SUSE bug 1238126 SUSE bug 1238131 SUSE bug 1238135 SUSE bug 1238139 SUSE bug 1238146 SUSE bug 1238149 SUSE bug 1238150 SUSE bug 1238155 SUSE bug 1238156 SUSE bug 1238158 SUSE bug 1238162 SUSE bug 1238166 SUSE bug 1238168 SUSE bug 1238169 SUSE bug 1238170 SUSE bug 1238171 SUSE bug 1238172 SUSE bug 1238175 SUSE bug 1238177 SUSE bug 1238181 SUSE bug 1238183 SUSE bug 1238184 SUSE bug 1238228 SUSE bug 1238229 SUSE bug 1238231 SUSE bug 1238235 SUSE bug 1238236 SUSE bug 1238239 SUSE bug 1238241 SUSE bug 1238242 SUSE bug 1238243 SUSE bug 1238244 SUSE bug 1238249 SUSE bug 1238255 SUSE bug 1238256 SUSE bug 1238257 SUSE bug 1238263 SUSE bug 1238264 SUSE bug 1238266 SUSE bug 1238267 SUSE bug 1238269 SUSE bug 1238271 SUSE bug 1238272 SUSE bug 1238274 SUSE bug 1238275 SUSE bug 1238276 SUSE bug 1238278 SUSE bug 1238279 SUSE bug 1238281 SUSE bug 1238284 SUSE bug 1238289 SUSE bug 1238293 SUSE bug 1238306 SUSE bug 1238307 SUSE bug 1238313 SUSE bug 1238327 SUSE bug 1238331 SUSE bug 1238333 SUSE bug 1238334 SUSE bug 1238336 SUSE bug 1238337 SUSE bug 1238338 SUSE bug 1238343 SUSE bug 1238372 SUSE bug 1238373 SUSE bug 1238377 SUSE bug 1238386 SUSE bug 1238393 SUSE bug 1238394 SUSE bug 1238395 SUSE bug 1238413 SUSE bug 1238416 SUSE bug 1238417 SUSE bug 1238419 SUSE bug 1238420 SUSE bug 1238429 SUSE bug 1238430 SUSE bug 1238435 SUSE bug 1238441 SUSE bug 1238443 SUSE bug 1238454 SUSE bug 1238462 SUSE bug 1238467 SUSE bug 1238469 SUSE bug 1238539 SUSE bug 1238543 SUSE bug 1238546 SUSE bug 1238599 SUSE bug 1238600 SUSE bug 1238612 SUSE bug 1238615 SUSE bug 1238617 SUSE bug 1238618 SUSE bug 1238621 SUSE bug 1238623 SUSE bug 1238625 SUSE bug 1238626 SUSE bug 1238630 SUSE bug 1238631 SUSE bug 1238633 SUSE bug 1238635 SUSE bug 1238638 SUSE bug 1238639 SUSE bug 1238641 SUSE bug 1238643 SUSE bug 1238645 SUSE bug 1238646 SUSE bug 1238653 SUSE bug 1238655 SUSE bug 1238662 SUSE bug 1238663 SUSE bug 1238705 SUSE bug 1238707 SUSE bug 1238710 SUSE bug 1238712 SUSE bug 1238718 SUSE bug 1238719 SUSE bug 1238721 SUSE bug 1238722 SUSE bug 1238727 SUSE bug 1238729 SUSE bug 1238750 SUSE bug 1238787 SUSE bug 1238789 SUSE bug 1238805 SUSE bug 1238809 SUSE bug 1238814 SUSE bug 1238815 SUSE bug 1238819 SUSE bug 1238821 SUSE bug 1238822 SUSE bug 1238823 SUSE bug 1238825 SUSE bug 1238835 SUSE bug 1238838 SUSE bug 1238868 SUSE bug 1238869 SUSE bug 1238871 SUSE bug 1238892 SUSE bug 1238893 SUSE bug 1238911 SUSE bug 1238919 SUSE bug 1238925 SUSE bug 1238930 SUSE bug 1238933 SUSE bug 1238937 SUSE bug 1238938 SUSE bug 1238939 SUSE bug 1238948 SUSE bug 1238949 SUSE bug 1238952 SUSE bug 1239001 SUSE bug 1239035 SUSE bug 1239040 SUSE bug 1239041 SUSE bug 1239060 SUSE bug 1239070 SUSE bug 1239071 SUSE bug 1239076 SUSE bug 1239109 SUSE bug 1239115 SUSE bug 1239454 SUSE bug 1239969 SUSE bug 1240207 SUSE bug 1240213 SUSE bug 1240218 SUSE bug 1240227 SUSE bug 1240272 SUSE bug 1240276 SUSE bug 1240288 CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2021-47248 at SUSE CVE-2021-47248 at NVD CVE-2021-47631 at SUSE CVE-2021-47631 at NVD CVE-2021-47641 at SUSE CVE-2021-47641 at NVD CVE-2021-47642 at SUSE CVE-2021-47642 at NVD CVE-2021-47650 at SUSE CVE-2021-47650 at NVD CVE-2021-47651 at SUSE CVE-2021-47651 at NVD CVE-2021-47652 at SUSE CVE-2021-47652 at NVD CVE-2021-47653 at SUSE CVE-2021-47653 at NVD CVE-2021-47659 at SUSE CVE-2021-47659 at NVD CVE-2022-0168 at SUSE CVE-2022-0168 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1184 at SUSE CVE-2022-1184 at NVD CVE-2022-2977 at SUSE CVE-2022-2977 at NVD CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-3303 at SUSE CVE-2022-3303 at NVD CVE-2022-49044 at SUSE CVE-2022-49044 at NVD CVE-2022-49051 at SUSE CVE-2022-49051 at NVD CVE-2022-49053 at SUSE CVE-2022-49053 at NVD CVE-2022-49055 at SUSE CVE-2022-49055 at NVD CVE-2022-49058 at SUSE CVE-2022-49058 at NVD CVE-2022-49059 at SUSE CVE-2022-49059 at NVD CVE-2022-49063 at SUSE CVE-2022-49063 at NVD CVE-2022-49065 at SUSE CVE-2022-49065 at NVD CVE-2022-49073 at SUSE CVE-2022-49073 at NVD CVE-2022-49076 at SUSE CVE-2022-49076 at NVD CVE-2022-49078 at SUSE CVE-2022-49078 at NVD CVE-2022-49082 at SUSE CVE-2022-49082 at NVD CVE-2022-49083 at SUSE CVE-2022-49083 at NVD CVE-2022-49085 at SUSE CVE-2022-49085 at NVD CVE-2022-49091 at SUSE CVE-2022-49091 at NVD CVE-2022-49095 at SUSE CVE-2022-49095 at NVD CVE-2022-49098 at SUSE CVE-2022-49098 at NVD CVE-2022-49100 at SUSE CVE-2022-49100 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2022-49114 at SUSE CVE-2022-49114 at NVD CVE-2022-49122 at SUSE CVE-2022-49122 at NVD CVE-2022-49137 at SUSE CVE-2022-49137 at NVD CVE-2022-49145 at SUSE CVE-2022-49145 at NVD CVE-2022-49151 at SUSE CVE-2022-49151 at NVD CVE-2022-49153 at SUSE CVE-2022-49153 at NVD CVE-2022-49155 at SUSE CVE-2022-49155 at NVD CVE-2022-49156 at SUSE CVE-2022-49156 at NVD CVE-2022-49157 at SUSE CVE-2022-49157 at NVD CVE-2022-49158 at SUSE CVE-2022-49158 at NVD CVE-2022-49159 at SUSE CVE-2022-49159 at NVD CVE-2022-49160 at SUSE CVE-2022-49160 at NVD CVE-2022-49162 at SUSE CVE-2022-49162 at NVD CVE-2022-49164 at SUSE CVE-2022-49164 at NVD CVE-2022-49175 at SUSE CVE-2022-49175 at NVD CVE-2022-49185 at SUSE CVE-2022-49185 at NVD CVE-2022-49189 at SUSE CVE-2022-49189 at NVD CVE-2022-49196 at SUSE CVE-2022-49196 at NVD CVE-2022-49200 at SUSE CVE-2022-49200 at NVD CVE-2022-49201 at SUSE CVE-2022-49201 at NVD CVE-2022-49206 at SUSE CVE-2022-49206 at NVD CVE-2022-49212 at SUSE CVE-2022-49212 at NVD CVE-2022-49213 at SUSE CVE-2022-49213 at NVD CVE-2022-49216 at SUSE CVE-2022-49216 at NVD CVE-2022-49217 at SUSE CVE-2022-49217 at NVD CVE-2022-49224 at SUSE CVE-2022-49224 at NVD CVE-2022-49226 at SUSE CVE-2022-49226 at NVD CVE-2022-49232 at SUSE CVE-2022-49232 at NVD CVE-2022-49235 at SUSE CVE-2022-49235 at NVD CVE-2022-49239 at SUSE CVE-2022-49239 at NVD CVE-2022-49242 at SUSE CVE-2022-49242 at NVD CVE-2022-49243 at SUSE CVE-2022-49243 at NVD CVE-2022-49247 at SUSE CVE-2022-49247 at NVD CVE-2022-49248 at SUSE CVE-2022-49248 at NVD CVE-2022-49253 at SUSE CVE-2022-49253 at NVD CVE-2022-49259 at SUSE CVE-2022-49259 at NVD CVE-2022-49261 at SUSE CVE-2022-49261 at NVD CVE-2022-49263 at SUSE CVE-2022-49263 at NVD CVE-2022-49264 at SUSE CVE-2022-49264 at NVD CVE-2022-49271 at SUSE CVE-2022-49271 at NVD CVE-2022-49272 at SUSE CVE-2022-49272 at NVD CVE-2022-49275 at SUSE CVE-2022-49275 at NVD CVE-2022-49279 at SUSE CVE-2022-49279 at NVD CVE-2022-49280 at SUSE CVE-2022-49280 at NVD CVE-2022-49281 at SUSE CVE-2022-49281 at NVD CVE-2022-49285 at SUSE CVE-2022-49285 at NVD CVE-2022-49287 at SUSE CVE-2022-49287 at NVD CVE-2022-49288 at SUSE CVE-2022-49288 at NVD CVE-2022-49290 at SUSE CVE-2022-49290 at NVD CVE-2022-49291 at SUSE CVE-2022-49291 at NVD CVE-2022-49292 at SUSE CVE-2022-49292 at NVD CVE-2022-49293 at SUSE CVE-2022-49293 at NVD CVE-2022-49295 at SUSE CVE-2022-49295 at NVD CVE-2022-49297 at SUSE CVE-2022-49297 at NVD CVE-2022-49298 at SUSE CVE-2022-49298 at NVD CVE-2022-49299 at SUSE CVE-2022-49299 at NVD CVE-2022-49300 at SUSE CVE-2022-49300 at NVD CVE-2022-49301 at SUSE CVE-2022-49301 at NVD CVE-2022-49302 at SUSE CVE-2022-49302 at NVD CVE-2022-49304 at SUSE CVE-2022-49304 at NVD CVE-2022-49305 at SUSE CVE-2022-49305 at NVD CVE-2022-49307 at SUSE CVE-2022-49307 at NVD CVE-2022-49313 at SUSE CVE-2022-49313 at NVD CVE-2022-49314 at SUSE CVE-2022-49314 at NVD CVE-2022-49315 at SUSE CVE-2022-49315 at NVD CVE-2022-49316 at SUSE CVE-2022-49316 at NVD CVE-2022-49320 at SUSE CVE-2022-49320 at NVD CVE-2022-49321 at SUSE CVE-2022-49321 at NVD CVE-2022-49326 at SUSE CVE-2022-49326 at NVD CVE-2022-49327 at SUSE CVE-2022-49327 at NVD CVE-2022-49331 at SUSE CVE-2022-49331 at NVD CVE-2022-49332 at SUSE CVE-2022-49332 at NVD CVE-2022-49335 at SUSE CVE-2022-49335 at NVD CVE-2022-49343 at SUSE CVE-2022-49343 at NVD CVE-2022-49347 at SUSE CVE-2022-49347 at NVD CVE-2022-49349 at SUSE CVE-2022-49349 at NVD CVE-2022-49352 at SUSE CVE-2022-49352 at NVD CVE-2022-49357 at SUSE CVE-2022-49357 at NVD CVE-2022-49370 at SUSE CVE-2022-49370 at NVD CVE-2022-49371 at SUSE CVE-2022-49371 at NVD CVE-2022-49373 at SUSE CVE-2022-49373 at NVD CVE-2022-49375 at SUSE CVE-2022-49375 at NVD CVE-2022-49376 at SUSE CVE-2022-49376 at NVD CVE-2022-49382 at SUSE CVE-2022-49382 at NVD CVE-2022-49385 at SUSE CVE-2022-49385 at NVD CVE-2022-49389 at SUSE CVE-2022-49389 at NVD CVE-2022-49394 at SUSE CVE-2022-49394 at NVD CVE-2022-49396 at SUSE CVE-2022-49396 at NVD CVE-2022-49397 at SUSE CVE-2022-49397 at NVD CVE-2022-49398 at SUSE CVE-2022-49398 at NVD CVE-2022-49399 at SUSE CVE-2022-49399 at NVD CVE-2022-49402 at SUSE CVE-2022-49402 at NVD CVE-2022-49404 at SUSE CVE-2022-49404 at NVD CVE-2022-49409 at SUSE CVE-2022-49409 at NVD CVE-2022-49410 at SUSE CVE-2022-49410 at NVD CVE-2022-49411 at SUSE CVE-2022-49411 at NVD CVE-2022-49413 at SUSE CVE-2022-49413 at NVD CVE-2022-49414 at SUSE CVE-2022-49414 at NVD CVE-2022-49416 at SUSE CVE-2022-49416 at NVD CVE-2022-49421 at SUSE CVE-2022-49421 at NVD CVE-2022-49422 at SUSE CVE-2022-49422 at NVD CVE-2022-49437 at SUSE CVE-2022-49437 at NVD CVE-2022-49438 at SUSE CVE-2022-49438 at NVD CVE-2022-49441 at SUSE CVE-2022-49441 at NVD CVE-2022-49442 at SUSE CVE-2022-49442 at NVD CVE-2022-49446 at SUSE CVE-2022-49446 at NVD CVE-2022-49451 at SUSE CVE-2022-49451 at NVD CVE-2022-49455 at SUSE CVE-2022-49455 at NVD CVE-2022-49459 at SUSE CVE-2022-49459 at NVD CVE-2022-49460 at SUSE CVE-2022-49460 at NVD CVE-2022-49462 at SUSE CVE-2022-49462 at NVD CVE-2022-49465 at SUSE CVE-2022-49465 at NVD CVE-2022-49467 at SUSE CVE-2022-49467 at NVD CVE-2022-49473 at SUSE CVE-2022-49473 at NVD CVE-2022-49474 at SUSE CVE-2022-49474 at NVD CVE-2022-49475 at SUSE CVE-2022-49475 at NVD CVE-2022-49478 at SUSE CVE-2022-49478 at NVD CVE-2022-49481 at SUSE CVE-2022-49481 at NVD CVE-2022-49482 at SUSE CVE-2022-49482 at NVD CVE-2022-49488 at SUSE CVE-2022-49488 at NVD CVE-2022-49489 at SUSE CVE-2022-49489 at NVD CVE-2022-49490 at SUSE CVE-2022-49490 at NVD CVE-2022-49491 at SUSE CVE-2022-49491 at NVD CVE-2022-49493 at SUSE CVE-2022-49493 at NVD CVE-2022-49495 at SUSE CVE-2022-49495 at NVD CVE-2022-49498 at SUSE CVE-2022-49498 at NVD CVE-2022-49503 at SUSE CVE-2022-49503 at NVD CVE-2022-49504 at SUSE CVE-2022-49504 at NVD CVE-2022-49505 at SUSE CVE-2022-49505 at NVD CVE-2022-49508 at SUSE CVE-2022-49508 at NVD CVE-2022-49514 at SUSE CVE-2022-49514 at NVD CVE-2022-49517 at SUSE CVE-2022-49517 at NVD CVE-2022-49521 at SUSE CVE-2022-49521 at NVD CVE-2022-49522 at SUSE CVE-2022-49522 at NVD CVE-2022-49524 at SUSE CVE-2022-49524 at NVD CVE-2022-49525 at SUSE CVE-2022-49525 at NVD CVE-2022-49526 at SUSE CVE-2022-49526 at NVD CVE-2022-49527 at SUSE CVE-2022-49527 at NVD CVE-2022-49532 at SUSE CVE-2022-49532 at NVD CVE-2022-49534 at SUSE CVE-2022-49534 at NVD CVE-2022-49535 at SUSE CVE-2022-49535 at NVD CVE-2022-49536 at SUSE CVE-2022-49536 at NVD CVE-2022-49537 at SUSE CVE-2022-49537 at NVD CVE-2022-49541 at SUSE CVE-2022-49541 at NVD CVE-2022-49542 at SUSE CVE-2022-49542 at NVD CVE-2022-49544 at SUSE CVE-2022-49544 at NVD CVE-2022-49545 at SUSE CVE-2022-49545 at NVD CVE-2022-49546 at SUSE CVE-2022-49546 at NVD CVE-2022-49555 at SUSE CVE-2022-49555 at NVD CVE-2022-49563 at SUSE CVE-2022-49563 at NVD CVE-2022-49564 at SUSE CVE-2022-49564 at NVD CVE-2022-49566 at SUSE CVE-2022-49566 at NVD CVE-2022-49609 at SUSE CVE-2022-49609 at NVD CVE-2022-49610 at SUSE CVE-2022-49610 at NVD CVE-2022-49611 at SUSE CVE-2022-49611 at NVD CVE-2022-49623 at SUSE CVE-2022-49623 at NVD CVE-2022-49627 at SUSE CVE-2022-49627 at NVD CVE-2022-49631 at SUSE CVE-2022-49631 at NVD CVE-2022-49640 at SUSE CVE-2022-49640 at NVD CVE-2022-49641 at SUSE CVE-2022-49641 at NVD CVE-2022-49643 at SUSE CVE-2022-49643 at NVD CVE-2022-49644 at SUSE CVE-2022-49644 at NVD CVE-2022-49645 at SUSE CVE-2022-49645 at NVD CVE-2022-49646 at SUSE CVE-2022-49646 at NVD CVE-2022-49647 at SUSE CVE-2022-49647 at NVD CVE-2022-49648 at SUSE CVE-2022-49648 at NVD CVE-2022-49649 at SUSE CVE-2022-49649 at NVD CVE-2022-49652 at SUSE CVE-2022-49652 at NVD CVE-2022-49657 at SUSE CVE-2022-49657 at NVD CVE-2022-49661 at SUSE CVE-2022-49661 at NVD CVE-2022-49670 at SUSE CVE-2022-49670 at NVD CVE-2022-49671 at SUSE CVE-2022-49671 at NVD CVE-2022-49673 at SUSE CVE-2022-49673 at NVD CVE-2022-49674 at SUSE CVE-2022-49674 at NVD CVE-2022-49678 at SUSE CVE-2022-49678 at NVD CVE-2022-49685 at SUSE CVE-2022-49685 at NVD CVE-2022-49687 at SUSE CVE-2022-49687 at NVD CVE-2022-49693 at SUSE CVE-2022-49693 at NVD CVE-2022-49700 at SUSE CVE-2022-49700 at NVD CVE-2022-49701 at SUSE CVE-2022-49701 at NVD CVE-2022-49703 at SUSE CVE-2022-49703 at NVD CVE-2022-49707 at SUSE CVE-2022-49707 at NVD CVE-2022-49708 at SUSE CVE-2022-49708 at NVD CVE-2022-49710 at SUSE CVE-2022-49710 at NVD CVE-2022-49711 at SUSE CVE-2022-49711 at NVD CVE-2022-49712 at SUSE CVE-2022-49712 at NVD CVE-2022-49713 at SUSE CVE-2022-49713 at NVD CVE-2022-49720 at SUSE CVE-2022-49720 at NVD CVE-2022-49723 at SUSE CVE-2022-49723 at NVD CVE-2022-49724 at SUSE CVE-2022-49724 at NVD CVE-2022-49729 at SUSE CVE-2022-49729 at NVD CVE-2022-49730 at SUSE CVE-2022-49730 at NVD CVE-2022-49731 at SUSE CVE-2022-49731 at NVD CVE-2022-49733 at SUSE CVE-2022-49733 at NVD CVE-2022-49739 at SUSE CVE-2022-49739 at NVD CVE-2023-2162 at SUSE CVE-2023-2162 at NVD CVE-2023-3567 at SUSE CVE-2023-3567 at NVD CVE-2023-52935 at SUSE CVE-2023-52935 at NVD CVE-2023-52973 at SUSE CVE-2023-52973 at NVD CVE-2023-52974 at SUSE CVE-2023-52974 at NVD CVE-2023-53000 at SUSE CVE-2023-53000 at NVD CVE-2023-53015 at SUSE CVE-2023-53015 at NVD CVE-2023-53024 at SUSE CVE-2023-53024 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dnsmasq fixes the following issues: - Version update to 2.90: - CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823) - CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826) Important SUSE bug 1200344 SUSE bug 1207174 SUSE bug 1214884 SUSE bug 1219823 SUSE bug 1219826 SUSE bug 1235517 CVE-2023-50387 at SUSE CVE-2023-50387 at NVD CVE-2023-50868 at SUSE CVE-2023-50868 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) Moderate SUSE bug 1232234 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. Moderate SUSE bug 1239749 CVE-2024-40635 at SUSE CVE-2024-40635 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozjs60 fixes the following issues: - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) Moderate SUSE bug 1241453 SUSE bug 1241551 CVE-2025-32414 at SUSE CVE-2025-32414 at NVD CVE-2025-32415 at SUSE CVE-2025-32415 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) Moderate SUSE bug 1241020 SUSE bug 1241078 SUSE bug 1241189 CVE-2025-29087 at SUSE CVE-2025-29087 at NVD CVE-2025-29088 at SUSE CVE-2025-29088 at NVD CVE-2025-3277 at SUSE CVE-2025-3277 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) Moderate SUSE bug 1240897 CVE-2025-3360 at SUSE CVE-2025-3360 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) Moderate SUSE bug 1241678 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750) - CVE-2025-32050: Fixed Integer overflow in append_param_quoted (bsc#1240752) - CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) - CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) - CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) - CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) - CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) - CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) Important SUSE bug 1240750 SUSE bug 1240752 SUSE bug 1240756 SUSE bug 1240757 SUSE bug 1241164 SUSE bug 1241222 SUSE bug 1241686 SUSE bug 1241688 CVE-2025-2784 at SUSE CVE-2025-2784 at NVD CVE-2025-32050 at SUSE CVE-2025-32050 at NVD CVE-2025-32052 at SUSE CVE-2025-32052 at NVD CVE-2025-32053 at SUSE CVE-2025-32053 at NVD CVE-2025-32907 at SUSE CVE-2025-32907 at NVD CVE-2025-32914 at SUSE CVE-2025-32914 at NVD CVE-2025-46420 at SUSE CVE-2025-46420 at NVD CVE-2025-46421 at SUSE CVE-2025-46421 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for rsync fixes the following issues: - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) - CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) - CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) - CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475) Important SUSE bug 1234101 SUSE bug 1234102 SUSE bug 1234103 SUSE bug 1234104 SUSE bug 1235475 SUSE bug 1235895 CVE-2024-12085 at SUSE CVE-2024-12085 at NVD CVE-2024-12086 at SUSE CVE-2024-12086 at NVD CVE-2024-12087 at SUSE CVE-2024-12087 at NVD CVE-2024-12088 at SUSE CVE-2024-12088 at NVD CVE-2024-12747 at SUSE CVE-2024-12747 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). Important SUSE bug 1207034 SUSE bug 1207878 SUSE bug 1221980 SUSE bug 1234931 SUSE bug 1235433 SUSE bug 1237984 SUSE bug 1238512 SUSE bug 1238747 SUSE bug 1238865 SUSE bug 1240210 SUSE bug 1240308 SUSE bug 1240835 SUSE bug 1241280 SUSE bug 1241371 SUSE bug 1241404 SUSE bug 1241405 SUSE bug 1241407 SUSE bug 1241408 CVE-2020-36789 at SUSE CVE-2020-36789 at NVD CVE-2021-47163 at SUSE CVE-2021-47163 at NVD CVE-2021-47668 at SUSE CVE-2021-47668 at NVD CVE-2021-47669 at SUSE CVE-2021-47669 at NVD CVE-2021-47670 at SUSE CVE-2021-47670 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD CVE-2023-53026 at SUSE CVE-2023-53026 at NVD CVE-2023-53033 at SUSE CVE-2023-53033 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) Moderate SUSE bug 1228634 SUSE bug 1232533 SUSE bug 1241012 SUSE bug 1241045 CVE-2025-32728 at SUSE CVE-2025-32728 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49111: Bluetooth: Fix use after free in hci_send_acl (bsc#1237984). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). Important SUSE bug 1207034 SUSE bug 1207878 SUSE bug 1221980 SUSE bug 1234931 SUSE bug 1235433 SUSE bug 1237984 SUSE bug 1238512 SUSE bug 1238747 SUSE bug 1238865 SUSE bug 1240210 SUSE bug 1240308 SUSE bug 1240835 SUSE bug 1241280 SUSE bug 1241371 SUSE bug 1241404 SUSE bug 1241405 SUSE bug 1241407 SUSE bug 1241408 CVE-2020-36789 at SUSE CVE-2020-36789 at NVD CVE-2021-47163 at SUSE CVE-2021-47163 at NVD CVE-2021-47668 at SUSE CVE-2021-47668 at NVD CVE-2021-47669 at SUSE CVE-2021-47669 at NVD CVE-2021-47670 at SUSE CVE-2021-47670 at NVD CVE-2022-49111 at SUSE CVE-2022-49111 at NVD CVE-2023-0179 at SUSE CVE-2023-0179 at NVD CVE-2023-53026 at SUSE CVE-2023-53026 at NVD CVE-2023-53033 at SUSE CVE-2023-53033 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250512 release (bsc#1243123) - CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. - Updates for functional issues. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2) | ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2) | GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6 | LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3 | EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5 | GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3 | MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores | TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile | TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile Moderate SUSE bug 1243123 CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-43420 at SUSE CVE-2024-43420 at NVD CVE-2024-45332 at SUSE CVE-2024-45332 at NVD CVE-2025-20012 at SUSE CVE-2025-20012 at NVD CVE-2025-20054 at SUSE CVE-2025-20054 at NVD CVE-2025-20103 at SUSE CVE-2025-20103 at NVD CVE-2025-20623 at SUSE CVE-2025-20623 at NVD CVE-2025-24495 at SUSE CVE-2025-24495 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling (bsc#1243106) Other fixes: - Fixed GCC 15 compile time error (bsc#1241938) - Fixed building with containerd 1.7.25+ (bsc#1237147) - Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180) Full changelog: https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog Moderate SUSE bug 1237147 SUSE bug 1237180 SUSE bug 1241938 SUSE bug 1243106 CVE-2025-22247 at SUSE CVE-2025-22247 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-tornado fixes the following issues: - CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service (bsc#1243268). Important SUSE bug 1243268 CVE-2025-47287 at SUSE CVE-2025-47287 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) Low SUSE bug 1239909 CVE-2025-2588 at SUSE CVE-2025-2588 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). Moderate SUSE bug 1242300 SUSE bug 1243284 CVE-2025-47268 at SUSE CVE-2025-47268 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). Important SUSE bug 1234128 SUSE bug 1243317 CVE-2025-4802 at SUSE CVE-2025-4802 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) - CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) - CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) - CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) - CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) - CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238) - CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) - CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) Important SUSE bug 1241162 SUSE bug 1241214 SUSE bug 1241226 SUSE bug 1241238 SUSE bug 1241252 SUSE bug 1241263 SUSE bug 1243332 SUSE bug 1243423 CVE-2025-32906 at SUSE CVE-2025-32906 at NVD CVE-2025-32909 at SUSE CVE-2025-32909 at NVD CVE-2025-32910 at SUSE CVE-2025-32910 at NVD CVE-2025-32911 at SUSE CVE-2025-32911 at NVD CVE-2025-32912 at SUSE CVE-2025-32912 at NVD CVE-2025-32913 at SUSE CVE-2025-32913 at NVD CVE-2025-4948 at SUSE CVE-2025-4948 at NVD CVE-2025-4969 at SUSE CVE-2025-4969 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282) - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043) Moderate SUSE bug 1234282 SUSE bug 1238043 SUSE bug 1243117 CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-53241 at SUSE CVE-2024-53241 at NVD CVE-2025-1713 at SUSE CVE-2025-1713 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory corruption (bsc#1242844). Moderate SUSE bug 1242844 CVE-2025-4373 at SUSE CVE-2025-4373 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sysstat fixes the following issues: - CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) - CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) Moderate SUSE bug 1202473 SUSE bug 1205224 SUSE bug 1211507 CVE-2022-39377 at SUSE CVE-2022-39377 at NVD CVE-2023-33204 at SUSE CVE-2023-33204 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440). - CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366). - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745). - CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2024-56705: media: atomisp: add check for rgby_data memory allocation failure (bsc#1235568). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22028: media: vimc: skip .s_stream() for stopped entities (bsc#1241362). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37846: arm64: mops: Do not dereference src reg for a set operation (bsc#1242963). - CVE-2025-40364: io_uring: fix io_req_prep_async with provided buffers (bsc#1241637). The following non-security bugs were fixed: - blk: Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139). - x86/entry: Remove skip_r11rcx (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745) - kernel: Remove debug flavor (bsc#1243919). - devm-helpers: Add resource managed version of work init (bsc#1242745). - rpm: fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358). - mtd: phram: Add the kernel lock down check (bsc#1232649). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - workqueue: Add resource managed version of delayed work init (bsc#1242745) Important SUSE bug 1154353 SUSE bug 1170891 SUSE bug 1173139 SUSE bug 1184350 SUSE bug 1184611 SUSE bug 1185010 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1206073 SUSE bug 1206649 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1207198 SUSE bug 1210337 SUSE bug 1213476 SUSE bug 1232649 SUSE bug 1234887 SUSE bug 1235100 SUSE bug 1235568 SUSE bug 1237981 SUSE bug 1238032 SUSE bug 1238394 SUSE bug 1238471 SUSE bug 1240802 SUSE bug 1241362 SUSE bug 1241593 SUSE bug 1241637 SUSE bug 1242145 SUSE bug 1242147 SUSE bug 1242150 SUSE bug 1242154 SUSE bug 1242215 SUSE bug 1242232 SUSE bug 1242245 SUSE bug 1242264 SUSE bug 1242270 SUSE bug 1242352 SUSE bug 1242353 SUSE bug 1242355 SUSE bug 1242366 SUSE bug 1242378 SUSE bug 1242385 SUSE bug 1242387 SUSE bug 1242391 SUSE bug 1242392 SUSE bug 1242402 SUSE bug 1242409 SUSE bug 1242416 SUSE bug 1242440 SUSE bug 1242443 SUSE bug 1242449 SUSE bug 1242452 SUSE bug 1242455 SUSE bug 1242464 SUSE bug 1242473 SUSE bug 1242481 SUSE bug 1242484 SUSE bug 1242493 SUSE bug 1242527 SUSE bug 1242542 SUSE bug 1242545 SUSE bug 1242547 SUSE bug 1242548 SUSE bug 1242549 SUSE bug 1242551 SUSE bug 1242580 SUSE bug 1242597 SUSE bug 1242686 SUSE bug 1242689 SUSE bug 1242716 SUSE bug 1242733 SUSE bug 1242734 SUSE bug 1242736 SUSE bug 1242745 SUSE bug 1242749 SUSE bug 1242762 SUSE bug 1242835 SUSE bug 1242963 SUSE bug 1243919 CVE-2020-36790 at SUSE CVE-2020-36790 at NVD CVE-2020-36791 at SUSE CVE-2020-36791 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-49110 at SUSE CVE-2022-49110 at NVD CVE-2022-49139 at SUSE CVE-2022-49139 at NVD CVE-2022-49320 at SUSE CVE-2022-49320 at NVD CVE-2022-49767 at SUSE CVE-2022-49767 at NVD CVE-2022-49769 at SUSE CVE-2022-49769 at NVD CVE-2022-49770 at SUSE CVE-2022-49770 at NVD CVE-2022-49771 at SUSE CVE-2022-49771 at NVD CVE-2022-49772 at SUSE CVE-2022-49772 at NVD CVE-2022-49775 at SUSE CVE-2022-49775 at NVD CVE-2022-49777 at SUSE CVE-2022-49777 at NVD CVE-2022-49787 at SUSE CVE-2022-49787 at NVD CVE-2022-49788 at SUSE CVE-2022-49788 at NVD CVE-2022-49789 at SUSE CVE-2022-49789 at NVD CVE-2022-49790 at SUSE CVE-2022-49790 at NVD CVE-2022-49793 at SUSE CVE-2022-49793 at NVD CVE-2022-49794 at SUSE CVE-2022-49794 at NVD CVE-2022-49799 at SUSE CVE-2022-49799 at NVD CVE-2022-49802 at SUSE CVE-2022-49802 at NVD CVE-2022-49809 at SUSE CVE-2022-49809 at NVD CVE-2022-49818 at SUSE CVE-2022-49818 at NVD CVE-2022-49821 at SUSE CVE-2022-49821 at NVD CVE-2022-49823 at SUSE CVE-2022-49823 at NVD CVE-2022-49824 at SUSE CVE-2022-49824 at NVD CVE-2022-49825 at SUSE CVE-2022-49825 at NVD CVE-2022-49826 at SUSE CVE-2022-49826 at NVD CVE-2022-49827 at SUSE CVE-2022-49827 at NVD CVE-2022-49830 at SUSE CVE-2022-49830 at NVD CVE-2022-49832 at SUSE CVE-2022-49832 at NVD CVE-2022-49835 at SUSE CVE-2022-49835 at NVD CVE-2022-49836 at SUSE CVE-2022-49836 at NVD CVE-2022-49839 at SUSE CVE-2022-49839 at NVD CVE-2022-49841 at SUSE CVE-2022-49841 at NVD CVE-2022-49842 at SUSE CVE-2022-49842 at NVD CVE-2022-49846 at SUSE CVE-2022-49846 at NVD CVE-2022-49861 at SUSE CVE-2022-49861 at NVD CVE-2022-49870 at SUSE CVE-2022-49870 at NVD CVE-2022-49879 at SUSE CVE-2022-49879 at NVD CVE-2022-49880 at SUSE CVE-2022-49880 at NVD CVE-2022-49881 at SUSE CVE-2022-49881 at NVD CVE-2022-49887 at SUSE CVE-2022-49887 at NVD CVE-2022-49889 at SUSE CVE-2022-49889 at NVD CVE-2022-49892 at SUSE CVE-2022-49892 at NVD CVE-2022-49906 at SUSE CVE-2022-49906 at NVD CVE-2022-49910 at SUSE CVE-2022-49910 at NVD CVE-2022-49915 at SUSE CVE-2022-49915 at NVD CVE-2022-49922 at SUSE CVE-2022-49922 at NVD CVE-2022-49927 at SUSE CVE-2022-49927 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-53039 at SUSE CVE-2023-53039 at NVD CVE-2023-53052 at SUSE CVE-2023-53052 at NVD CVE-2023-53106 at SUSE CVE-2023-53106 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2024-56705 at SUSE CVE-2024-56705 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-22028 at SUSE CVE-2025-22028 at NVD CVE-2025-22121 at SUSE CVE-2025-22121 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD CVE-2025-37846 at SUSE CVE-2025-37846 at NVD CVE-2025-40364 at SUSE CVE-2025-40364 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440). - CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366). - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745). - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). The following non-security bugs were fixed: - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745). - devm-helpers: Add resource managed version of work init (bsc#1242745). - mtd: phram: Add the kernel lock down check (bsc#1232649). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - workqueue: Add resource managed version of delayed work init (bsc#1242745). - Remove debug flavor (bsc#1243919). Important SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1170891 SUSE bug 1173139 SUSE bug 1184350 SUSE bug 1184611 SUSE bug 1185010 SUSE bug 1188772 SUSE bug 1189883 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1201644 SUSE bug 1201664 SUSE bug 1201672 SUSE bug 1201673 SUSE bug 1201676 SUSE bug 1206073 SUSE bug 1206649 SUSE bug 1206886 SUSE bug 1206887 SUSE bug 1207198 SUSE bug 1209657 SUSE bug 1210337 SUSE bug 1213476 SUSE bug 1214842 SUSE bug 1216702 SUSE bug 1220754 SUSE bug 1220985 SUSE bug 1221015 SUSE bug 1221044 SUSE bug 1223932 SUSE bug 1224099 SUSE bug 1224482 SUSE bug 1224511 SUSE bug 1224592 SUSE bug 1224831 SUSE bug 1224832 SUSE bug 1224834 SUSE bug 1224841 SUSE bug 1224843 SUSE bug 1224846 SUSE bug 1224849 SUSE bug 1224854 SUSE bug 1224859 SUSE bug 1224882 SUSE bug 1224889 SUSE bug 1224891 SUSE bug 1224892 SUSE bug 1224893 SUSE bug 1224904 SUSE bug 1225360 SUSE bug 1225411 SUSE bug 1231193 SUSE bug 1232649 SUSE bug 1234887 SUSE bug 1235100 SUSE bug 1237981 SUSE bug 1238032 SUSE bug 1238471 SUSE bug 1240802 SUSE bug 1242145 SUSE bug 1242147 SUSE bug 1242150 SUSE bug 1242154 SUSE bug 1242215 SUSE bug 1242232 SUSE bug 1242245 SUSE bug 1242264 SUSE bug 1242270 SUSE bug 1242352 SUSE bug 1242353 SUSE bug 1242355 SUSE bug 1242366 SUSE bug 1242378 SUSE bug 1242385 SUSE bug 1242387 SUSE bug 1242391 SUSE bug 1242392 SUSE bug 1242402 SUSE bug 1242409 SUSE bug 1242416 SUSE bug 1242440 SUSE bug 1242443 SUSE bug 1242449 SUSE bug 1242452 SUSE bug 1242455 SUSE bug 1242464 SUSE bug 1242473 SUSE bug 1242481 SUSE bug 1242484 SUSE bug 1242493 SUSE bug 1242527 SUSE bug 1242542 SUSE bug 1242545 SUSE bug 1242547 SUSE bug 1242548 SUSE bug 1242549 SUSE bug 1242551 SUSE bug 1242580 SUSE bug 1242597 SUSE bug 1242686 SUSE bug 1242689 SUSE bug 1242716 SUSE bug 1242733 SUSE bug 1242734 SUSE bug 1242736 SUSE bug 1242745 SUSE bug 1242749 SUSE bug 1242762 SUSE bug 1242835 SUSE bug 1243919 CVE-2020-36790 at SUSE CVE-2020-36790 at NVD CVE-2020-36791 at SUSE CVE-2020-36791 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-47100 at SUSE CVE-2021-47100 at NVD CVE-2021-47220 at SUSE CVE-2021-47220 at NVD CVE-2021-47229 at SUSE CVE-2021-47229 at NVD CVE-2021-47231 at SUSE CVE-2021-47231 at NVD CVE-2021-47236 at SUSE CVE-2021-47236 at NVD CVE-2021-47239 at SUSE CVE-2021-47239 at NVD CVE-2021-47240 at SUSE CVE-2021-47240 at NVD CVE-2021-47246 at SUSE CVE-2021-47246 at NVD CVE-2021-47252 at SUSE CVE-2021-47252 at NVD CVE-2021-47255 at SUSE CVE-2021-47255 at NVD CVE-2021-47260 at SUSE CVE-2021-47260 at NVD CVE-2021-47288 at SUSE CVE-2021-47288 at NVD CVE-2021-47296 at SUSE CVE-2021-47296 at NVD CVE-2021-47314 at SUSE CVE-2021-47314 at NVD CVE-2021-47315 at SUSE CVE-2021-47315 at NVD CVE-2021-47485 at SUSE CVE-2021-47485 at NVD CVE-2021-47500 at SUSE CVE-2021-47500 at NVD CVE-2021-47511 at SUSE CVE-2021-47511 at NVD CVE-2022-3564 at SUSE CVE-2022-3564 at NVD CVE-2022-48704 at SUSE CVE-2022-48704 at NVD CVE-2022-49110 at SUSE CVE-2022-49110 at NVD CVE-2022-49139 at SUSE CVE-2022-49139 at NVD CVE-2022-49767 at SUSE CVE-2022-49767 at NVD CVE-2022-49769 at SUSE CVE-2022-49769 at NVD CVE-2022-49770 at SUSE CVE-2022-49770 at NVD CVE-2022-49771 at SUSE CVE-2022-49771 at NVD CVE-2022-49772 at SUSE CVE-2022-49772 at NVD CVE-2022-49775 at SUSE CVE-2022-49775 at NVD CVE-2022-49777 at SUSE CVE-2022-49777 at NVD CVE-2022-49787 at SUSE CVE-2022-49787 at NVD CVE-2022-49788 at SUSE CVE-2022-49788 at NVD CVE-2022-49789 at SUSE CVE-2022-49789 at NVD CVE-2022-49790 at SUSE CVE-2022-49790 at NVD CVE-2022-49793 at SUSE CVE-2022-49793 at NVD CVE-2022-49794 at SUSE CVE-2022-49794 at NVD CVE-2022-49799 at SUSE CVE-2022-49799 at NVD CVE-2022-49802 at SUSE CVE-2022-49802 at NVD CVE-2022-49809 at SUSE CVE-2022-49809 at NVD CVE-2022-49818 at SUSE CVE-2022-49818 at NVD CVE-2022-49821 at SUSE CVE-2022-49821 at NVD CVE-2022-49823 at SUSE CVE-2022-49823 at NVD CVE-2022-49824 at SUSE CVE-2022-49824 at NVD CVE-2022-49825 at SUSE CVE-2022-49825 at NVD CVE-2022-49826 at SUSE CVE-2022-49826 at NVD CVE-2022-49827 at SUSE CVE-2022-49827 at NVD CVE-2022-49830 at SUSE CVE-2022-49830 at NVD CVE-2022-49832 at SUSE CVE-2022-49832 at NVD CVE-2022-49835 at SUSE CVE-2022-49835 at NVD CVE-2022-49836 at SUSE CVE-2022-49836 at NVD CVE-2022-49839 at SUSE CVE-2022-49839 at NVD CVE-2022-49841 at SUSE CVE-2022-49841 at NVD CVE-2022-49842 at SUSE CVE-2022-49842 at NVD CVE-2022-49846 at SUSE CVE-2022-49846 at NVD CVE-2022-49861 at SUSE CVE-2022-49861 at NVD CVE-2022-49870 at SUSE CVE-2022-49870 at NVD CVE-2022-49879 at SUSE CVE-2022-49879 at NVD CVE-2022-49880 at SUSE CVE-2022-49880 at NVD CVE-2022-49881 at SUSE CVE-2022-49881 at NVD CVE-2022-49887 at SUSE CVE-2022-49887 at NVD CVE-2022-49889 at SUSE CVE-2022-49889 at NVD CVE-2022-49892 at SUSE CVE-2022-49892 at NVD CVE-2022-49906 at SUSE CVE-2022-49906 at NVD CVE-2022-49910 at SUSE CVE-2022-49910 at NVD CVE-2022-49915 at SUSE CVE-2022-49915 at NVD CVE-2022-49922 at SUSE CVE-2022-49922 at NVD CVE-2022-49927 at SUSE CVE-2022-49927 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-1990 at SUSE CVE-2023-1990 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52508 at SUSE CVE-2023-52508 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-53039 at SUSE CVE-2023-53039 at NVD CVE-2023-53052 at SUSE CVE-2023-53052 at NVD CVE-2023-53106 at SUSE CVE-2023-53106 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-requests fixes the following issues: - CVE-2024-47081: fixed netrc credential leak (bsc#1244039). Moderate SUSE bug 1244039 CVE-2024-47081 at SUSE CVE-2024-47081 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). Important SUSE bug 1243226 SUSE bug 1244509 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD CVE-2025-6020 at SUSE CVE-2025-6020 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for systemd fixes the following issues: - CVE-2025-4598: Race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). - CVE-2023-26604: Privilege escalation via the less pager (bsc#1208958). - CVE-2022-4415: systemd-coredump was not respecting fs.suid_dumpable kernel setting (bsc#1205000). Other bugfixes: - clarify passno and noauto combination in /etc/fstab (bsc#1211725) - handle -EINTR return from bus_poll() (bsc#1215241) - /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576) Important SUSE bug 1205000 SUSE bug 1208958 SUSE bug 1211576 SUSE bug 1211725 SUSE bug 1215241 SUSE bug 1243935 CVE-2022-4415 at SUSE CVE-2022-4415 at NVD CVE-2023-26604 at SUSE CVE-2023-26604 at NVD CVE-2025-4598 at SUSE CVE-2025-4598 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). The following non-security bugs were fixed: - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). Important SUSE bug 1215304 SUSE bug 1220927 SUSE bug 1220937 SUSE bug 1230697 SUSE bug 1232436 SUSE bug 1234281 SUSE bug 1234690 SUSE bug 1234846 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234921 SUSE bug 1234963 SUSE bug 1235004 SUSE bug 1235054 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235246 SUSE bug 1235480 SUSE bug 1235584 CVE-2022-49035 at SUSE CVE-2022-49035 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-47538: Fixed stack-buffer overflow in vorbis_handle_identification_packet (bnc#1234415) - CVE-2024-47600: Fixed out-of-bounds read in gst-discoverer-1.0 commandline tool (bnc#1234453) - CVE-2024-47615: Fixed out-of-bounds write in Ogg demuxer (bnc#1234456) - CVE-2024-47542: Fixed ID3v2 parser out-of-bounds read and NULL-pointer dereference (bnc#1234460) - CVE-2024-47607: Fixed stack buffer-overflow in Opus decoder (bnc#1234455) - CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser (bnc#1234450) - CVE-2024-47541: Fixed out-of-bounds write in SSA subtitle parser (bnc#1234459) - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (boo#1244404) - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (boo#1244403) - CVE-2025-47806: Fixed Stack buffer overflow in SubRip subtitle parser (boo#1244407) Important SUSE bug 1234415 SUSE bug 1234450 SUSE bug 1234453 SUSE bug 1234455 SUSE bug 1234456 SUSE bug 1234459 SUSE bug 1234460 SUSE bug 1244403 SUSE bug 1244404 SUSE bug 1244407 CVE-2024-47538 at SUSE CVE-2024-47538 at NVD CVE-2024-47541 at SUSE CVE-2024-47541 at NVD CVE-2024-47542 at SUSE CVE-2024-47542 at NVD CVE-2024-47600 at SUSE CVE-2024-47600 at NVD CVE-2024-47607 at SUSE CVE-2024-47607 at NVD CVE-2024-47615 at SUSE CVE-2024-47615 at NVD CVE-2024-47835 at SUSE CVE-2024-47835 at NVD CVE-2025-47806 at SUSE CVE-2025-47806 at NVD CVE-2025-47807 at SUSE CVE-2025-47807 at NVD CVE-2025-47808 at SUSE CVE-2025-47808 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). Moderate SUSE bug 1244079 CVE-2025-40909 at SUSE CVE-2025-40909 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam_pkcs11 fixes the following issues: - CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gstreamer fixes the following issues: - CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (bsc#1234449) Important SUSE bug 1234449 CVE-2024-47606 at SUSE CVE-2024-47606 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ignition fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192). Important SUSE bug 1239192 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for icu fixes the following issues: - CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721). Important SUSE bug 1161007 SUSE bug 1167603 SUSE bug 1193951 SUSE bug 1243721 CVE-2020-21913 at SUSE CVE-2020-21913 at NVD CVE-2025-5222 at SUSE CVE-2025-5222 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - Added patch to remove using rw as a default mount option (bsc#1239776) Moderate SUSE bug 1239776 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). Important SUSE bug 1245274 CVE-2025-32462 at SUSE CVE-2025-32462 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. Low SUSE bug 1230092 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). Low SUSE bug 1243314 CVE-2025-4945 at SUSE CVE-2025-4945 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). Moderate SUSE bug 1228776 SUSE bug 1239602 CVE-2024-41965 at SUSE CVE-2024-41965 at NVD CVE-2025-29768 at SUSE CVE-2025-29768 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) Important SUSE bug 1244554 SUSE bug 1244557 SUSE bug 1244590 SUSE bug 1244700 CVE-2025-49794 at SUSE CVE-2025-49794 at NVD CVE-2025-49796 at SUSE CVE-2025-49796 at NVD CVE-2025-6021 at SUSE CVE-2025-6021 at NVD CVE-2025-6170 at SUSE CVE-2025-6170 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314). Important SUSE bug 1245309 SUSE bug 1245310 SUSE bug 1245311 SUSE bug 1245314 CVE-2025-4877 at SUSE CVE-2025-4877 at NVD CVE-2025-4878 at SUSE CVE-2025-4878 at NVD CVE-2025-5318 at SUSE CVE-2025-5318 at NVD CVE-2025-5372 at SUSE CVE-2025-5372 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: - Update to docker-buildx v0.22.0. - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). Moderate SUSE bug 1239765 SUSE bug 1240150 SUSE bug 1241830 SUSE bug 1242114 SUSE bug 1243833 SUSE bug 1244035 CVE-2025-0495 at SUSE CVE-2025-0495 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). The following non-security bugs were fixed: - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). Important SUSE bug 1215304 SUSE bug 1220927 SUSE bug 1220937 SUSE bug 1230697 SUSE bug 1232436 SUSE bug 1234281 SUSE bug 1234690 SUSE bug 1234846 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234921 SUSE bug 1234963 SUSE bug 1235004 SUSE bug 1235054 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235246 SUSE bug 1235480 SUSE bug 1235584 CVE-2022-49035 at SUSE CVE-2022-49035 at NVD CVE-2023-52524 at SUSE CVE-2023-52524 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147). - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119). - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82 - Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch') - Use gcc-13 for build on SLE16 (jsc#PED-10028). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - check-for-config-changes: Fix flag name typo - drop ax25 drivers (bsc#1238471). - drop hamradio drivers (bsc#1238471). - drop netrom drivers (bsc#1238471). - drop rose drivers (bsc#1238471). - kabi/severities: workaround kABI checker complains after AX25 and HAMRADIO removals KABI: symbol asc2ax(mod:net/ax25/ax25) lost KABI: symbol ax25_bcast(mod:net/ax25/ax25) lost KABI: symbol ax25_defaddr(mod:net/ax25/ax25) lost KABI: symbol ax25_display_timer(mod:net/ax25/ax25) lost KABI: symbol ax25_find_cb(mod:net/ax25/ax25) lost KABI: symbol ax25_findbyuid(mod:net/ax25/ax25) lost KABI: symbol ax25_header_ops(mod:net/ax25/ax25) lost KABI: symbol ax25_ip_xmit(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_register(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_release(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_register(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_release(mod:net/ax25/ax25) lost KABI: symbol ax25_protocol_release(mod:net/ax25/ax25) lost KABI: symbol ax25_register_pid(mod:net/ax25/ax25) lost KABI: symbol ax25_send_frame(mod:net/ax25/ax25) lost KABI: symbol ax25_uid_policy(mod:net/ax25/ax25) lost KABI: symbol ax25cmp(mod:net/ax25/ax25) lost KABI: symbol ax2asc(mod:net/ax25/ax25) lost KABI: symbol hdlcdrv_arbitrate(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_receiver(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_register(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_transmitter(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_unregister(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol null_ax25_address(mod:net/ax25/ax25) lost - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - kernel-source: Also replace bin/env - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). When compiler different from the one which was used to configure the kernel is used to build modules a warning is issued and the build continues. This could be turned into an error but that would be too restrictive. The generated kernel-devel makefile could set the compiler but then the main Makefile as to be patched to assign CC with ?= This causes run_oldconfig failure on SUSE-2024 and kbuild config check failure on SUSE-2025. This cannot be hardcoded to one version in a regular patch because the value is expected to be configurable at mkspec time. Patch the Makefile after aplyin patches in rpm prep step instead. A check is added to verify that the sed command did indeed apply the change. - packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).') - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used - rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64. - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659) - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/package-descriptions: Add rt and rt_debug descriptions - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1199487 SUSE bug 1201160 SUSE bug 1201956 SUSE bug 1202095 SUSE bug 1202564 SUSE bug 1202716 SUSE bug 1202810 SUSE bug 1202860 SUSE bug 1205220 SUSE bug 1205514 SUSE bug 1206664 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1211226 SUSE bug 1212051 SUSE bug 1218184 SUSE bug 1224095 SUSE bug 1225820 SUSE bug 1226514 SUSE bug 1228659 SUSE bug 1230827 SUSE bug 1231293 SUSE bug 1232504 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1235637 SUSE bug 1237159 SUSE bug 1237312 SUSE bug 1237313 SUSE bug 1238303 SUSE bug 1238471 SUSE bug 1238570 SUSE bug 1239986 SUSE bug 1240785 SUSE bug 1241038 SUSE bug 1242414 SUSE bug 1242504 SUSE bug 1242924 SUSE bug 1243001 SUSE bug 1243330 SUSE bug 1243543 SUSE bug 1243627 SUSE bug 1243832 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244277 SUSE bug 1244337 SUSE bug 1244764 SUSE bug 1244767 SUSE bug 1244770 SUSE bug 1244771 SUSE bug 1244773 SUSE bug 1244774 SUSE bug 1244776 SUSE bug 1244779 SUSE bug 1244782 SUSE bug 1244783 SUSE bug 1244786 SUSE bug 1244788 SUSE bug 1244790 SUSE bug 1244793 SUSE bug 1244794 SUSE bug 1244796 SUSE bug 1244797 SUSE bug 1244804 SUSE bug 1244813 SUSE bug 1244815 SUSE bug 1244816 SUSE bug 1244825 SUSE bug 1244834 SUSE bug 1244836 SUSE bug 1244838 SUSE bug 1244839 SUSE bug 1244841 SUSE bug 1244842 SUSE bug 1244845 SUSE bug 1244848 SUSE bug 1244849 SUSE bug 1244851 SUSE bug 1244853 SUSE bug 1244856 SUSE bug 1244861 SUSE bug 1244867 SUSE bug 1244868 SUSE bug 1244869 SUSE bug 1244881 SUSE bug 1244883 SUSE bug 1244884 SUSE bug 1244885 SUSE bug 1244886 SUSE bug 1244887 SUSE bug 1244899 SUSE bug 1244901 SUSE bug 1244902 SUSE bug 1244908 SUSE bug 1244936 SUSE bug 1244941 SUSE bug 1244943 SUSE bug 1244945 SUSE bug 1244948 SUSE bug 1244950 SUSE bug 1244956 SUSE bug 1244958 SUSE bug 1244959 SUSE bug 1244967 SUSE bug 1244968 SUSE bug 1244969 SUSE bug 1244976 SUSE bug 1244979 SUSE bug 1244984 SUSE bug 1244986 SUSE bug 1244992 SUSE bug 1245006 SUSE bug 1245007 SUSE bug 1245024 SUSE bug 1245031 SUSE bug 1245033 SUSE bug 1245041 SUSE bug 1245047 SUSE bug 1245051 SUSE bug 1245057 SUSE bug 1245058 SUSE bug 1245072 SUSE bug 1245073 SUSE bug 1245098 SUSE bug 1245103 SUSE bug 1245117 SUSE bug 1245119 SUSE bug 1245121 SUSE bug 1245122 SUSE bug 1245125 SUSE bug 1245129 SUSE bug 1245131 SUSE bug 1245135 SUSE bug 1245136 SUSE bug 1245138 SUSE bug 1245139 SUSE bug 1245140 SUSE bug 1245146 SUSE bug 1245147 SUSE bug 1245149 SUSE bug 1245183 SUSE bug 1245195 SUSE bug 1245265 SUSE bug 1245348 SUSE bug 1245455 CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD CVE-2022-49934 at SUSE CVE-2022-49934 at NVD CVE-2022-49936 at SUSE CVE-2022-49936 at NVD CVE-2022-49937 at SUSE CVE-2022-49937 at NVD CVE-2022-49942 at SUSE CVE-2022-49942 at NVD CVE-2022-49945 at SUSE CVE-2022-49945 at NVD CVE-2022-49948 at SUSE CVE-2022-49948 at NVD CVE-2022-49950 at SUSE CVE-2022-49950 at NVD CVE-2022-49952 at SUSE CVE-2022-49952 at NVD CVE-2022-49954 at SUSE CVE-2022-49954 at NVD CVE-2022-49956 at SUSE CVE-2022-49956 at NVD CVE-2022-49968 at SUSE CVE-2022-49968 at NVD CVE-2022-49977 at SUSE CVE-2022-49977 at NVD CVE-2022-49978 at SUSE CVE-2022-49978 at NVD CVE-2022-49981 at SUSE CVE-2022-49981 at NVD CVE-2022-49984 at SUSE CVE-2022-49984 at NVD CVE-2022-49985 at SUSE CVE-2022-49985 at NVD CVE-2022-49986 at SUSE CVE-2022-49986 at NVD CVE-2022-49987 at SUSE CVE-2022-49987 at NVD CVE-2022-49989 at SUSE CVE-2022-49989 at NVD CVE-2022-49990 at SUSE CVE-2022-49990 at NVD CVE-2022-49993 at SUSE CVE-2022-49993 at NVD CVE-2022-50010 at SUSE CVE-2022-50010 at NVD CVE-2022-50012 at SUSE CVE-2022-50012 at NVD CVE-2022-50019 at SUSE CVE-2022-50019 at NVD CVE-2022-50020 at SUSE CVE-2022-50020 at NVD CVE-2022-50022 at SUSE CVE-2022-50022 at NVD CVE-2022-50027 at SUSE CVE-2022-50027 at NVD CVE-2022-50028 at SUSE CVE-2022-50028 at NVD CVE-2022-50029 at SUSE CVE-2022-50029 at NVD CVE-2022-50030 at SUSE CVE-2022-50030 at NVD CVE-2022-50032 at SUSE CVE-2022-50032 at NVD CVE-2022-50033 at SUSE CVE-2022-50033 at NVD CVE-2022-50036 at SUSE CVE-2022-50036 at NVD CVE-2022-50038 at SUSE CVE-2022-50038 at NVD CVE-2022-50045 at SUSE CVE-2022-50045 at NVD CVE-2022-50051 at SUSE CVE-2022-50051 at NVD CVE-2022-50059 at SUSE CVE-2022-50059 at NVD CVE-2022-50061 at SUSE CVE-2022-50061 at NVD CVE-2022-50065 at SUSE CVE-2022-50065 at NVD CVE-2022-50067 at SUSE CVE-2022-50067 at NVD CVE-2022-50072 at SUSE CVE-2022-50072 at NVD CVE-2022-50083 at SUSE CVE-2022-50083 at NVD CVE-2022-50084 at SUSE CVE-2022-50084 at NVD CVE-2022-50085 at SUSE CVE-2022-50085 at NVD CVE-2022-50087 at SUSE CVE-2022-50087 at NVD CVE-2022-50091 at SUSE CVE-2022-50091 at NVD CVE-2022-50092 at SUSE CVE-2022-50092 at NVD CVE-2022-50093 at SUSE CVE-2022-50093 at NVD CVE-2022-50094 at SUSE CVE-2022-50094 at NVD CVE-2022-50097 at SUSE CVE-2022-50097 at NVD CVE-2022-50098 at SUSE CVE-2022-50098 at NVD CVE-2022-50099 at SUSE CVE-2022-50099 at NVD CVE-2022-50101 at SUSE CVE-2022-50101 at NVD CVE-2022-50102 at SUSE CVE-2022-50102 at NVD CVE-2022-50104 at SUSE CVE-2022-50104 at NVD CVE-2022-50108 at SUSE CVE-2022-50108 at NVD CVE-2022-50109 at SUSE CVE-2022-50109 at NVD CVE-2022-50118 at SUSE CVE-2022-50118 at NVD CVE-2022-50124 at SUSE CVE-2022-50124 at NVD CVE-2022-50126 at SUSE CVE-2022-50126 at NVD CVE-2022-50127 at SUSE CVE-2022-50127 at NVD CVE-2022-50136 at SUSE CVE-2022-50136 at NVD CVE-2022-50138 at SUSE CVE-2022-50138 at NVD CVE-2022-50140 at SUSE CVE-2022-50140 at NVD CVE-2022-50141 at SUSE CVE-2022-50141 at NVD CVE-2022-50142 at SUSE CVE-2022-50142 at NVD CVE-2022-50143 at SUSE CVE-2022-50143 at NVD CVE-2022-50146 at SUSE CVE-2022-50146 at NVD CVE-2022-50149 at SUSE CVE-2022-50149 at NVD CVE-2022-50152 at SUSE CVE-2022-50152 at NVD CVE-2022-50153 at SUSE CVE-2022-50153 at NVD CVE-2022-50156 at SUSE CVE-2022-50156 at NVD CVE-2022-50158 at SUSE CVE-2022-50158 at NVD CVE-2022-50160 at SUSE CVE-2022-50160 at NVD CVE-2022-50161 at SUSE CVE-2022-50161 at NVD CVE-2022-50162 at SUSE CVE-2022-50162 at NVD CVE-2022-50164 at SUSE CVE-2022-50164 at NVD CVE-2022-50165 at SUSE CVE-2022-50165 at NVD CVE-2022-50169 at SUSE CVE-2022-50169 at NVD CVE-2022-50172 at SUSE CVE-2022-50172 at NVD CVE-2022-50173 at SUSE CVE-2022-50173 at NVD CVE-2022-50176 at SUSE CVE-2022-50176 at NVD CVE-2022-50179 at SUSE CVE-2022-50179 at NVD CVE-2022-50181 at SUSE CVE-2022-50181 at NVD CVE-2022-50185 at SUSE CVE-2022-50185 at NVD CVE-2022-50191 at SUSE CVE-2022-50191 at NVD CVE-2022-50200 at SUSE CVE-2022-50200 at NVD CVE-2022-50209 at SUSE CVE-2022-50209 at NVD CVE-2022-50211 at SUSE CVE-2022-50211 at NVD CVE-2022-50212 at SUSE CVE-2022-50212 at NVD CVE-2022-50213 at SUSE CVE-2022-50213 at NVD CVE-2022-50215 at SUSE CVE-2022-50215 at NVD CVE-2022-50218 at SUSE CVE-2022-50218 at NVD CVE-2022-50220 at SUSE CVE-2022-50220 at NVD CVE-2022-50222 at SUSE CVE-2022-50222 at NVD CVE-2022-50229 at SUSE CVE-2022-50229 at NVD CVE-2022-50231 at SUSE CVE-2022-50231 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) Important SUSE bug 1238896 SUSE bug 1244644 SUSE bug 1246112 CVE-2024-36350 at SUSE CVE-2024-36350 at NVD CVE-2024-36357 at SUSE CVE-2024-36357 at NVD CVE-2025-27465 at SUSE CVE-2025-27465 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147). - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119). - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149). - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - wifi: cfg80211: Add my certificate (bsc#1243001). - wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001). Important SUSE bug 1065729 SUSE bug 1156395 SUSE bug 1199487 SUSE bug 1201160 SUSE bug 1201956 SUSE bug 1202095 SUSE bug 1202564 SUSE bug 1202716 SUSE bug 1202810 SUSE bug 1202860 SUSE bug 1205220 SUSE bug 1205514 SUSE bug 1206664 SUSE bug 1206878 SUSE bug 1206880 SUSE bug 1211226 SUSE bug 1212051 SUSE bug 1218184 SUSE bug 1224095 SUSE bug 1225820 SUSE bug 1226514 SUSE bug 1228659 SUSE bug 1230827 SUSE bug 1231293 SUSE bug 1232504 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1235637 SUSE bug 1237159 SUSE bug 1237312 SUSE bug 1237313 SUSE bug 1238303 SUSE bug 1238471 SUSE bug 1238570 SUSE bug 1239986 SUSE bug 1240785 SUSE bug 1241038 SUSE bug 1242414 SUSE bug 1242504 SUSE bug 1242924 SUSE bug 1243001 SUSE bug 1243330 SUSE bug 1243543 SUSE bug 1243627 SUSE bug 1243832 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244277 SUSE bug 1244337 SUSE bug 1244764 SUSE bug 1244767 SUSE bug 1244770 SUSE bug 1244771 SUSE bug 1244773 SUSE bug 1244774 SUSE bug 1244776 SUSE bug 1244779 SUSE bug 1244782 SUSE bug 1244783 SUSE bug 1244786 SUSE bug 1244788 SUSE bug 1244790 SUSE bug 1244793 SUSE bug 1244794 SUSE bug 1244796 SUSE bug 1244797 SUSE bug 1244804 SUSE bug 1244813 SUSE bug 1244815 SUSE bug 1244816 SUSE bug 1244825 SUSE bug 1244834 SUSE bug 1244836 SUSE bug 1244838 SUSE bug 1244839 SUSE bug 1244841 SUSE bug 1244842 SUSE bug 1244845 SUSE bug 1244848 SUSE bug 1244849 SUSE bug 1244851 SUSE bug 1244853 SUSE bug 1244856 SUSE bug 1244861 SUSE bug 1244867 SUSE bug 1244868 SUSE bug 1244869 SUSE bug 1244881 SUSE bug 1244883 SUSE bug 1244884 SUSE bug 1244885 SUSE bug 1244886 SUSE bug 1244887 SUSE bug 1244899 SUSE bug 1244901 SUSE bug 1244902 SUSE bug 1244908 SUSE bug 1244936 SUSE bug 1244941 SUSE bug 1244943 SUSE bug 1244945 SUSE bug 1244948 SUSE bug 1244950 SUSE bug 1244956 SUSE bug 1244958 SUSE bug 1244959 SUSE bug 1244967 SUSE bug 1244968 SUSE bug 1244969 SUSE bug 1244976 SUSE bug 1244979 SUSE bug 1244984 SUSE bug 1244986 SUSE bug 1244992 SUSE bug 1245006 SUSE bug 1245007 SUSE bug 1245024 SUSE bug 1245031 SUSE bug 1245033 SUSE bug 1245041 SUSE bug 1245047 SUSE bug 1245051 SUSE bug 1245057 SUSE bug 1245058 SUSE bug 1245072 SUSE bug 1245073 SUSE bug 1245098 SUSE bug 1245103 SUSE bug 1245117 SUSE bug 1245119 SUSE bug 1245121 SUSE bug 1245122 SUSE bug 1245125 SUSE bug 1245129 SUSE bug 1245131 SUSE bug 1245135 SUSE bug 1245136 SUSE bug 1245138 SUSE bug 1245139 SUSE bug 1245140 SUSE bug 1245146 SUSE bug 1245147 SUSE bug 1245149 SUSE bug 1245183 SUSE bug 1245195 SUSE bug 1245265 SUSE bug 1245348 SUSE bug 1245455 CVE-2022-1679 at SUSE CVE-2022-1679 at NVD CVE-2022-2586 at SUSE CVE-2022-2586 at NVD CVE-2022-2905 at SUSE CVE-2022-2905 at NVD CVE-2022-3903 at SUSE CVE-2022-3903 at NVD CVE-2022-4095 at SUSE CVE-2022-4095 at NVD CVE-2022-4662 at SUSE CVE-2022-4662 at NVD CVE-2022-49934 at SUSE CVE-2022-49934 at NVD CVE-2022-49936 at SUSE CVE-2022-49936 at NVD CVE-2022-49937 at SUSE CVE-2022-49937 at NVD CVE-2022-49942 at SUSE CVE-2022-49942 at NVD CVE-2022-49945 at SUSE CVE-2022-49945 at NVD CVE-2022-49948 at SUSE CVE-2022-49948 at NVD CVE-2022-49950 at SUSE CVE-2022-49950 at NVD CVE-2022-49952 at SUSE CVE-2022-49952 at NVD CVE-2022-49954 at SUSE CVE-2022-49954 at NVD CVE-2022-49956 at SUSE CVE-2022-49956 at NVD CVE-2022-49968 at SUSE CVE-2022-49968 at NVD CVE-2022-49977 at SUSE CVE-2022-49977 at NVD CVE-2022-49978 at SUSE CVE-2022-49978 at NVD CVE-2022-49981 at SUSE CVE-2022-49981 at NVD CVE-2022-49984 at SUSE CVE-2022-49984 at NVD CVE-2022-49985 at SUSE CVE-2022-49985 at NVD CVE-2022-49986 at SUSE CVE-2022-49986 at NVD CVE-2022-49987 at SUSE CVE-2022-49987 at NVD CVE-2022-49989 at SUSE CVE-2022-49989 at NVD CVE-2022-49990 at SUSE CVE-2022-49990 at NVD CVE-2022-49993 at SUSE CVE-2022-49993 at NVD CVE-2022-50010 at SUSE CVE-2022-50010 at NVD CVE-2022-50012 at SUSE CVE-2022-50012 at NVD CVE-2022-50019 at SUSE CVE-2022-50019 at NVD CVE-2022-50020 at SUSE CVE-2022-50020 at NVD CVE-2022-50022 at SUSE CVE-2022-50022 at NVD CVE-2022-50027 at SUSE CVE-2022-50027 at NVD CVE-2022-50028 at SUSE CVE-2022-50028 at NVD CVE-2022-50029 at SUSE CVE-2022-50029 at NVD CVE-2022-50030 at SUSE CVE-2022-50030 at NVD CVE-2022-50032 at SUSE CVE-2022-50032 at NVD CVE-2022-50033 at SUSE CVE-2022-50033 at NVD CVE-2022-50036 at SUSE CVE-2022-50036 at NVD CVE-2022-50038 at SUSE CVE-2022-50038 at NVD CVE-2022-50045 at SUSE CVE-2022-50045 at NVD CVE-2022-50051 at SUSE CVE-2022-50051 at NVD CVE-2022-50059 at SUSE CVE-2022-50059 at NVD CVE-2022-50061 at SUSE CVE-2022-50061 at NVD CVE-2022-50065 at SUSE CVE-2022-50065 at NVD CVE-2022-50067 at SUSE CVE-2022-50067 at NVD CVE-2022-50072 at SUSE CVE-2022-50072 at NVD CVE-2022-50083 at SUSE CVE-2022-50083 at NVD CVE-2022-50084 at SUSE CVE-2022-50084 at NVD CVE-2022-50085 at SUSE CVE-2022-50085 at NVD CVE-2022-50087 at SUSE CVE-2022-50087 at NVD CVE-2022-50091 at SUSE CVE-2022-50091 at NVD CVE-2022-50092 at SUSE CVE-2022-50092 at NVD CVE-2022-50093 at SUSE CVE-2022-50093 at NVD CVE-2022-50094 at SUSE CVE-2022-50094 at NVD CVE-2022-50097 at SUSE CVE-2022-50097 at NVD CVE-2022-50098 at SUSE CVE-2022-50098 at NVD CVE-2022-50099 at SUSE CVE-2022-50099 at NVD CVE-2022-50101 at SUSE CVE-2022-50101 at NVD CVE-2022-50102 at SUSE CVE-2022-50102 at NVD CVE-2022-50104 at SUSE CVE-2022-50104 at NVD CVE-2022-50108 at SUSE CVE-2022-50108 at NVD CVE-2022-50109 at SUSE CVE-2022-50109 at NVD CVE-2022-50118 at SUSE CVE-2022-50118 at NVD CVE-2022-50124 at SUSE CVE-2022-50124 at NVD CVE-2022-50126 at SUSE CVE-2022-50126 at NVD CVE-2022-50127 at SUSE CVE-2022-50127 at NVD CVE-2022-50136 at SUSE CVE-2022-50136 at NVD CVE-2022-50138 at SUSE CVE-2022-50138 at NVD CVE-2022-50140 at SUSE CVE-2022-50140 at NVD CVE-2022-50141 at SUSE CVE-2022-50141 at NVD CVE-2022-50142 at SUSE CVE-2022-50142 at NVD CVE-2022-50143 at SUSE CVE-2022-50143 at NVD CVE-2022-50146 at SUSE CVE-2022-50146 at NVD CVE-2022-50149 at SUSE CVE-2022-50149 at NVD CVE-2022-50152 at SUSE CVE-2022-50152 at NVD CVE-2022-50153 at SUSE CVE-2022-50153 at NVD CVE-2022-50156 at SUSE CVE-2022-50156 at NVD CVE-2022-50158 at SUSE CVE-2022-50158 at NVD CVE-2022-50160 at SUSE CVE-2022-50160 at NVD CVE-2022-50161 at SUSE CVE-2022-50161 at NVD CVE-2022-50162 at SUSE CVE-2022-50162 at NVD CVE-2022-50164 at SUSE CVE-2022-50164 at NVD CVE-2022-50165 at SUSE CVE-2022-50165 at NVD CVE-2022-50169 at SUSE CVE-2022-50169 at NVD CVE-2022-50172 at SUSE CVE-2022-50172 at NVD CVE-2022-50173 at SUSE CVE-2022-50173 at NVD CVE-2022-50176 at SUSE CVE-2022-50176 at NVD CVE-2022-50179 at SUSE CVE-2022-50179 at NVD CVE-2022-50181 at SUSE CVE-2022-50181 at NVD CVE-2022-50185 at SUSE CVE-2022-50185 at NVD CVE-2022-50191 at SUSE CVE-2022-50191 at NVD CVE-2022-50200 at SUSE CVE-2022-50200 at NVD CVE-2022-50209 at SUSE CVE-2022-50209 at NVD CVE-2022-50211 at SUSE CVE-2022-50211 at NVD CVE-2022-50212 at SUSE CVE-2022-50212 at NVD CVE-2022-50213 at SUSE CVE-2022-50213 at NVD CVE-2022-50215 at SUSE CVE-2022-50215 at NVD CVE-2022-50218 at SUSE CVE-2022-50218 at NVD CVE-2022-50220 at SUSE CVE-2022-50220 at NVD CVE-2022-50222 at SUSE CVE-2022-50222 at NVD CVE-2022-50229 at SUSE CVE-2022-50229 at NVD CVE-2022-50231 at SUSE CVE-2022-50231 at NVD CVE-2023-3111 at SUSE CVE-2023-3111 at NVD CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for coreutils fixes the following issues: Security fixes: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) Other fixes: - ls: avoid triggering automounts (bsc#1221632) - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) Moderate SUSE bug 1219321 SUSE bug 1221632 SUSE bug 1243767 CVE-2025-5278 at SUSE CVE-2025-5278 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). Moderate SUSE bug 1243450 CVE-2024-23337 at SUSE CVE-2024-23337 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472) Important SUSE bug 1246472 CVE-2025-7519 at SUSE CVE-2025-7519 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation (bsc#1244561) - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564) - CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565) - CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566) - CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567) - CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568) - CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570) - CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571) - CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572) - CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574) - CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575) - CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268) - Other bugs fixed: - Added subsystem filter to udev.exportdb (bsc#1236621) - Fixed Ubuntu 24.04 test failures - Fixed refresh of osrelease and related grains on Python 3.10+ - Fixed issue requiring proper Python flavor for dependencies Important SUSE bug 1236621 SUSE bug 1243268 SUSE bug 1244561 SUSE bug 1244564 SUSE bug 1244565 SUSE bug 1244566 SUSE bug 1244567 SUSE bug 1244568 SUSE bug 1244570 SUSE bug 1244571 SUSE bug 1244572 SUSE bug 1244574 SUSE bug 1244575 CVE-2024-38822 at SUSE CVE-2024-38822 at NVD CVE-2024-38823 at SUSE CVE-2024-38823 at NVD CVE-2024-38824 at SUSE CVE-2024-38824 at NVD CVE-2024-38825 at SUSE CVE-2024-38825 at NVD CVE-2025-22236 at SUSE CVE-2025-22236 at NVD CVE-2025-22237 at SUSE CVE-2025-22237 at NVD CVE-2025-22238 at SUSE CVE-2025-22238 at NVD CVE-2025-22239 at SUSE CVE-2025-22239 at NVD CVE-2025-22240 at SUSE CVE-2025-22240 at NVD CVE-2025-22241 at SUSE CVE-2025-22241 at NVD CVE-2025-22242 at SUSE CVE-2025-22242 at NVD CVE-2025-47287 at SUSE CVE-2025-47287 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) Important SUSE bug 1245936 CVE-2016-9840 at SUSE CVE-2016-9840 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) Important SUSE bug 1246232 SUSE bug 1246267 SUSE bug 1246299 CVE-2025-32988 at SUSE CVE-2025-32988 at NVD CVE-2025-32990 at SUSE CVE-2025-32990 at NVD CVE-2025-6395 at SUSE CVE-2025-6395 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) Important SUSE bug 1246296 CVE-2025-7425 at SUSE CVE-2025-7425 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) Important SUSE bug 1246597 CVE-2025-6965 at SUSE CVE-2025-6965 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Moderate SUSE bug 1234959 CVE-2024-56738 at SUSE CVE-2024-56738 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) Moderate SUSE bug 1245573 CVE-2025-6297 at SUSE CVE-2025-6297 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107). Moderate SUSE bug 1221107 CVE-2024-2236 at SUSE CVE-2024-2236 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). Important SUSE bug 1233012 SUSE bug 1243273 SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 SUSE bug 1244061 SUSE bug 1244401 SUSE bug 1244705 SUSE bug 1247249 SUSE bug 831629 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4435 at SUSE CVE-2025-4435 at NVD CVE-2025-4516 at SUSE CVE-2025-4516 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD CVE-2025-6069 at SUSE CVE-2025-6069 at NVD CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cairo fixes the following issues: - CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321). Low SUSE bug 1122321 CVE-2019-6462 at SUSE CVE-2019-6462 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). Other bugfixes: - Fixed ping on s390x that printed invalid ttl (bsc#1243284). Moderate SUSE bug 1243284 SUSE bug 1243772 CVE-2025-48964 at SUSE CVE-2025-48964 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for Mesa fixes the following issues: - CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040) - CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041) - CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042) Moderate SUSE bug 1222040 SUSE bug 1222041 SUSE bug 1222042 CVE-2023-45913 at SUSE CVE-2023-45913 at NVD CVE-2023-45919 at SUSE CVE-2023-45919 at NVD CVE-2023-45922 at SUSE CVE-2023-45922 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) Important SUSE bug 1245320 CVE-2025-6032 at SUSE CVE-2025-6032 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) Important SUSE bug 1247106 SUSE bug 1247108 CVE-2025-8176 at SUSE CVE-2025-8176 at NVD CVE-2025-8177 at SUSE CVE-2025-8177 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cairo fixes the following issues: - CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589). Low SUSE bug 1247589 CVE-2025-50422 at SUSE CVE-2025-50422 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50211: md-raid10: fix KASAN warning (bsc#1245140). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). Important SUSE bug 1210629 SUSE bug 1233551 SUSE bug 1234863 SUSE bug 1236104 SUSE bug 1236333 SUSE bug 1239644 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1245140 SUSE bug 1245217 SUSE bug 1245711 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246029 SUSE bug 1246037 SUSE bug 1246045 SUSE bug 1246186 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 CVE-2022-50211 at SUSE CVE-2022-50211 at NVD CVE-2023-2176 at SUSE CVE-2023-2176 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). Important SUSE bug 1233551 SUSE bug 1234863 SUSE bug 1236333 SUSE bug 1239644 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1245217 SUSE bug 1245711 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246029 SUSE bug 1246037 SUSE bug 1246045 SUSE bug 1246186 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-Jinja2 fixes the following issues: - CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809) Important SUSE bug 1234809 CVE-2024-56326 at SUSE CVE-2024-56326 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) Moderate SUSE bug 1246556 SUSE bug 1247367 CVE-2025-54388 at SUSE CVE-2025-54388 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) Moderate SUSE bug 1244116 CVE-2025-48060 at SUSE CVE-2025-48060 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) Moderate SUSE bug 1232234 SUSE bug 1246221 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) Moderate SUSE bug 1244925 CVE-2025-50181 at SUSE CVE-2025-50181 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ignition fixes the following issues: - CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input (bsc#1248548) Moderate SUSE bug 1248548 CVE-2022-28948 at SUSE CVE-2022-28948 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) Important SUSE bug 1236460 CVE-2022-49043 at SUSE CVE-2022-49043 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124) Important SUSE bug 1248124 CVE-2025-50817 at SUSE CVE-2025-50817 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. - CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access - CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Update for functional issues. - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5 | GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6 | ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3 | LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor | MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. Important SUSE bug 1248438 CVE-2025-20053 at SUSE CVE-2025-20053 at NVD CVE-2025-20109 at SUSE CVE-2025-20109 at NVD CVE-2025-22839 at SUSE CVE-2025-22839 at NVD CVE-2025-22840 at SUSE CVE-2025-22840 at NVD CVE-2025-22889 at SUSE CVE-2025-22889 at NVD CVE-2025-26403 at SUSE CVE-2025-26403 at NVD CVE-2025-32086 at SUSE CVE-2025-32086 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518) Moderate SUSE bug 1236518 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in `krb5.conf`: ``` [libdefaults] allow_des3 = true allow_rc4 = true ``` Moderate SUSE bug 1241219 CVE-2025-3576 at SUSE CVE-2025-3576 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Update to version 9.1.1629. - CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604). - CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602). - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938). - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939). Moderate SUSE bug 1246602 SUSE bug 1246604 SUSE bug 1247938 SUSE bug 1247939 CVE-2025-53905 at SUSE CVE-2025-53905 at NVD CVE-2025-53906 at SUSE CVE-2025-53906 at NVD CVE-2025-55157 at SUSE CVE-2025-55157 at NVD CVE-2025-55158 at SUSE CVE-2025-55158 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. Moderate SUSE bug 1243581 SUSE bug 1246608 SUSE bug 1248410 SUSE bug 1248687 SUSE bug 142461 CVE-2025-46836 at SUSE CVE-2025-46836 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). - CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). Important SUSE bug 1230932 SUSE bug 1246533 SUSE bug 1249049 SUSE bug 1249128 CVE-2024-47175 at SUSE CVE-2024-47175 at NVD CVE-2025-58060 at SUSE CVE-2025-58060 at NVD CVE-2025-58364 at SUSE CVE-2025-58364 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). Moderate SUSE bug 1233421 CVE-2024-52615 at SUSE CVE-2024-52615 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. Important SUSE bug 1246197 SUSE bug 1249191 SUSE bug 1249348 SUSE bug 1249367 CVE-2025-10148 at SUSE CVE-2025-10148 at NVD CVE-2025-9086 at SUSE CVE-2025-9086 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954). - CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - Disable N_GSM (jsc#PED-8240). Important SUSE bug 1199657 SUSE bug 1229334 SUSE bug 1238954 SUSE bug 1240799 SUSE bug 1241433 SUSE bug 1242780 SUSE bug 1243278 SUSE bug 1244824 SUSE bug 1245970 SUSE bug 1246073 SUSE bug 1246473 SUSE bug 1246781 SUSE bug 1246911 SUSE bug 1247143 SUSE bug 1247314 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247518 SUSE bug 1247976 SUSE bug 1248223 SUSE bug 1248306 SUSE bug 1248338 SUSE bug 1248511 SUSE bug 1248614 SUSE bug 1248621 SUSE bug 1248748 CVE-2022-29900 at SUSE CVE-2022-29900 at NVD CVE-2022-29901 at SUSE CVE-2022-29901 at NVD CVE-2022-49492 at SUSE CVE-2022-49492 at NVD CVE-2022-50116 at SUSE CVE-2022-50116 at NVD CVE-2023-53117 at SUSE CVE-2023-53117 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330). - CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582). - CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117). Low SUSE bug 1247582 SUSE bug 1248117 SUSE bug 1248330 CVE-2025-8534 at SUSE CVE-2025-8534 at NVD CVE-2025-8961 at SUSE CVE-2025-8961 at NVD CVE-2025-9165 at SUSE CVE-2025-9165 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gdk-pixbuf fixes the following issues: - CVE-2025-7345: heap buffer overflow in gdk‑pixbuf within the `gdk_pixbuf__jpeg_image_load_increment` function (bsc#1246114). - CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents (bsc#1245227). Important SUSE bug 1159337 SUSE bug 1245227 SUSE bug 1246114 CVE-2025-6199 at SUSE CVE-2025-6199 at NVD CVE-2025-7345 at SUSE CVE-2025-7345 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954). - CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437). - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). The following non-security bugs were fixed: - Disable N_GSM (bsc#1244824 jsc#PED-8240). - NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). Important SUSE bug 1229334 SUSE bug 1238954 SUSE bug 1240799 SUSE bug 1241433 SUSE bug 1242780 SUSE bug 1243278 SUSE bug 1244824 SUSE bug 1245970 SUSE bug 1246073 SUSE bug 1246473 SUSE bug 1246781 SUSE bug 1246911 SUSE bug 1247143 SUSE bug 1247314 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247518 SUSE bug 1247976 SUSE bug 1248223 SUSE bug 1248306 SUSE bug 1248338 SUSE bug 1248511 SUSE bug 1248614 SUSE bug 1248621 SUSE bug 1248748 CVE-2022-49492 at SUSE CVE-2022-49492 at NVD CVE-2022-50116 at SUSE CVE-2022-50116 at NVD CVE-2023-53117 at SUSE CVE-2023-53117 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). Important SUSE bug 1250373 CVE-2025-41244 at SUSE CVE-2025-41244 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files (bsc#1228184) Important SUSE bug 1228184 CVE-2024-40897 at SUSE CVE-2024-40897 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). Important SUSE bug 1250232 CVE-2025-9230 at SUSE CVE-2025-9230 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cairo fixes the following issues: - CVE-2019-6461: Avoid assert when drawing arcs with NaN angles (bsc#1122338) Low SUSE bug 1122338 CVE-2019-6461 at SUSE CVE-2019-6461 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxslt fixes the following issues: - CVE-2025-10911: fixed use-after-free with key data stored cross-RVT (bsc#1250553) Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-9566: fixed an issue where kube play command could cause host files to get overwritten (bsc#1249154) Important SUSE bug 1249154 CVE-2025-9566 at SUSE CVE-2025-9566 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). Important SUSE bug 1249584 CVE-2025-59375 at SUSE CVE-2025-59375 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) Moderate SUSE bug 1226463 SUSE bug 1236136 CVE-2024-13176 at SUSE CVE-2024-13176 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxslt fixes the following issues: - last fix caused a regression, patch was temporary disabled [bsc#1250553] Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947). - CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257). - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301). - CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140). - CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - use uniform permission checks for all mount propagation changes (git-fixes). Important SUSE bug 1202700 SUSE bug 1203063 SUSE bug 1203332 SUSE bug 1204228 SUSE bug 1205128 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1209287 SUSE bug 1209291 SUSE bug 1210124 SUSE bug 1210584 SUSE bug 1213061 SUSE bug 1213666 SUSE bug 1215150 SUSE bug 1216976 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1240784 SUSE bug 1241353 SUSE bug 1243278 SUSE bug 1244337 SUSE bug 1245110 SUSE bug 1245956 SUSE bug 1246879 SUSE bug 1246968 SUSE bug 1247172 SUSE bug 1247239 SUSE bug 1248108 SUSE bug 1248255 SUSE bug 1248399 SUSE bug 1248628 SUSE bug 1248847 SUSE bug 1249186 SUSE bug 1249200 SUSE bug 1249220 SUSE bug 1249346 SUSE bug 1249538 SUSE bug 1249604 SUSE bug 1249664 SUSE bug 1249667 SUSE bug 1249700 SUSE bug 1249713 SUSE bug 1249716 SUSE bug 1249718 SUSE bug 1249734 SUSE bug 1249740 SUSE bug 1249743 SUSE bug 1249747 SUSE bug 1249808 SUSE bug 1249825 SUSE bug 1249827 SUSE bug 1249840 SUSE bug 1249846 SUSE bug 1249880 SUSE bug 1249885 SUSE bug 1249908 SUSE bug 1249918 SUSE bug 1249923 SUSE bug 1249930 SUSE bug 1249947 SUSE bug 1249949 SUSE bug 1250002 SUSE bug 1250009 SUSE bug 1250014 SUSE bug 1250041 SUSE bug 1250131 SUSE bug 1250132 SUSE bug 1250140 SUSE bug 1250180 SUSE bug 1250183 SUSE bug 1250187 SUSE bug 1250257 SUSE bug 1250269 SUSE bug 1250277 SUSE bug 1250301 SUSE bug 1250313 SUSE bug 1250391 SUSE bug 1250392 SUSE bug 1250394 SUSE bug 1250522 SUSE bug 1250764 SUSE bug 1250767 SUSE bug 1250774 SUSE bug 1250787 SUSE bug 1250790 SUSE bug 1250797 SUSE bug 1250799 SUSE bug 1250823 SUSE bug 1250847 SUSE bug 1250850 SUSE bug 1250853 SUSE bug 1250868 SUSE bug 1250890 SUSE bug 1250891 CVE-2021-4460 at SUSE CVE-2021-4460 at NVD CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-49980 at SUSE CVE-2022-49980 at NVD CVE-2022-50233 at SUSE CVE-2022-50233 at NVD CVE-2022-50234 at SUSE CVE-2022-50234 at NVD CVE-2022-50235 at SUSE CVE-2022-50235 at NVD CVE-2022-50248 at SUSE CVE-2022-50248 at NVD CVE-2022-50249 at SUSE CVE-2022-50249 at NVD CVE-2022-50252 at SUSE CVE-2022-50252 at NVD CVE-2022-50257 at SUSE CVE-2022-50257 at NVD CVE-2022-50258 at SUSE CVE-2022-50258 at NVD CVE-2022-50260 at SUSE CVE-2022-50260 at NVD CVE-2022-50271 at SUSE CVE-2022-50271 at NVD CVE-2022-50272 at SUSE CVE-2022-50272 at NVD CVE-2022-50299 at SUSE CVE-2022-50299 at NVD CVE-2022-50309 at SUSE CVE-2022-50309 at NVD CVE-2022-50312 at SUSE CVE-2022-50312 at NVD CVE-2022-50317 at SUSE CVE-2022-50317 at NVD CVE-2022-50330 at SUSE CVE-2022-50330 at NVD CVE-2022-50344 at SUSE CVE-2022-50344 at NVD CVE-2022-50355 at SUSE CVE-2022-50355 at NVD CVE-2022-50359 at SUSE CVE-2022-50359 at NVD CVE-2022-50367 at SUSE CVE-2022-50367 at NVD CVE-2022-50368 at SUSE CVE-2022-50368 at NVD CVE-2022-50375 at SUSE CVE-2022-50375 at NVD CVE-2022-50381 at SUSE CVE-2022-50381 at NVD CVE-2022-50385 at SUSE CVE-2022-50385 at NVD CVE-2022-50386 at SUSE CVE-2022-50386 at NVD CVE-2022-50401 at SUSE CVE-2022-50401 at NVD CVE-2022-50408 at SUSE CVE-2022-50408 at NVD CVE-2022-50409 at SUSE CVE-2022-50409 at NVD CVE-2022-50410 at SUSE CVE-2022-50410 at NVD CVE-2022-50414 at SUSE CVE-2022-50414 at NVD CVE-2022-50419 at SUSE CVE-2022-50419 at NVD CVE-2022-50422 at SUSE CVE-2022-50422 at NVD CVE-2022-50427 at SUSE CVE-2022-50427 at NVD CVE-2022-50431 at SUSE CVE-2022-50431 at NVD CVE-2022-50435 at SUSE CVE-2022-50435 at NVD CVE-2022-50437 at SUSE CVE-2022-50437 at NVD CVE-2022-50440 at SUSE CVE-2022-50440 at NVD CVE-2022-50444 at SUSE CVE-2022-50444 at NVD CVE-2022-50454 at SUSE CVE-2022-50454 at NVD CVE-2022-50458 at SUSE CVE-2022-50458 at NVD CVE-2022-50459 at SUSE CVE-2022-50459 at NVD CVE-2022-50467 at SUSE CVE-2022-50467 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53178 at SUSE CVE-2023-53178 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53213 at SUSE CVE-2023-53213 at NVD CVE-2023-53265 at SUSE CVE-2023-53265 at NVD CVE-2023-53273 at SUSE CVE-2023-53273 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53464 at SUSE CVE-2023-53464 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110). - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968). - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840). - CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846). - CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947). - CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257). - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301). - CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140). - CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391). - CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392). - CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189). - CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827). - CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337). - CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313). - CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220). - CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200). - CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). The following non-security bugs were fixed: - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - git_sort: Make tests independent of environment. - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - scripts/python/kss-dashboard: attempt getting smash data - scripts/python/kss-dashboard: fetch into repos if stale - scripts/python/kss-dashboard: implement CVSSv3.1 score consistency check - scripts/python/kss-dashboard: prepare for the alternative CVE branch - scripts/python/kss-dashboard: simplify control flow - scripts/python/kss-dashboard: speed up patch checking a bit - scripts/python/kss-dashboard: use decorator to handle exceptions - scripts/tar-up: Remove mkspec only affter running it. - scripts: Import arch-symbols script from packaging - scripts: Import guards script from packaging - scripts: test_linux_git.py: Do not complain about missing cwd - sequence-patch: Use arch-symbols - suse_git/header: Complain about patch filenames over 100 characters. - tar-up: Also sort generated tar archives - tar-up: Handle multiple levels of symlinks - tar-up: Normalize file modes to ones supported by git - tar-up: Remove mkspec and its inputs as from target directory (bsc#1250522). - tar-up: Remove the $build_dir prefix when in $build_dir - tar-up: Set owner of files in generated tar archives to root rather than nobody - tar_up: Handle symlinks in rpm directory - use uniform permission checks for all mount propagation changes (git-fixes). Important SUSE bug 1202700 SUSE bug 1203063 SUSE bug 1203332 SUSE bug 1204228 SUSE bug 1205128 SUSE bug 1206883 SUSE bug 1206884 SUSE bug 1209287 SUSE bug 1209291 SUSE bug 1210124 SUSE bug 1210584 SUSE bug 1213061 SUSE bug 1213666 SUSE bug 1215150 SUSE bug 1216976 SUSE bug 1220185 SUSE bug 1220186 SUSE bug 1233640 SUSE bug 1240784 SUSE bug 1241353 SUSE bug 1243278 SUSE bug 1244337 SUSE bug 1244729 SUSE bug 1245110 SUSE bug 1245956 SUSE bug 1245963 SUSE bug 1246879 SUSE bug 1246968 SUSE bug 1247172 SUSE bug 1247239 SUSE bug 1248108 SUSE bug 1248255 SUSE bug 1248399 SUSE bug 1248628 SUSE bug 1248847 SUSE bug 1249186 SUSE bug 1249200 SUSE bug 1249220 SUSE bug 1249346 SUSE bug 1249538 SUSE bug 1249604 SUSE bug 1249664 SUSE bug 1249667 SUSE bug 1249700 SUSE bug 1249713 SUSE bug 1249716 SUSE bug 1249718 SUSE bug 1249734 SUSE bug 1249740 SUSE bug 1249743 SUSE bug 1249747 SUSE bug 1249808 SUSE bug 1249825 SUSE bug 1249827 SUSE bug 1249840 SUSE bug 1249846 SUSE bug 1249880 SUSE bug 1249885 SUSE bug 1249908 SUSE bug 1249918 SUSE bug 1249923 SUSE bug 1249930 SUSE bug 1249947 SUSE bug 1249949 SUSE bug 1250002 SUSE bug 1250009 SUSE bug 1250014 SUSE bug 1250041 SUSE bug 1250131 SUSE bug 1250132 SUSE bug 1250140 SUSE bug 1250180 SUSE bug 1250183 SUSE bug 1250187 SUSE bug 1250189 SUSE bug 1250257 SUSE bug 1250269 SUSE bug 1250277 SUSE bug 1250301 SUSE bug 1250313 SUSE bug 1250337 SUSE bug 1250391 SUSE bug 1250392 SUSE bug 1250394 SUSE bug 1250522 SUSE bug 1250764 SUSE bug 1250767 SUSE bug 1250774 SUSE bug 1250787 SUSE bug 1250790 SUSE bug 1250797 SUSE bug 1250799 SUSE bug 1250823 SUSE bug 1250847 SUSE bug 1250850 SUSE bug 1250853 SUSE bug 1250868 SUSE bug 1250890 SUSE bug 1250891 CVE-2021-4460 at SUSE CVE-2021-4460 at NVD CVE-2022-2602 at SUSE CVE-2022-2602 at NVD CVE-2022-2978 at SUSE CVE-2022-2978 at NVD CVE-2022-36280 at SUSE CVE-2022-36280 at NVD CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-49980 at SUSE CVE-2022-49980 at NVD CVE-2022-50233 at SUSE CVE-2022-50233 at NVD CVE-2022-50234 at SUSE CVE-2022-50234 at NVD CVE-2022-50235 at SUSE CVE-2022-50235 at NVD CVE-2022-50248 at SUSE CVE-2022-50248 at NVD CVE-2022-50249 at SUSE CVE-2022-50249 at NVD CVE-2022-50252 at SUSE CVE-2022-50252 at NVD CVE-2022-50257 at SUSE CVE-2022-50257 at NVD CVE-2022-50258 at SUSE CVE-2022-50258 at NVD CVE-2022-50260 at SUSE CVE-2022-50260 at NVD CVE-2022-50271 at SUSE CVE-2022-50271 at NVD CVE-2022-50272 at SUSE CVE-2022-50272 at NVD CVE-2022-50299 at SUSE CVE-2022-50299 at NVD CVE-2022-50309 at SUSE CVE-2022-50309 at NVD CVE-2022-50312 at SUSE CVE-2022-50312 at NVD CVE-2022-50317 at SUSE CVE-2022-50317 at NVD CVE-2022-50330 at SUSE CVE-2022-50330 at NVD CVE-2022-50344 at SUSE CVE-2022-50344 at NVD CVE-2022-50355 at SUSE CVE-2022-50355 at NVD CVE-2022-50359 at SUSE CVE-2022-50359 at NVD CVE-2022-50367 at SUSE CVE-2022-50367 at NVD CVE-2022-50368 at SUSE CVE-2022-50368 at NVD CVE-2022-50375 at SUSE CVE-2022-50375 at NVD CVE-2022-50381 at SUSE CVE-2022-50381 at NVD CVE-2022-50385 at SUSE CVE-2022-50385 at NVD CVE-2022-50386 at SUSE CVE-2022-50386 at NVD CVE-2022-50401 at SUSE CVE-2022-50401 at NVD CVE-2022-50408 at SUSE CVE-2022-50408 at NVD CVE-2022-50409 at SUSE CVE-2022-50409 at NVD CVE-2022-50410 at SUSE CVE-2022-50410 at NVD CVE-2022-50412 at SUSE CVE-2022-50412 at NVD CVE-2022-50414 at SUSE CVE-2022-50414 at NVD CVE-2022-50419 at SUSE CVE-2022-50419 at NVD CVE-2022-50422 at SUSE CVE-2022-50422 at NVD CVE-2022-50427 at SUSE CVE-2022-50427 at NVD CVE-2022-50431 at SUSE CVE-2022-50431 at NVD CVE-2022-50435 at SUSE CVE-2022-50435 at NVD CVE-2022-50437 at SUSE CVE-2022-50437 at NVD CVE-2022-50440 at SUSE CVE-2022-50440 at NVD CVE-2022-50444 at SUSE CVE-2022-50444 at NVD CVE-2022-50454 at SUSE CVE-2022-50454 at NVD CVE-2022-50458 at SUSE CVE-2022-50458 at NVD CVE-2022-50459 at SUSE CVE-2022-50459 at NVD CVE-2022-50467 at SUSE CVE-2022-50467 at NVD CVE-2023-1380 at SUSE CVE-2023-1380 at NVD CVE-2023-28328 at SUSE CVE-2023-28328 at NVD CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53178 at SUSE CVE-2023-53178 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53213 at SUSE CVE-2023-53213 at NVD CVE-2023-53220 at SUSE CVE-2023-53220 at NVD CVE-2023-53265 at SUSE CVE-2023-53265 at NVD CVE-2023-53273 at SUSE CVE-2023-53273 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53464 at SUSE CVE-2023-53464 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2024-26583 at SUSE CVE-2024-26583 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-53093 at SUSE CVE-2024-53093 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-38011 at SUSE CVE-2025-38011 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38216 at SUSE CVE-2025-38216 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for samba fixes the following issues: - CVE-2025-9640: Fixed vfs_streams_xattr uninitialized memory write (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS Server Hook Script (bsc#1251280). Critical SUSE bug 1251279 SUSE bug 1251280 CVE-2025-10230 at SUSE CVE-2025-10230 at NVD CVE-2025-9640 at SUSE CVE-2025-9640 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Moderate SUSE bug 1236588 SUSE bug 1236590 CVE-2025-0167 at SUSE CVE-2025-0167 at NVD CVE-2025-0725 at SUSE CVE-2025-0725 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for protobuf fixes the following issues: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to a `RecursionError` (bsc#1244663). Moderate SUSE bug 1244663 CVE-2025-4565 at SUSE CVE-2025-4565 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function that could cause a denial of service (bsc#1251979) Important SUSE bug 1251979 CVE-2025-11731 at SUSE CVE-2025-11731 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1. Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Important SUSE bug 1251263 CVE-2025-9187 at SUSE CVE-2025-9187 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972). - CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing (bsc#1243850). - CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups can lead to privilege escalation when information is used for access control (bsc#1244199). - CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can lead to use-after-free (bsc#1242665). Other issues fixed: - Fixed in version 5.9.0.git21.a73f509: * cargo: update dependencies * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat * microsoft/azure: Fix SharedConfig parsing of XML attributes * microsoft/azure: Mock goalstate.SharedConfig output in tests * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471). * upcloud: implement UpCloud provider * Update several build dependencies - Fixed in version 5.9.0: * cargo: update dependencies * dracut: Return 255 in module-setup * oraclecloud: add release note and move base URL to constant * oraclecloud: implement oraclecloud provider * Update several build dependencies - Fixed in version 5.8.2: * cargo: update dependencies * packit: add initial support - Fixed in version 5.7.0.git103.bae893c: * proxmoxve: Add more context to log messages. * proxmoxve: Remove unneeded fields * proxmoxve: Add tests for static network configuration from cloud-init. * proxmoxve: Add support for static network configuration from cloud-init. * providers/openstack: ignore ec2 metadata if not present * proxmox: use noop provider if no configdrive * Update several build dependencies - Fixed in version 5.7.0: * cargo: update dependencies * dhcp: replace dbus_proxy with proxy, and zbus traits * providers/hetzner: private ipv4 addresses in attributes * openstack: Document the two platforms * microsoft/azure: allow empty certificate chain in PKCS12 file * proxmoxve: implement proxmoxve provider * providers/hetzner: fix duplicate attribute prefix * lint: silence deadcode warnings * lint: address latest lint's from msrv update * cargo: update msrv to 1.75 * providers: Add 'akamai' provider * providers/vmware: add missing public functions for non-amd64 * providers/vmware: Process guestinfo.metadata netplan configuration * kubevirt: Run afterburn-hostname service * providers: add support for scaleway * Move away from deprecated `users` to `uzers` * providers/hetzner: add support for Hetzner Cloud * cargo: update MSRV to 1.71 * cargo: specify required features for nix dependency * openstack: Add attribute OPENSTACK_INSTANCE_UUID * cargo: allow openssl 0.10.46 * build-sys: Use new tier = 2 for cargo-vendor-filterer * cargo: fix minimum version of openssl crate * microsoft/crypto/mod: replace deprecated function `parse` with `parse2` * cli: switch to clap derive * cli: add descriptive value names for option arguments in --help * cli: have clap require exactly one of --cmdline/--provider * providers/`*`: move endpoint mocking into retry::Client * retry/client: move URL parsing into helper function * providers/microsoft: import crate::retry * providers/microsoft: use stored client for all fetches * providers/packet: use stored client for boot checkin * initrd: remember to write trailing newline to network kargs file * util: drop obsolete 'OEM' terminology * Inline variables into format strings * Update several build dependencies - Fixed in version 5.4.1: * cargo: add configuration for cargo-vendor-filterer * util: support DHCP option lookup from NetworkManager * util: factor out retries of DHCP option lookup * util: refactor DHCP option query helper into an enum * util: move dns_lease_key_lookup() to a separate module * cargo: update MSRV to 1.66 * cargo: update all packages to fix build error * cargo: continue to support openssh-keys 0.5 * cargo: drop serde_derive crate in favor of serde derive feature * cargo: use consistent declaration syntax for slog dependency * cargo: drop unused dependencies * cargo: continue to support base64 0.13 * cargo: continue to support mailparse 0.13.8 * cargo: continue to support clap 3.1 * cargo: stop enabling LTO in release builds * providers/ibmcloud: avoid error if an ssh key not found in metadata * systemd: add explicit ordering, after multi-user.target * network: fix clippy 1.63.0 lints * cargo: allow serde_yaml 0.8 * cargo: update version ranges for post-1.x deps * providers: Use inline `format!` in a few places * *: bump MSRV to 1.58.0 * cargo: update clap to 3.2.5 * copr: mark git checkout as safe * providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID * Update several build dependencies - Fixed in version 5.3.0: * systemd: enable sshkeys on Power VS platform * network: Encode information for systemd-networkd-wait-online * cargo: update to clap 3.1 * cargo: enable clap wrap_help feature * cli: run clap tests * cli: avoid deprecated clap constructs * cargo: update to clap 3.0 * cli: use clap mechanism to require exp subcommand * cargo: declare MSRV in Cargo.toml * cargo: update to Rust 2021; bump MSRV to 1.56.0 * copr: abort if specfile fetch fails * providers/aws: add AWS_IPV6 attribute * providers/aws: bump metadata version to 2021-01-03 * kubevirt: Add KubeVirt platform support * *.service: add/update Documentation field * aws/mock_tests: explicitly drop mocks before resetting * aws/mock_tests: split out IMDS tests * aws/mock_tests: factor out map building * *: use `RemainAfterExit` on all oneshot services * Update several build dependencies Important SUSE bug 1196972 SUSE bug 1242665 SUSE bug 1243850 SUSE bug 1244199 SUSE bug 1244675 SUSE bug 1250471 CVE-2022-24713 at SUSE CVE-2022-24713 at NVD CVE-2024-12224 at SUSE CVE-2024-12224 at NVD CVE-2025-3416 at SUSE CVE-2025-3416 at NVD CVE-2025-5791 at SUSE CVE-2025-5791 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). Moderate SUSE bug 1246974 SUSE bug 1249375 CVE-2025-8114 at SUSE CVE-2025-8114 at NVD CVE-2025-8277 at SUSE CVE-2025-8277 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tiff fixes the following issues: - CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413). Important SUSE bug 1250413 CVE-2025-9900 at SUSE CVE-2025-9900 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7> Important SUSE bug 1252232 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119) Low SUSE bug 1239119 CVE-2025-30258 at SUSE CVE-2025-30258 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.1> Update to runc v1.3.0. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.0> Important SUSE bug 1252110 SUSE bug 1252232 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376) - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376) - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376) Other fixes: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) Important SUSE bug 1248988 SUSE bug 1252376 SUSE bug 1252543 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) Moderate SUSE bug 1251198 SUSE bug 1251199 CVE-2025-61984 at SUSE CVE-2025-61984 at NVD CVE-2025-61985 at SUSE CVE-2025-61985 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) Moderate SUSE bug 1247850 SUSE bug 1249076 CVE-2025-8732 at SUSE CVE-2025-8732 at NVD CVE-2025-9714 at SUSE CVE-2025-9714 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise FIXME kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1250293). - CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784). - CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1250851). - CVE-2022-50488: block, bfq: fix possible uaf for 'bfqq->bic' (bsc#1251201). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2023-53722: md: raid1: fix potential OOB in raid1_remove_disk() (bsc#1252499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). Important SUSE bug 1065729 SUSE bug 1199304 SUSE bug 1205128 SUSE bug 1206893 SUSE bug 1210124 SUSE bug 1243919 SUSE bug 1247317 SUSE bug 1249186 SUSE bug 1249857 SUSE bug 1249859 SUSE bug 1249988 SUSE bug 1250293 SUSE bug 1250311 SUSE bug 1250358 SUSE bug 1250742 SUSE bug 1250784 SUSE bug 1250816 SUSE bug 1250851 SUSE bug 1250946 SUSE bug 1251040 SUSE bug 1251047 SUSE bug 1251052 SUSE bug 1251072 SUSE bug 1251088 SUSE bug 1251091 SUSE bug 1251115 SUSE bug 1251169 SUSE bug 1251173 SUSE bug 1251182 SUSE bug 1251201 SUSE bug 1251202 SUSE bug 1251208 SUSE bug 1251222 SUSE bug 1251292 SUSE bug 1251300 SUSE bug 1251550 SUSE bug 1251723 SUSE bug 1251725 SUSE bug 1251730 SUSE bug 1251741 SUSE bug 1251743 SUSE bug 1251747 SUSE bug 1251763 SUSE bug 1251930 SUSE bug 1252035 SUSE bug 1252047 SUSE bug 1252480 SUSE bug 1252499 SUSE bug 1252516 SUSE bug 1252554 SUSE bug 1252688 SUSE bug 1252775 CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-50327 at SUSE CVE-2022-50327 at NVD CVE-2022-50334 at SUSE CVE-2022-50334 at NVD CVE-2022-50388 at SUSE CVE-2022-50388 at NVD CVE-2022-50423 at SUSE CVE-2022-50423 at NVD CVE-2022-50432 at SUSE CVE-2022-50432 at NVD CVE-2022-50470 at SUSE CVE-2022-50470 at NVD CVE-2022-50480 at SUSE CVE-2022-50480 at NVD CVE-2022-50484 at SUSE CVE-2022-50484 at NVD CVE-2022-50487 at SUSE CVE-2022-50487 at NVD CVE-2022-50488 at SUSE CVE-2022-50488 at NVD CVE-2022-50489 at SUSE CVE-2022-50489 at NVD CVE-2022-50493 at SUSE CVE-2022-50493 at NVD CVE-2022-50494 at SUSE CVE-2022-50494 at NVD CVE-2022-50496 at SUSE CVE-2022-50496 at NVD CVE-2022-50504 at SUSE CVE-2022-50504 at NVD CVE-2022-50513 at SUSE CVE-2022-50513 at NVD CVE-2022-50516 at SUSE CVE-2022-50516 at NVD CVE-2022-50532 at SUSE CVE-2022-50532 at NVD CVE-2022-50534 at SUSE CVE-2022-50534 at NVD CVE-2022-50544 at SUSE CVE-2022-50544 at NVD CVE-2022-50546 at SUSE CVE-2022-50546 at NVD CVE-2022-50549 at SUSE CVE-2022-50549 at NVD CVE-2022-50563 at SUSE CVE-2022-50563 at NVD CVE-2022-50574 at SUSE CVE-2022-50574 at NVD CVE-2023-53282 at SUSE CVE-2023-53282 at NVD CVE-2023-53365 at SUSE CVE-2023-53365 at NVD CVE-2023-53395 at SUSE CVE-2023-53395 at NVD CVE-2023-53500 at SUSE CVE-2023-53500 at NVD CVE-2023-53559 at SUSE CVE-2023-53559 at NVD CVE-2023-53564 at SUSE CVE-2023-53564 at NVD CVE-2023-53566 at SUSE CVE-2023-53566 at NVD CVE-2023-53574 at SUSE CVE-2023-53574 at NVD CVE-2023-53619 at SUSE CVE-2023-53619 at NVD CVE-2023-53673 at SUSE CVE-2023-53673 at NVD CVE-2023-53705 at SUSE CVE-2023-53705 at NVD CVE-2023-53722 at SUSE CVE-2023-53722 at NVD CVE-2025-38476 at SUSE CVE-2025-38476 at NVD CVE-2025-39968 at SUSE CVE-2025-39968 at NVD CVE-2025-39973 at SUSE CVE-2025-39973 at NVD CVE-2025-40018 at SUSE CVE-2025-40018 at NVD CVE-2025-40082 at SUSE CVE-2025-40082 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 Moderate SUSE bug 1252931 SUSE bug 1252932 SUSE bug 1252933 SUSE bug 1252934 SUSE bug 1252935 CVE-2025-54771 at SUSE CVE-2025-54771 at NVD CVE-2025-61661 at SUSE CVE-2025-61661 at NVD CVE-2025-61662 at SUSE CVE-2025-61662 at NVD CVE-2025-61663 at SUSE CVE-2025-61663 at NVD CVE-2025-61664 at SUSE CVE-2025-61664 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542) Important SUSE bug 1253542 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) Moderate SUSE bug 1253757 CVE-2025-11563 at SUSE CVE-2025-11563 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) Moderate SUSE bug 1249055 CVE-2025-7039 at SUSE CVE-2025-7039 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1250293). - CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784). - CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1250851). - CVE-2022-50488: block, bfq: fix possible uaf for 'bfqq->bic' (bsc#1251201). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2023-53722: md: raid1: fix potential OOB in raid1_remove_disk() (bsc#1252499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). Important SUSE bug 1065729 SUSE bug 1199304 SUSE bug 1205128 SUSE bug 1206893 SUSE bug 1210124 SUSE bug 1247317 SUSE bug 1249186 SUSE bug 1249857 SUSE bug 1249859 SUSE bug 1249988 SUSE bug 1250293 SUSE bug 1250311 SUSE bug 1250358 SUSE bug 1250742 SUSE bug 1250784 SUSE bug 1250816 SUSE bug 1250851 SUSE bug 1250946 SUSE bug 1251040 SUSE bug 1251047 SUSE bug 1251052 SUSE bug 1251072 SUSE bug 1251088 SUSE bug 1251091 SUSE bug 1251115 SUSE bug 1251169 SUSE bug 1251173 SUSE bug 1251182 SUSE bug 1251201 SUSE bug 1251202 SUSE bug 1251208 SUSE bug 1251222 SUSE bug 1251292 SUSE bug 1251300 SUSE bug 1251550 SUSE bug 1251723 SUSE bug 1251725 SUSE bug 1251730 SUSE bug 1251741 SUSE bug 1251743 SUSE bug 1251747 SUSE bug 1251763 SUSE bug 1251930 SUSE bug 1252035 SUSE bug 1252047 SUSE bug 1252480 SUSE bug 1252499 SUSE bug 1252516 SUSE bug 1252554 SUSE bug 1252688 SUSE bug 1252775 CVE-2022-43945 at SUSE CVE-2022-43945 at NVD CVE-2022-50327 at SUSE CVE-2022-50327 at NVD CVE-2022-50334 at SUSE CVE-2022-50334 at NVD CVE-2022-50388 at SUSE CVE-2022-50388 at NVD CVE-2022-50423 at SUSE CVE-2022-50423 at NVD CVE-2022-50432 at SUSE CVE-2022-50432 at NVD CVE-2022-50470 at SUSE CVE-2022-50470 at NVD CVE-2022-50480 at SUSE CVE-2022-50480 at NVD CVE-2022-50484 at SUSE CVE-2022-50484 at NVD CVE-2022-50487 at SUSE CVE-2022-50487 at NVD CVE-2022-50488 at SUSE CVE-2022-50488 at NVD CVE-2022-50489 at SUSE CVE-2022-50489 at NVD CVE-2022-50493 at SUSE CVE-2022-50493 at NVD CVE-2022-50494 at SUSE CVE-2022-50494 at NVD CVE-2022-50496 at SUSE CVE-2022-50496 at NVD CVE-2022-50504 at SUSE CVE-2022-50504 at NVD CVE-2022-50513 at SUSE CVE-2022-50513 at NVD CVE-2022-50516 at SUSE CVE-2022-50516 at NVD CVE-2022-50532 at SUSE CVE-2022-50532 at NVD CVE-2022-50534 at SUSE CVE-2022-50534 at NVD CVE-2022-50544 at SUSE CVE-2022-50544 at NVD CVE-2022-50546 at SUSE CVE-2022-50546 at NVD CVE-2022-50549 at SUSE CVE-2022-50549 at NVD CVE-2022-50563 at SUSE CVE-2022-50563 at NVD CVE-2022-50574 at SUSE CVE-2022-50574 at NVD CVE-2023-53282 at SUSE CVE-2023-53282 at NVD CVE-2023-53365 at SUSE CVE-2023-53365 at NVD CVE-2023-53395 at SUSE CVE-2023-53395 at NVD CVE-2023-53500 at SUSE CVE-2023-53500 at NVD CVE-2023-53559 at SUSE CVE-2023-53559 at NVD CVE-2023-53564 at SUSE CVE-2023-53564 at NVD CVE-2023-53566 at SUSE CVE-2023-53566 at NVD CVE-2023-53574 at SUSE CVE-2023-53574 at NVD CVE-2023-53619 at SUSE CVE-2023-53619 at NVD CVE-2023-53673 at SUSE CVE-2023-53673 at NVD CVE-2023-53705 at SUSE CVE-2023-53705 at NVD CVE-2023-53722 at SUSE CVE-2023-53722 at NVD CVE-2025-38476 at SUSE CVE-2025-38476 at NVD CVE-2025-39968 at SUSE CVE-2025-39968 at NVD CVE-2025-39973 at SUSE CVE-2025-39973 at NVD CVE-2025-40018 at SUSE CVE-2025-40018 at NVD CVE-2025-40082 at SUSE CVE-2025-40082 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827) Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325) Important SUSE bug 1244325 SUSE bug 1251827 CVE-2025-11561 at SUSE CVE-2025-11561 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) Moderate SUSE bug 1254132 CVE-2025-9820 at SUSE CVE-2025-9820 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) Important SUSE bug 1253126 SUSE bug 1253132 CVE-2024-25621 at SUSE CVE-2024-25621 at NVD CVE-2025-64329 at SUSE CVE-2025-64329 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) Moderate SUSE bug 1234225 SUSE bug 1244057 SUSE bug 1253783 CVE-2025-58436 at SUSE CVE-2025-58436 at NVD CVE-2025-61915 at SUSE CVE-2025-61915 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. Important SUSE bug 1254353 CVE-2025-58436 at SUSE CVE-2025-58436 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). Moderate SUSE bug 1244057 SUSE bug 1254353 CVE-2025-58436 at SUSE CVE-2025-58436 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) Important SUSE bug 1254157 SUSE bug 1254158 SUSE bug 1254159 SUSE bug 1254160 SUSE bug 1254480 CVE-2025-64505 at SUSE CVE-2025-64505 at NVD CVE-2025-64506 at SUSE CVE-2025-64506 at NVD CVE-2025-64720 at SUSE CVE-2025-64720 at NVD CVE-2025-65018 at SUSE CVE-2025-65018 at NVD CVE-2025-66293 at SUSE CVE-2025-66293 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). Important SUSE bug 1254297 SUSE bug 1254662 SUSE bug 1254878 CVE-2025-13601 at SUSE CVE-2025-13601 at NVD CVE-2025-14087 at SUSE CVE-2025-14087 at NVD CVE-2025-14512 at SUSE CVE-2025-14512 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: - Security issues fixed: - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257) - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Other changes and bugs fixed: - Fixed TLS and x509 modules for OSes with older cryptography module - Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) * Use external tornado on Python > 3.11 * Make tls and x509 to use python-cryptography * Remove usage of spwd - Fixed payload signature verification on Tumbleweed (bsc#1251776) - Fixed broken symlink on migration to Leap 16.0 (bsc#1250755) - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207) - Improved SL Micro 6.2 detection with grains - Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros - Set python-CherryPy as required for python-salt-testsuite Important SUSE bug 1227207 SUSE bug 1250520 SUSE bug 1250755 SUSE bug 1251776 SUSE bug 1252244 SUSE bug 1252285 SUSE bug 1254256 SUSE bug 1254257 CVE-2025-62348 at SUSE CVE-2025-62348 at NVD CVE-2025-62349 at SUSE CVE-2025-62349 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - cifs: Check the lease context if we actually got a lease (bsc#1228688). - cifs: return a single-use cfid if we did not get a lease (bsc#1228688). - smb3: fix Open files on server counter going negative (git-fixes). Important SUSE bug 1228688 SUSE bug 1249806 SUSE bug 1251247 SUSE bug 1251786 SUSE bug 1252560 SUSE bug 1252780 SUSE bug 1253367 SUSE bug 1253431 SUSE bug 1253436 CVE-2022-50280 at SUSE CVE-2022-50280 at NVD CVE-2023-53659 at SUSE CVE-2023-53659 at NVD CVE-2023-53676 at SUSE CVE-2023-53676 at NVD CVE-2023-53717 at SUSE CVE-2023-53717 at NVD CVE-2025-40040 at SUSE CVE-2025-40040 at NVD CVE-2025-40121 at SUSE CVE-2025-40121 at NVD CVE-2025-40154 at SUSE CVE-2025-40154 at NVD CVE-2025-40204 at SUSE CVE-2025-40204 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed SSH Agent that could cause a panic due to an out-of-bounds read with non-validated message sizes (bsc#1253993) Moderate SUSE bug 1253993 CVE-2025-47914 at SUSE CVE-2025-47914 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) Important SUSE bug 1236878 CVE-2024-12133 at SUSE CVE-2024-12133 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Moderate SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) Low SUSE bug 1236282 CVE-2025-0395 at SUSE CVE-2025-0395 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250211 release (bsc#1237096) - CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access. - CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability. - CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability. - CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E | EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13 | RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11 | SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E ### New Disclosures Updated in Prior Releases | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Moderate SUSE bug 1237096 CVE-2024-31068 at SUSE CVE-2024-31068 at NVD CVE-2024-36293 at SUSE CVE-2024-36293 at NVD CVE-2024-37020 at SUSE CVE-2024-37020 at NVD CVE-2024-39355 at SUSE CVE-2024-39355 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). Moderate SUSE bug 1237040 CVE-2025-26465 at SUSE CVE-2025-26465 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) Important SUSE bug 1233606 SUSE bug 1233608 SUSE bug 1233609 SUSE bug 1233610 SUSE bug 1233612 SUSE bug 1233613 SUSE bug 1233614 SUSE bug 1233615 SUSE bug 1233616 SUSE bug 1233617 SUSE bug 1234958 SUSE bug 1236316 SUSE bug 1236317 SUSE bug 1237002 SUSE bug 1237006 SUSE bug 1237008 SUSE bug 1237009 SUSE bug 1237010 SUSE bug 1237011 SUSE bug 1237012 SUSE bug 1237013 SUSE bug 1237014 CVE-2024-45774 at SUSE CVE-2024-45774 at NVD CVE-2024-45775 at SUSE CVE-2024-45775 at NVD CVE-2024-45776 at SUSE CVE-2024-45776 at NVD CVE-2024-45777 at SUSE CVE-2024-45777 at NVD CVE-2024-45778 at SUSE CVE-2024-45778 at NVD CVE-2024-45779 at SUSE CVE-2024-45779 at NVD CVE-2024-45780 at SUSE CVE-2024-45780 at NVD CVE-2024-45781 at SUSE CVE-2024-45781 at NVD CVE-2024-45782 at SUSE CVE-2024-45782 at NVD CVE-2024-45783 at SUSE CVE-2024-45783 at NVD CVE-2024-56737 at SUSE CVE-2024-56737 at NVD CVE-2025-0622 at SUSE CVE-2025-0622 at NVD CVE-2025-0624 at SUSE CVE-2025-0624 at NVD CVE-2025-0677 at SUSE CVE-2025-0677 at NVD CVE-2025-0678 at SUSE CVE-2025-0678 at NVD CVE-2025-0684 at SUSE CVE-2025-0684 at NVD CVE-2025-0685 at SUSE CVE-2025-0685 at NVD CVE-2025-0686 at SUSE CVE-2025-0686 at NVD CVE-2025-0689 at SUSE CVE-2025-0689 at NVD CVE-2025-0690 at SUSE CVE-2025-0690 at NVD CVE-2025-1118 at SUSE CVE-2025-1118 at NVD CVE-2025-1125 at SUSE CVE-2025-1125 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915). - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007). - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845). Other fixes: - Fix ipxe build with new binutils (bsc#1219733, bsc#1219722). Important SUSE bug 1219722 SUSE bug 1219733 SUSE bug 1222845 SUSE bug 1229007 SUSE bug 1230915 CVE-2024-3447 at SUSE CVE-2024-3447 at NVD CVE-2024-7409 at SUSE CVE-2024-7409 at NVD CVE-2024-8612 at SUSE CVE-2024-8612 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for pam_pkcs11 fixes the following issues: - CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062). - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058). Moderate SUSE bug 1237058 SUSE bug 1237062 CVE-2025-24031 at SUSE CVE-2025-24031 at NVD CVE-2025-24032 at SUSE CVE-2025-24032 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). Moderate SUSE bug 1229685 SUSE bug 1229822 SUSE bug 1230078 SUSE bug 1235695 SUSE bug 1236151 SUSE bug 1237137 CVE-2024-43790 at SUSE CVE-2024-43790 at NVD CVE-2024-43802 at SUSE CVE-2024-43802 at NVD CVE-2024-45306 at SUSE CVE-2024-45306 at NVD CVE-2025-1215 at SUSE CVE-2025-1215 at NVD CVE-2025-22134 at SUSE CVE-2025-22134 at NVD CVE-2025-24014 at SUSE CVE-2025-24014 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). Moderate SUSE bug 1236974 CVE-2024-12243 at SUSE CVE-2024-12243 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). Important SUSE bug 1214290 SUSE bug 1236842 CVE-2023-4016 at SUSE CVE-2023-4016 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages. (bsc#1218879) - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880) - CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881) - CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882) - CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883) - CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message. (bsc#1218884) - CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message. (bsc#1218885) Important SUSE bug 1218879 SUSE bug 1218880 SUSE bug 1218881 SUSE bug 1218882 SUSE bug 1218883 SUSE bug 1218884 SUSE bug 1218885 CVE-2023-45229 at SUSE CVE-2023-45229 at NVD CVE-2023-45230 at SUSE CVE-2023-45230 at NVD CVE-2023-45231 at SUSE CVE-2023-45231 at NVD CVE-2023-45232 at SUSE CVE-2023-45232 at NVD CVE-2023-45233 at SUSE CVE-2023-45233 at NVD CVE-2023-45234 at SUSE CVE-2023-45234 at NVD CVE-2023-45235 at SUSE CVE-2023-45235 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). Moderate SUSE bug 1237431 CVE-2025-26597 at SUSE CVE-2025-26597 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847, bsc#1231847, bsc#1237389). - NFS: Reduce readdir stack usage (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847). Important SUSE bug 1215420 SUSE bug 1224763 SUSE bug 1231847 SUSE bug 1233112 SUSE bug 1234025 SUSE bug 1235217 SUSE bug 1235230 SUSE bug 1235249 SUSE bug 1235430 SUSE bug 1235441 SUSE bug 1235466 SUSE bug 1235645 SUSE bug 1235759 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235920 SUSE bug 1236104 SUSE bug 1237389 CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for podman fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641) - CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698) - CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499) - CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208) - CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) - CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677) - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270) - CVE-2024-6104: Fixed hashicorp/go-retryablehttp writing sensitive information to log files (bsc#1227052) - CVE-2023-45288: Fixed golang.org/x/net/http2 excessive resource consumption when receiving too many headers (bsc#1236507) - Load ip_tables and ip6_tables kernel module (bsc#1214612) * Required for rootless mode as a regular user has no permission to load kernel modules - Refactor network backend dependencies: * podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. * This fixes missing cni-plugins in some scenarios * Default to netavark everywhere where it's available Important SUSE bug 1214612 SUSE bug 1215807 SUSE bug 1215926 SUSE bug 1217828 SUSE bug 1221677 SUSE bug 1227052 SUSE bug 1231208 SUSE bug 1231230 SUSE bug 1231499 SUSE bug 1231698 SUSE bug 1236270 SUSE bug 1236507 SUSE bug 1237641 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-11218 at SUSE CVE-2024-11218 at NVD CVE-2024-1753 at SUSE CVE-2024-1753 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2024-9341 at SUSE CVE-2024-9341 at NVD CVE-2024-9407 at SUSE CVE-2024-9407 at NVD CVE-2024-9675 at SUSE CVE-2024-9675 at NVD CVE-2024-9676 at SUSE CVE-2024-9676 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). Moderate SUSE bug 1234089 SUSE bug 1237335 CVE-2024-29018 at SUSE CVE-2024-29018 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for u-boot fixes the following issues: - CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284). - CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287). Moderate SUSE bug 1237284 SUSE bug 1237287 CVE-2024-57256 at SUSE CVE-2024-57256 at NVD CVE-2024-57258 at SUSE CVE-2024-57258 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Moderate SUSE bug 1236619 CVE-2025-24528 at SUSE CVE-2025-24528 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768). - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: netvsc: Update default VMBus channels (bsc#1236757). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). Important SUSE bug 1215420 SUSE bug 1224700 SUSE bug 1225742 SUSE bug 1232919 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234963 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1236757 SUSE bug 1236761 SUSE bug 1236821 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237139 SUSE bug 1237768 SUSE bug 1238033 CVE-2021-47633 at SUSE CVE-2021-47633 at NVD CVE-2022-49080 at SUSE CVE-2022-49080 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768). - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: netvsc: Update default VMBus channels (bsc#1236757). - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus -revert (bsc#1237160). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Reduce readdir stack usage (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). Important SUSE bug 1215420 SUSE bug 1224700 SUSE bug 1224763 SUSE bug 1225742 SUSE bug 1231847 SUSE bug 1232919 SUSE bug 1233112 SUSE bug 1234025 SUSE bug 1234853 SUSE bug 1234891 SUSE bug 1234963 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235217 SUSE bug 1235230 SUSE bug 1235249 SUSE bug 1235430 SUSE bug 1235441 SUSE bug 1235466 SUSE bug 1235645 SUSE bug 1235759 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235920 SUSE bug 1236104 SUSE bug 1236757 SUSE bug 1236761 SUSE bug 1236821 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237139 SUSE bug 1237160 SUSE bug 1237389 SUSE bug 1237768 SUSE bug 1238033 CVE-2021-47633 at SUSE CVE-2021-47633 at NVD CVE-2022-49080 at SUSE CVE-2022-49080 at NVD CVE-2023-4244 at SUSE CVE-2023-4244 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418). Important SUSE bug 1237363 SUSE bug 1237370 SUSE bug 1237418 CVE-2024-56171 at SUSE CVE-2024-56171 at NVD CVE-2025-24928 at SUSE CVE-2025-24928 at NVD CVE-2025-27113 at SUSE CVE-2025-27113 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for rsync fixes the following issues: - CVE-2024-12747: Fixed race condition in handling symbolic links (bsc#1235475) - Broken rsyncd after protocol bump, regression reported (bsc#1237187). - Bump protocol version to 32 - make it easier to show server is patched. Moderate SUSE bug 1235475 SUSE bug 1237187 CVE-2024-12747 at SUSE CVE-2024-12747 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). Important SUSE bug 1239465 CVE-2025-27363 at SUSE CVE-2025-27363 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for salt fixes the following issues: - Security issues fixed: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) * CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400) - Made syntax in httputil_test compatible with Python 3.6 - Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Improved wheel key.finger call (bsc#1240532) - Improved utils.find_json function (bsc#1246130) - Extended warn_until period to 2027 Important SUSE bug 1240532 SUSE bug 1246130 SUSE bug 1254325 SUSE bug 1254400 SUSE bug 1254903 SUSE bug 1254904 SUSE bug 1254905 CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-67724 at SUSE CVE-2025-67724 at NVD CVE-2025-67725 at SUSE CVE-2025-67725 at NVD CVE-2025-67726 at SUSE CVE-2025-67726 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug Moderate SUSE bug 1254670 SUSE bug 1259619 CVE-2025-70873 at SUSE CVE-2025-70873 at NVD CVE-2025-7709 at SUSE CVE-2025-7709 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-urllib3 fixes the following issue: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). Moderate SUSE bug 1254867 SUSE bug 1259829 CVE-2025-66471 at SUSE CVE-2025-66471 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). Important SUSE bug 1257181 CVE-2026-1299 at SUSE CVE-2026-1299 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: Fixed crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). - CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052) - CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053) - CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054) - CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault - CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056) Moderate SUSE bug 1246602 SUSE bug 1258229 SUSE bug 1259051 SUSE bug 1259052 SUSE bug 1259053 SUSE bug 1259054 SUSE bug 1259055 SUSE bug 1259056 CVE-2025-53906 at SUSE CVE-2025-53906 at NVD CVE-2026-26269 at SUSE CVE-2026-26269 at NVD CVE-2026-28417 at SUSE CVE-2026-28417 at NVD CVE-2026-28418 at SUSE CVE-2026-28418 at NVD CVE-2026-28419 at SUSE CVE-2026-28419 at NVD CVE-2026-28420 at SUSE CVE-2026-28420 at NVD CVE-2026-28421 at SUSE CVE-2026-28421 at NVD CVE-2026-28422 at SUSE CVE-2026-28422 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for containerd rebuilds it against the current go 1.25 security release. Important cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). Important SUSE bug 1259711 SUSE bug 1259726 SUSE bug 1259729 CVE-2026-32776 at SUSE CVE-2026-32776 at NVD CVE-2026-32777 at SUSE CVE-2026-32777 at NVD CVE-2026-32778 at SUSE CVE-2026-32778 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). Important SUSE bug 1259803 CVE-2026-30922 at SUSE CVE-2026-30922 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). Moderate SUSE bug 1254666 CVE-2025-14104 at SUSE CVE-2025-14104 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-tornado fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630). Important SUSE bug 1254905 SUSE bug 1259553 SUSE bug 1259630 CVE-2026-31958 at SUSE CVE-2026-31958 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Important SUSE bug 1246399 CVE-2025-45582 at SUSE CVE-2025-45582 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issue: - CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). Moderate SUSE bug 1257235 CVE-2026-24401 at SUSE CVE-2026-24401 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) Important SUSE bug 1260251 CVE-2026-33186 at SUSE CVE-2026-33186 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Important SUSE bug 1260441 SUSE bug 1260442 SUSE bug 1260443 SUSE bug 1260444 SUSE bug 1260445 CVE-2026-28387 at SUSE CVE-2026-28387 at NVD CVE-2026-28388 at SUSE CVE-2026-28388 at NVD CVE-2026-28389 at SUSE CVE-2026-28389 at NVD CVE-2026-31789 at SUSE CVE-2026-31789 at NVD CVE-2026-31790 at SUSE CVE-2026-31790 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Important SUSE bug 1257836 SUSE bug 1258641 CVE-2026-25547 at SUSE CVE-2026-25547 at NVD CVE-2026-26996 at SUSE CVE-2026-26996 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). Important SUSE bug 1259845 CVE-2026-27135 at SUSE CVE-2026-27135 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit-machines fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Important SUSE bug 1257836 SUSE bug 1258641 CVE-2026-25547 at SUSE CVE-2026-25547 at NVD CVE-2026-26996 at SUSE CVE-2026-26996 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit-tukit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Important SUSE bug 1257836 SUSE bug 1258641 CVE-2026-25547 at SUSE CVE-2026-25547 at NVD CVE-2026-26996 at SUSE CVE-2026-26996 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Important SUSE bug 1257836 SUSE bug 1258641 CVE-2026-25547 at SUSE CVE-2026-25547 at NVD CVE-2026-26996 at SUSE CVE-2026-26996 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for avahi fixes the following issues: - CVE-2025-68276: avahi: reachable assertion in `avahi_wide_area_scan_cache` can lead to crash of avahi-daemon (bsc#1256498). - CVE-2025-68468: avahi: reachable assertion in `lookup_multicast_callback` can lead to crash of avahi-daemon (bsc#1256499). - CVE-2025-68471: avahi: reachable assertion in `lookup_start` can lead to crash of avahi-daemon (bsc#1256500). Moderate SUSE bug 1256498 SUSE bug 1256499 SUSE bug 1256500 CVE-2025-68276 at SUSE CVE-2025-68276 at NVD CVE-2025-68468 at SUSE CVE-2025-68468 at NVD CVE-2025-68471 at SUSE CVE-2025-68471 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upsteram update (bsc#1254876). - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) Important SUSE bug 1254876 SUSE bug 1256399 CVE-2025-14523 at SUSE CVE-2025-14523 at NVD CVE-2026-0719 at SUSE CVE-2026-0719 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). Important SUSE bug 1255715 SUSE bug 1256244 SUSE bug 1256246 SUSE bug 1256390 CVE-2025-68973 at SUSE CVE-2025-68973 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905). - CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904). Important SUSE bug 1254904 SUSE bug 1254905 CVE-2025-67725 at SUSE CVE-2025-67725 at NVD CVE-2025-67726 at SUSE CVE-2025-67726 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsodium fixes the following issues: - CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). Moderate SUSE bug 1256070 CVE-2025-15444 at SUSE CVE-2025-15444 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). Moderate SUSE bug 1256341 CVE-2025-13151 at SUSE CVE-2025-13151 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). Low SUSE bug 1257049 CVE-2026-0988 at SUSE CVE-2026-0988 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) Moderate SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) - CVE-2025-58149: Fixed incorrect removal od permissions on PCI device unplug allow PV guests to access memory of devices no longer assigned to it (XSA-476) (bsc#1252692) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed multiple vulnerabilities in the Viridian interface (XSA-472) (bsc#1248807) Other fixes: - Fixed virtxend service restart. Caused by a failure to start xenstored (bsc#1254180) Moderate SUSE bug 1248807 SUSE bug 1252692 SUSE bug 1254180 SUSE bug 1256745 SUSE bug 1256747 CVE-2025-27466 at SUSE CVE-2025-27466 at NVD CVE-2025-58142 at SUSE CVE-2025-58142 at NVD CVE-2025-58143 at SUSE CVE-2025-58143 at NVD CVE-2025-58149 at SUSE CVE-2025-58149 at NVD CVE-2025-58150 at SUSE CVE-2025-58150 at NVD CVE-2026-23553 at SUSE CVE-2026-23553 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - cifs: Check the lease context if we actually got a lease (bsc#1228688). - cifs: return a single-use cfid if we did not get a lease (bsc#1228688). - smb3: fix Open files on server counter going negative (git-fixes). Important SUSE bug 1228688 SUSE bug 1249806 SUSE bug 1251247 SUSE bug 1251786 SUSE bug 1252560 SUSE bug 1252780 SUSE bug 1253367 SUSE bug 1253431 SUSE bug 1253436 CVE-2022-50280 at SUSE CVE-2022-50280 at NVD CVE-2023-53659 at SUSE CVE-2023-53659 at NVD CVE-2023-53676 at SUSE CVE-2023-53676 at NVD CVE-2023-53717 at SUSE CVE-2023-53717 at NVD CVE-2025-40040 at SUSE CVE-2025-40040 at NVD CVE-2025-40121 at SUSE CVE-2025-40121 at NVD CVE-2025-40154 at SUSE CVE-2025-40154 at NVD CVE-2025-40204 at SUSE CVE-2025-40204 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `<include>` directives (bsc#1256805) Low SUSE bug 1256805 CVE-2026-0989 at SUSE CVE-2026-0989 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). Moderate SUSE bug 1256834 SUSE bug 1256835 SUSE bug 1256836 SUSE bug 1256837 SUSE bug 1256838 SUSE bug 1256839 SUSE bug 1256840 CVE-2025-68160 at SUSE CVE-2025-68160 at NVD CVE-2025-69418 at SUSE CVE-2025-69418 at NVD CVE-2025-69419 at SUSE CVE-2025-69419 at NVD CVE-2025-69420 at SUSE CVE-2025-69420 at NVD CVE-2025-69421 at SUSE CVE-2025-69421 at NVD CVE-2026-22795 at SUSE CVE-2026-22795 at NVD CVE-2026-22796 at SUSE CVE-2026-22796 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdev_device_add() (bsc#1249739). - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844). - CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command interface (bsc#1256040). - CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion queue (bsc#1256137). - CVE-2022-50756: nvme-core: replace ctrl page size with a macro (bsc#1256216). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control messages (bsc#1255002). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). Important SUSE bug 1065729 SUSE bug 1196823 SUSE bug 1204957 SUSE bug 1206889 SUSE bug 1207051 SUSE bug 1207088 SUSE bug 1207653 SUSE bug 1209799 SUSE bug 1213653 SUSE bug 1213969 SUSE bug 1225109 SUSE bug 1228015 SUSE bug 1245210 SUSE bug 1245751 SUSE bug 1249739 SUSE bug 1249871 SUSE bug 1250397 SUSE bug 1252678 SUSE bug 1254520 SUSE bug 1254592 SUSE bug 1254614 SUSE bug 1254615 SUSE bug 1254632 SUSE bug 1254634 SUSE bug 1254686 SUSE bug 1254711 SUSE bug 1254751 SUSE bug 1254763 SUSE bug 1254775 SUSE bug 1254785 SUSE bug 1254792 SUSE bug 1254813 SUSE bug 1254847 SUSE bug 1254851 SUSE bug 1254894 SUSE bug 1254902 SUSE bug 1254959 SUSE bug 1255002 SUSE bug 1255565 SUSE bug 1255576 SUSE bug 1255607 SUSE bug 1255609 SUSE bug 1255636 SUSE bug 1255844 SUSE bug 1255901 SUSE bug 1255908 SUSE bug 1255919 SUSE bug 1256040 SUSE bug 1256045 SUSE bug 1256048 SUSE bug 1256049 SUSE bug 1256053 SUSE bug 1256056 SUSE bug 1256064 SUSE bug 1256095 SUSE bug 1256127 SUSE bug 1256132 SUSE bug 1256136 SUSE bug 1256137 SUSE bug 1256143 SUSE bug 1256154 SUSE bug 1256165 SUSE bug 1256194 SUSE bug 1256203 SUSE bug 1256207 SUSE bug 1256208 SUSE bug 1256216 SUSE bug 1256230 SUSE bug 1256242 SUSE bug 1256248 SUSE bug 1256333 SUSE bug 1256344 SUSE bug 1256353 SUSE bug 1256426 SUSE bug 1256641 SUSE bug 1256779 CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-48853 at SUSE CVE-2022-48853 at NVD CVE-2022-50282 at SUSE CVE-2022-50282 at NVD CVE-2022-50623 at SUSE CVE-2022-50623 at NVD CVE-2022-50630 at SUSE CVE-2022-50630 at NVD CVE-2022-50635 at SUSE CVE-2022-50635 at NVD CVE-2022-50640 at SUSE CVE-2022-50640 at NVD CVE-2022-50641 at SUSE CVE-2022-50641 at NVD CVE-2022-50644 at SUSE CVE-2022-50644 at NVD CVE-2022-50646 at SUSE CVE-2022-50646 at NVD CVE-2022-50649 at SUSE CVE-2022-50649 at NVD CVE-2022-50668 at SUSE CVE-2022-50668 at NVD CVE-2022-50671 at SUSE CVE-2022-50671 at NVD CVE-2022-50678 at SUSE CVE-2022-50678 at NVD CVE-2022-50700 at SUSE CVE-2022-50700 at NVD CVE-2022-50703 at SUSE CVE-2022-50703 at NVD CVE-2022-50709 at SUSE CVE-2022-50709 at NVD CVE-2022-50717 at SUSE CVE-2022-50717 at NVD CVE-2022-50726 at SUSE CVE-2022-50726 at NVD CVE-2022-50730 at SUSE CVE-2022-50730 at NVD CVE-2022-50731 at SUSE CVE-2022-50731 at NVD CVE-2022-50733 at SUSE CVE-2022-50733 at NVD CVE-2022-50736 at SUSE CVE-2022-50736 at NVD CVE-2022-50742 at SUSE CVE-2022-50742 at NVD CVE-2022-50744 at SUSE CVE-2022-50744 at NVD CVE-2022-50756 at SUSE CVE-2022-50756 at NVD CVE-2022-50758 at SUSE CVE-2022-50758 at NVD CVE-2022-50767 at SUSE CVE-2022-50767 at NVD CVE-2022-50814 at SUSE CVE-2022-50814 at NVD CVE-2022-50821 at SUSE CVE-2022-50821 at NVD CVE-2022-50823 at SUSE CVE-2022-50823 at NVD CVE-2022-50827 at SUSE CVE-2022-50827 at NVD CVE-2022-50828 at SUSE CVE-2022-50828 at NVD CVE-2022-50840 at SUSE CVE-2022-50840 at NVD CVE-2022-50843 at SUSE CVE-2022-50843 at NVD CVE-2022-50850 at SUSE CVE-2022-50850 at NVD CVE-2022-50870 at SUSE CVE-2022-50870 at NVD CVE-2022-50876 at SUSE CVE-2022-50876 at NVD CVE-2022-50880 at SUSE CVE-2022-50880 at NVD CVE-2022-50884 at SUSE CVE-2022-50884 at NVD CVE-2022-50889 at SUSE CVE-2022-50889 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD CVE-2023-4132 at SUSE CVE-2023-4132 at NVD CVE-2023-53215 at SUSE CVE-2023-53215 at NVD CVE-2023-53254 at SUSE CVE-2023-53254 at NVD CVE-2023-53761 at SUSE CVE-2023-53761 at NVD CVE-2023-53781 at SUSE CVE-2023-53781 at NVD CVE-2023-54019 at SUSE CVE-2023-54019 at NVD CVE-2023-54024 at SUSE CVE-2023-54024 at NVD CVE-2023-54110 at SUSE CVE-2023-54110 at NVD CVE-2023-54142 at SUSE CVE-2023-54142 at NVD CVE-2023-54168 at SUSE CVE-2023-54168 at NVD CVE-2023-54170 at SUSE CVE-2023-54170 at NVD CVE-2023-54242 at SUSE CVE-2023-54242 at NVD CVE-2023-54243 at SUSE CVE-2023-54243 at NVD CVE-2023-54270 at SUSE CVE-2023-54270 at NVD CVE-2025-38068 at SUSE CVE-2025-38068 at NVD CVE-2025-38159 at SUSE CVE-2025-38159 at NVD CVE-2025-40019 at SUSE CVE-2025-40019 at NVD CVE-2025-40215 at SUSE CVE-2025-40215 at NVD CVE-2025-40220 at SUSE CVE-2025-40220 at NVD CVE-2025-40233 at SUSE CVE-2025-40233 at NVD CVE-2025-40256 at SUSE CVE-2025-40256 at NVD CVE-2025-40277 at SUSE CVE-2025-40277 at NVD CVE-2025-40280 at SUSE CVE-2025-40280 at NVD CVE-2025-40331 at SUSE CVE-2025-40331 at NVD CVE-2025-68813 at SUSE CVE-2025-68813 at NVD CVE-2025-71120 at SUSE CVE-2025-71120 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). Important SUSE bug 1257353 SUSE bug 1257354 SUSE bug 1257355 CVE-2026-1484 at SUSE CVE-2026-1484 at NVD CVE-2026-1485 at SUSE CVE-2026-1485 at NVD CVE-2026-1489 at SUSE CVE-2026-1489 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984). Important SUSE bug 1250984 CVE-2025-11234 at SUSE CVE-2025-11234 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764). Moderate SUSE bug 1255764 SUSE bug 1256070 CVE-2025-15444 at SUSE CVE-2025-15444 at NVD CVE-2025-69277 at SUSE CVE-2025-69277 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdev_device_add() (bsc#1249739). - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785). - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576). - CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844). - CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command interface (bsc#1256040). - CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion queue (bsc#1256137). - CVE-2022-50756: nvme-core: replace ctrl page size with a macro (bsc#1256216). - CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397). - CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871). - CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control messages (bsc#1255002). - CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751). - CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095). - CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053). - CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908). - CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210). - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751). - CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). Important SUSE bug 1065729 SUSE bug 1196823 SUSE bug 1204957 SUSE bug 1206889 SUSE bug 1207051 SUSE bug 1207088 SUSE bug 1207653 SUSE bug 1209799 SUSE bug 1213653 SUSE bug 1213969 SUSE bug 1225109 SUSE bug 1228015 SUSE bug 1245210 SUSE bug 1245751 SUSE bug 1249739 SUSE bug 1249871 SUSE bug 1250397 SUSE bug 1252678 SUSE bug 1254520 SUSE bug 1254592 SUSE bug 1254614 SUSE bug 1254615 SUSE bug 1254632 SUSE bug 1254634 SUSE bug 1254686 SUSE bug 1254711 SUSE bug 1254751 SUSE bug 1254763 SUSE bug 1254775 SUSE bug 1254785 SUSE bug 1254792 SUSE bug 1254813 SUSE bug 1254847 SUSE bug 1254851 SUSE bug 1254894 SUSE bug 1254902 SUSE bug 1254959 SUSE bug 1255002 SUSE bug 1255565 SUSE bug 1255576 SUSE bug 1255607 SUSE bug 1255609 SUSE bug 1255636 SUSE bug 1255844 SUSE bug 1255901 SUSE bug 1255908 SUSE bug 1255919 SUSE bug 1256040 SUSE bug 1256045 SUSE bug 1256048 SUSE bug 1256049 SUSE bug 1256053 SUSE bug 1256056 SUSE bug 1256064 SUSE bug 1256095 SUSE bug 1256127 SUSE bug 1256132 SUSE bug 1256136 SUSE bug 1256137 SUSE bug 1256143 SUSE bug 1256154 SUSE bug 1256165 SUSE bug 1256194 SUSE bug 1256203 SUSE bug 1256207 SUSE bug 1256208 SUSE bug 1256216 SUSE bug 1256230 SUSE bug 1256242 SUSE bug 1256248 SUSE bug 1256333 SUSE bug 1256344 SUSE bug 1256353 SUSE bug 1256426 SUSE bug 1256641 SUSE bug 1256779 CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-48853 at SUSE CVE-2022-48853 at NVD CVE-2022-50282 at SUSE CVE-2022-50282 at NVD CVE-2022-50623 at SUSE CVE-2022-50623 at NVD CVE-2022-50630 at SUSE CVE-2022-50630 at NVD CVE-2022-50635 at SUSE CVE-2022-50635 at NVD CVE-2022-50640 at SUSE CVE-2022-50640 at NVD CVE-2022-50641 at SUSE CVE-2022-50641 at NVD CVE-2022-50644 at SUSE CVE-2022-50644 at NVD CVE-2022-50646 at SUSE CVE-2022-50646 at NVD CVE-2022-50649 at SUSE CVE-2022-50649 at NVD CVE-2022-50668 at SUSE CVE-2022-50668 at NVD CVE-2022-50671 at SUSE CVE-2022-50671 at NVD CVE-2022-50678 at SUSE CVE-2022-50678 at NVD CVE-2022-50700 at SUSE CVE-2022-50700 at NVD CVE-2022-50703 at SUSE CVE-2022-50703 at NVD CVE-2022-50709 at SUSE CVE-2022-50709 at NVD CVE-2022-50717 at SUSE CVE-2022-50717 at NVD CVE-2022-50726 at SUSE CVE-2022-50726 at NVD CVE-2022-50730 at SUSE CVE-2022-50730 at NVD CVE-2022-50731 at SUSE CVE-2022-50731 at NVD CVE-2022-50733 at SUSE CVE-2022-50733 at NVD CVE-2022-50736 at SUSE CVE-2022-50736 at NVD CVE-2022-50742 at SUSE CVE-2022-50742 at NVD CVE-2022-50744 at SUSE CVE-2022-50744 at NVD CVE-2022-50756 at SUSE CVE-2022-50756 at NVD CVE-2022-50758 at SUSE CVE-2022-50758 at NVD CVE-2022-50767 at SUSE CVE-2022-50767 at NVD CVE-2022-50814 at SUSE CVE-2022-50814 at NVD CVE-2022-50821 at SUSE CVE-2022-50821 at NVD CVE-2022-50823 at SUSE CVE-2022-50823 at NVD CVE-2022-50827 at SUSE CVE-2022-50827 at NVD CVE-2022-50828 at SUSE CVE-2022-50828 at NVD CVE-2022-50840 at SUSE CVE-2022-50840 at NVD CVE-2022-50843 at SUSE CVE-2022-50843 at NVD CVE-2022-50850 at SUSE CVE-2022-50850 at NVD CVE-2022-50870 at SUSE CVE-2022-50870 at NVD CVE-2022-50876 at SUSE CVE-2022-50876 at NVD CVE-2022-50880 at SUSE CVE-2022-50880 at NVD CVE-2022-50884 at SUSE CVE-2022-50884 at NVD CVE-2022-50889 at SUSE CVE-2022-50889 at NVD CVE-2023-23559 at SUSE CVE-2023-23559 at NVD CVE-2023-4132 at SUSE CVE-2023-4132 at NVD CVE-2023-53215 at SUSE CVE-2023-53215 at NVD CVE-2023-53254 at SUSE CVE-2023-53254 at NVD CVE-2023-53761 at SUSE CVE-2023-53761 at NVD CVE-2023-53781 at SUSE CVE-2023-53781 at NVD CVE-2023-54019 at SUSE CVE-2023-54019 at NVD CVE-2023-54024 at SUSE CVE-2023-54024 at NVD CVE-2023-54110 at SUSE CVE-2023-54110 at NVD CVE-2023-54142 at SUSE CVE-2023-54142 at NVD CVE-2023-54168 at SUSE CVE-2023-54168 at NVD CVE-2023-54170 at SUSE CVE-2023-54170 at NVD CVE-2023-54242 at SUSE CVE-2023-54242 at NVD CVE-2023-54243 at SUSE CVE-2023-54243 at NVD CVE-2023-54270 at SUSE CVE-2023-54270 at NVD CVE-2025-38068 at SUSE CVE-2025-38068 at NVD CVE-2025-38159 at SUSE CVE-2025-38159 at NVD CVE-2025-40019 at SUSE CVE-2025-40019 at NVD CVE-2025-40215 at SUSE CVE-2025-40215 at NVD CVE-2025-40220 at SUSE CVE-2025-40220 at NVD CVE-2025-40233 at SUSE CVE-2025-40233 at NVD CVE-2025-40256 at SUSE CVE-2025-40256 at NVD CVE-2025-40277 at SUSE CVE-2025-40277 at NVD CVE-2025-40280 at SUSE CVE-2025-40280 at NVD CVE-2025-40331 at SUSE CVE-2025-40331 at NVD CVE-2025-68813 at SUSE CVE-2025-68813 at NVD CVE-2025-71120 at SUSE CVE-2025-71120 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit-podman fixes the following issues: - CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324) Important SUSE bug 1257324 CVE-2025-13465 at SUSE CVE-2025-13465 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) Moderate SUSE bug 1257144 SUSE bug 1257496 CVE-2026-24515 at SUSE CVE-2026-24515 at NVD CVE-2026-25210 at SUSE CVE-2026-25210 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit-machines fixes the following issues: - CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324) Important SUSE bug 1257325 CVE-2025-13465 at SUSE CVE-2025-13465 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for cockpit-machines fixes the following issues: - CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324) Important SUSE bug 1257325 CVE-2025-13465 at SUSE CVE-2025-13465 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup2 fixes the following issues: - CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer overflow (bsc#1257598). - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). Important SUSE bug 1256418 SUSE bug 1257598 CVE-2026-0716 at SUSE CVE-2026-0716 at NVD CVE-2026-1761 at SUSE CVE-2026-1761 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation octets leading to Denial of Service (bsc#1256902) Important SUSE bug 1256902 CVE-2026-23490 at SUSE CVE-2026-23490 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) Moderate SUSE bug 1248586 SUSE bug 1254670 CVE-2025-7709 at SUSE CVE-2025-7709 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozjs60 fixes the following issues: - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038) - CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037) - CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036) - CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602) Moderate SUSE bug 1230036 SUSE bug 1230037 SUSE bug 1230038 SUSE bug 1232602 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). Moderate SUSE bug 1254866 SUSE bug 1254867 SUSE bug 1256331 CVE-2025-66418 at SUSE CVE-2025-66418 at NVD CVE-2025-66471 at SUSE CVE-2025-66471 at NVD CVE-2026-21441 at SUSE CVE-2026-21441 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422). Moderate SUSE bug 1243422 CVE-2025-4476 at SUSE CVE-2025-4476 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: Use 'hash' iterators to simplify code (bsc#1257232). Important SUSE bug 1223007 SUSE bug 1235905 SUSE bug 1236104 SUSE bug 1237885 SUSE bug 1237906 SUSE bug 1238414 SUSE bug 1238754 SUSE bug 1238763 SUSE bug 1240284 SUSE bug 1244904 SUSE bug 1245110 SUSE bug 1245723 SUSE bug 1248306 SUSE bug 1248377 SUSE bug 1249699 SUSE bug 1249827 SUSE bug 1251201 SUSE bug 1253409 SUSE bug 1255171 SUSE bug 1255594 SUSE bug 1256612 SUSE bug 1256623 SUSE bug 1256726 SUSE bug 1256792 SUSE bug 1257232 SUSE bug 1257236 CVE-2022-49604 at SUSE CVE-2022-49604 at NVD CVE-2022-49943 at SUSE CVE-2022-49943 at NVD CVE-2022-49980 at SUSE CVE-2022-49980 at NVD CVE-2022-50329 at SUSE CVE-2022-50329 at NVD CVE-2022-50488 at SUSE CVE-2022-50488 at NVD CVE-2022-50697 at SUSE CVE-2022-50697 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2023-52983 at SUSE CVE-2023-52983 at NVD CVE-2023-53178 at SUSE CVE-2023-53178 at NVD CVE-2024-26832 at SUSE CVE-2024-26832 at NVD CVE-2024-54031 at SUSE CVE-2024-54031 at NVD CVE-2025-21760 at SUSE CVE-2025-21760 at NVD CVE-2025-21764 at SUSE CVE-2025-21764 at NVD CVE-2025-21765 at SUSE CVE-2025-21765 at NVD CVE-2025-21766 at SUSE CVE-2025-21766 at NVD CVE-2025-38129 at SUSE CVE-2025-38129 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38565 at SUSE CVE-2025-38565 at NVD CVE-2025-40139 at SUSE CVE-2025-40139 at NVD CVE-2025-68312 at SUSE CVE-2025-68312 at NVD CVE-2025-71085 at SUSE CVE-2025-71085 at NVD CVE-2025-71089 at SUSE CVE-2025-71089 at NVD CVE-2025-71112 at SUSE CVE-2025-71112 at NVD CVE-2026-22999 at SUSE CVE-2026-22999 at NVD CVE-2026-23001 at SUSE CVE-2026-23001 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594). - CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723). - CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: Use 'hash' iterators to simplify code (bsc#1257232). Important SUSE bug 1223007 SUSE bug 1235905 SUSE bug 1236104 SUSE bug 1237885 SUSE bug 1237906 SUSE bug 1238414 SUSE bug 1238754 SUSE bug 1238763 SUSE bug 1240284 SUSE bug 1244904 SUSE bug 1245110 SUSE bug 1245723 SUSE bug 1248306 SUSE bug 1248377 SUSE bug 1249699 SUSE bug 1249827 SUSE bug 1251201 SUSE bug 1253409 SUSE bug 1255171 SUSE bug 1255594 SUSE bug 1256612 SUSE bug 1256623 SUSE bug 1256726 SUSE bug 1256792 SUSE bug 1257232 SUSE bug 1257236 CVE-2022-49604 at SUSE CVE-2022-49604 at NVD CVE-2022-49943 at SUSE CVE-2022-49943 at NVD CVE-2022-49980 at SUSE CVE-2022-49980 at NVD CVE-2022-50329 at SUSE CVE-2022-50329 at NVD CVE-2022-50488 at SUSE CVE-2022-50488 at NVD CVE-2022-50697 at SUSE CVE-2022-50697 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2023-52983 at SUSE CVE-2023-52983 at NVD CVE-2023-53178 at SUSE CVE-2023-53178 at NVD CVE-2024-26832 at SUSE CVE-2024-26832 at NVD CVE-2024-54031 at SUSE CVE-2024-54031 at NVD CVE-2025-21760 at SUSE CVE-2025-21760 at NVD CVE-2025-21764 at SUSE CVE-2025-21764 at NVD CVE-2025-21765 at SUSE CVE-2025-21765 at NVD CVE-2025-21766 at SUSE CVE-2025-21766 at NVD CVE-2025-38129 at SUSE CVE-2025-38129 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38565 at SUSE CVE-2025-38565 at NVD CVE-2025-40139 at SUSE CVE-2025-40139 at NVD CVE-2025-68312 at SUSE CVE-2025-68312 at NVD CVE-2025-71085 at SUSE CVE-2025-71085 at NVD CVE-2025-71089 at SUSE CVE-2025-71089 at NVD CVE-2025-71112 at SUSE CVE-2025-71112 at NVD CVE-2026-22999 at SUSE CVE-2026-22999 at NVD CVE-2026-23001 at SUSE CVE-2026-23001 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). Moderate SUSE bug 1255731 SUSE bug 1255732 SUSE bug 1255733 SUSE bug 1255734 CVE-2025-14524 at SUSE CVE-2025-14524 at NVD CVE-2025-14819 at SUSE CVE-2025-14819 at NVD CVE-2025-15079 at SUSE CVE-2025-15079 at NVD CVE-2025-15224 at SUSE CVE-2025-15224 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). Low SUSE bug 1255765 CVE-2025-11961 at SUSE CVE-2025-11961 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). Moderate SUSE bug 1258045 SUSE bug 1258049 SUSE bug 1258054 SUSE bug 1258080 SUSE bug 1258081 CVE-2026-0964 at SUSE CVE-2026-0964 at NVD CVE-2026-0965 at SUSE CVE-2026-0965 at NVD CVE-2026-0966 at SUSE CVE-2026-0966 at NVD CVE-2026-0967 at SUSE CVE-2026-0967 at NVD CVE-2026-0968 at SUSE CVE-2026-0968 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) Moderate SUSE bug 1250553 SUSE bug 1256807 SUSE bug 1256808 SUSE bug 1256809 SUSE bug 1256811 SUSE bug 1256812 SUSE bug 1257593 SUSE bug 1257594 SUSE bug 1257595 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD CVE-2026-0990 at SUSE CVE-2026-0990 at NVD CVE-2026-0992 at SUSE CVE-2026-0992 at NVD CVE-2026-1757 at SUSE CVE-2026-1757 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525). - CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). Important SUSE bug 1256525 SUSE bug 1256526 SUSE bug 1257364 SUSE bug 1257365 SUSE bug 1258020 CVE-2025-28162 at SUSE CVE-2025-28162 at NVD CVE-2025-28164 at SUSE CVE-2025-28164 at NVD CVE-2026-22695 at SUSE CVE-2026-22695 at NVD CVE-2026-22801 at SUSE CVE-2026-22801 at NVD CVE-2026-25646 at SUSE CVE-2026-25646 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for protobuf fixes the following issues:i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). Moderate SUSE bug 1257173 CVE-2026-0994 at SUSE CVE-2026-0994 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751). - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). Important SUSE bug 1240751 SUSE bug 1258120 SUSE bug 1258170 SUSE bug 1258508 CVE-2025-32049 at SUSE CVE-2025-32049 at NVD CVE-2026-2369 at SUSE CVE-2026-2369 at NVD CVE-2026-2443 at SUSE CVE-2026-2443 at NVD CVE-2026-2708 at SUSE CVE-2026-2708 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). Important SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 SUSE bug 1257046 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904) Moderate SUSE bug 1253904 CVE-2025-58181 at SUSE CVE-2025-58181 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release (bsc#1258046) - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129) - CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege. (bsc#1258046) Important SUSE bug 1229129 SUSE bug 1258046 CVE-2024-24853 at SUSE CVE-2024-24853 at NVD CVE-2025-31648 at SUSE CVE-2025-31648 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for rsync fixes the following issues: - CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441) Moderate SUSE bug 1254441 CVE-2025-10158 at SUSE CVE-2025-10158 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for gpg2 fixes the following issues: Security fix: - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data (bsc#1256389) Moderate SUSE bug 1256389 cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for qemu fixes the following issues: - CVE-2024-6505: Fixed queue index out-of-bounds access in software RSS (bsc#1227397) - CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554) Important SUSE bug 1209554 SUSE bug 1227397 CVE-2023-1544 at SUSE CVE-2023-1544 at NVD CVE-2024-6505 at SUSE CVE-2024-6505 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for mozilla-nss fixes the following issues: update to NSS 3.112.3: * CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568) Moderate SUSE bug 1258568 CVE-2026-2781 at SUSE CVE-2026-2781 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs Moderate SUSE bug 1240871 SUSE bug 1247432 CVE-2024-2312 at SUSE CVE-2024-2312 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). Moderate SUSE bug 1256105 CVE-2025-14017 at SUSE CVE-2025-14017 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278) Other fixes: - libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822) Moderate SUSE bug 1251822 SUSE bug 1253278 SUSE bug 1253703 CVE-2025-12748 at SUSE CVE-2025-12748 at NVD CVE-2025-13193 at SUSE CVE-2025-13193 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). Important SUSE bug 1257398 SUSE bug 1257441 SUSE bug 1257597 CVE-2026-1467 at SUSE CVE-2026-1467 at NVD CVE-2026-1539 at SUSE CVE-2026-1539 at NVD CVE-2026-1760 at SUSE CVE-2026-1760 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for python-tornado fixes the following issue: - CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903). Moderate SUSE bug 1254903 CVE-2025-67724 at SUSE CVE-2025-67724 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libsoup fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). Moderate SUSE bug 1256418 CVE-2026-0716 at SUSE CVE-2026-0716 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). Moderate SUSE bug 1258859 CVE-2026-3184 at SUSE CVE-2026-3184 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). Important SUSE bug 1259362 SUSE bug 1259363 SUSE bug 1259364 SUSE bug 1259365 CVE-2026-1965 at SUSE CVE-2026-1965 at NVD CVE-2026-3783 at SUSE CVE-2026-3783 at NVD CVE-2026-3784 at SUSE CVE-2026-3784 at NVD CVE-2026-3805 at SUSE CVE-2026-3805 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) - CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) - CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) Important SUSE bug 1246965 SUSE bug 1256766 SUSE bug 1256822 SUSE bug 1257005 CVE-2025-15281 at SUSE CVE-2025-15281 at NVD CVE-2025-8058 at SUSE CVE-2025-8058 at NVD CVE-2026-0861 at SUSE CVE-2026-0861 at NVD CVE-2026-0915 at SUSE CVE-2026-0915 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255163). - CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (bsc#1255049). - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). The following non security issues were fixed: - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). Important SUSE bug 1238917 SUSE bug 1246166 SUSE bug 1247177 SUSE bug 1255049 SUSE bug 1255163 SUSE bug 1255401 SUSE bug 1256645 SUSE bug 1257231 SUSE bug 1257735 SUSE bug 1257749 SUSE bug 1257790 SUSE bug 1258340 SUSE bug 1258395 SUSE bug 1258849 CVE-2023-53794 at SUSE CVE-2023-53794 at NVD CVE-2023-53827 at SUSE CVE-2023-53827 at NVD CVE-2025-21738 at SUSE CVE-2025-21738 at NVD CVE-2025-38224 at SUSE CVE-2025-38224 at NVD CVE-2025-38375 at SUSE CVE-2025-38375 at NVD CVE-2025-68285 at SUSE CVE-2025-68285 at NVD CVE-2025-71066 at SUSE CVE-2025-71066 at NVD CVE-2026-23004 at SUSE CVE-2026-23004 at NVD CVE-2026-23060 at SUSE CVE-2026-23060 at NVD CVE-2026-23074 at SUSE CVE-2026-23074 at NVD CVE-2026-23089 at SUSE CVE-2026-23089 at NVD CVE-2026-23191 at SUSE CVE-2026-23191 at NVD CVE-2026-23204 at SUSE CVE-2026-23204 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). Low SUSE bug 1248600 CVE-2025-9403 at SUSE CVE-2025-9403 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for libssh fixes the following issues: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377). Moderate SUSE bug 1259377 CVE-2026-3731 at SUSE CVE-2026-3731 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for runc rebuilds it against the current go 1.25 security release. Important cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for docker rebuilds it against the current go 1.25 security release. Important cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255163). - CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (bsc#1255049). - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-38224: can: kvaser_pciefd: refine error prone echo_skb_max handling logic (bsc#1246166). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb The following non-security bugs were fixed: - Disable CONFIG_NET_SCH_ATM (jsc#PED-12836). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). Important SUSE bug 1238917 SUSE bug 1246166 SUSE bug 1247177 SUSE bug 1255049 SUSE bug 1255163 SUSE bug 1255401 SUSE bug 1256645 SUSE bug 1257231 SUSE bug 1257735 SUSE bug 1257749 SUSE bug 1257790 SUSE bug 1258340 SUSE bug 1258395 SUSE bug 1258849 CVE-2023-53794 at SUSE CVE-2023-53794 at NVD CVE-2023-53827 at SUSE CVE-2023-53827 at NVD CVE-2025-21738 at SUSE CVE-2025-21738 at NVD CVE-2025-38224 at SUSE CVE-2025-38224 at NVD CVE-2025-38375 at SUSE CVE-2025-38375 at NVD CVE-2025-68285 at SUSE CVE-2025-68285 at NVD CVE-2025-71066 at SUSE CVE-2025-71066 at NVD CVE-2026-23004 at SUSE CVE-2026-23004 at NVD CVE-2026-23060 at SUSE CVE-2026-23060 at NVD CVE-2026-23074 at SUSE CVE-2026-23074 at NVD CVE-2026-23089 at SUSE CVE-2026-23089 at NVD CVE-2026-23191 at SUSE CVE-2026-23191 at NVD CVE-2026-23204 at SUSE CVE-2026-23204 at NVD CVE-2026-23268 at SUSE CVE-2026-23268 at NVD CVE-2026-23269 at SUSE CVE-2026-23269 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for util-linux fixes the following issues: Security issue: - CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: - recognize fuse 'portal' as a virtual file system (bsc#1234736). - fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). Moderate SUSE bug 1222465 SUSE bug 1234736 SUSE bug 1258859 CVE-2026-3184 at SUSE CVE-2026-3184 at NVD cpe:/o:suse:suse-microos:5.2 SUSE Linux Enterprise Micro 5.2 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - 566517ffcb machined: reject invalid class types when registering machines - abbdd89d78 udev: fix review mixup - c9cedd26be udev-builtin-net-id: print cescaped bad attributes - c0f4ec3db9 udev: ensure tag parsing stays within bounds - 38afcb73cc udev: ensure there is space for trailing NUL before calling sprintf - a64247de62 udev: check for invalid chars in various fields received from the kernel - ecce32966e core/cgroup: avoid one unnecessary strjoina() - 6abd2b5bd2 core: validate input cgroup path more prudently - 2d7d93d6c1 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere Important SUSE bug 1259418 SUSE bug 1259650 SUSE bug 1259697 CVE-2026-29111 at SUSE CVE-2026-29111 at NVD CVE-2026-4105 at SUSE CVE-2026-4105 at NVD cpe:/o:suse:suse-microos:5.2